How best get rid of SELinux?

[Mike McCarty]

Arthur Pemberton wrote:
> On 9/21/07, Mike McCarty <Mike.McCarty at sbcglobal.net> wrote:
> 

> I respect your opinion, and hope you respect those of people like
> myself who disagree with you, and think SELinux is a good thing

I don't think I'm required to respect opinions. I hope to treat
people with respect, until they have proven they don't deserve
it.

>>(5) more opportunity for defects and exploits
> 
> 
> An undeniable consequence, but also a valid arguement against
> firewalls, package management software, etc.

I'm glad you admit this. Some here seem not to. It's a matter
of perceived risk versus perceived benefit. In graduate school
I took a course in decision theory. Simply build your probability
model, asses costs, and assign a utility function. I have an external
hardware firewall which has not once permitted an external
attack to flow through. I do keep regular backups. If I ever suffer
a successful attack, my machine will be restored to the most
recent backup before the compromise. Then, on a selective basis,
files from the post compromise state will be reintroduced.

My machine is connected to a LAN, which has exactly one other
machine on it: the firewall machine. On the WAN side, the
firewall has exactly one machine connected to it: my ADSL modem.

After a machine has been compromised, IMO it must be restored
to a pre-compromise state. Trying to mitigate damage on a
compromised machine is wrong-headed.

>>>But when that smiling hacker from somewhere finally finally decides that
>>>there are enough Linux users that think like Windows users he will write
>>>that program that will wipe out your milling program.
>>
>>The only way to make systems robust is to make them simpler, not
>>more complex.
> 
> 
> I don't think that is the only way, complexity may decrease
> robustness, but they are not mutually exclusive

Every line of code is a place for a defect to hide.

Please read C.A.R.Hoare's "The Emporer's New Clothes" some time.

>>>Honest Gene. SELinux has never caused me a problem that a simple 'look 'n
>>>fix it' could not solve. It is work in progress and when you use older
>>>releases it can cause problems.
>>
>>Bully for you.
>>
>>Mike
> 
> 
> Interesting response. What is the purpose of posting to the list if
> not to share opinions?

This list has several purposes. Some which come immediately to mind:

(1) sharing opinions about future directions of Linux, and RH in 
particular; hopefully being able to influence future paths
(2) requesting and receiving assistance from others when faced
with challenges in machine behavior or ignorance of standard
techniques
(3) sharing news and current events of interest to Linux users

"Bully for you" was intended exactly as written, and not as
sarcasm.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!