How best get rid of SELinux?
Mike McCarty
Mike.McCarty at sbcglobal.net
Fri Sep 21 14:59:57 UTC 2007
Tim wrote:
> On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:
>
>>It's too bad that Red Hat has jumped on the SELinux bandwagon
>>so wholeheartedly. That is, it is for those of us who don't like
>>it, but want to use Red Hat products or projects.
>
>
> One of the (almost) unsung benefits of it is to do with created
> software.
>
> If the programmers use a system with SELinux, they're forced into
> writing their software better. And we end up with software which
They are forced into writing it SELinux aware. That is not
part of my definition of "better".
[snip]
> On the other hand, without any SELinux, trying to make your system
> secure, when you're using programs that the software authors had
> free-range to do any old crap in the first place, is much more
> difficult.
I don't like to load and run crap. Do you?
That's one reason I don't have SELinux enabled on the machines
I administer. Not all of them are FC2, BTW.
Note that SELinux does not attempt to make a machine more
secure, except in a very general sense. It attempts to mitigate
damage on a machine WHICH IS ALREADY COMPROMISED.
It does little AFAICT to prevent compromise.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the users
mailing list