How best get rid of SELinux?

[Mike McCarty]

Alan M. Evans wrote:
> On Fri, 2007-09-21 at 01:05 -0500, Mike McCarty wrote:
> 
> 
>>EVERY LINE OF CODE is an opportunity for a defect. The only way
>>to make systems robust, is to make them simple.
> 
> 
> The problem with this argument is not that it's false. It's actually
> true if your problem is stated with such a limited domain. But it seems
> to me somewhat short sighted. Are systems with a firewall actually less
> secure because those without have, in fact, fewer lines of code?

You are comparing apples and oranges. Everything has advantages
and disadvantages. My comment was made in the context of large
systems, like multiuser OS. The only way to make large systems
robust is to build them up from a decomposition into small simple
systems each of which is so simple that it is obviously correct,
and which has no back door connections to other pieces.

A little box which is a dedicated firewall, as I have, is a simple
system, not part of my main machine, and which is separable from
it. I have confidence that it has few defects. Should a serious one
surface, it is easy to remove the firewall and replace it with another
firewall. It is not entangled with my kernel. It does not invade
my apps.

I have no such confidence in a method which invades all applications it
touches, and invades the kernel.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!