davidsen at tmr.com
Mon Dec 1 18:28:34 UTC 2008
Ed Greshko wrote:
> Tom Horsley wrote:
>> OK, I can turn off selinux, and not get any of these errors, or
>> I can leave selinux on, get errors, look at the troubleshoot report,
>> and follow the instructions to enable the program that had problems
>> to go ahead and do whatever nasty things selinux detected. All without
>> doing the kind of massive code review required to prove that the nasty
>> things are actually harmless in this particular program's case.
>> So why isn't it much simpler and less trouble to just turn off
>> selinux in the first place? I get the same level of security in the
>> end, and much less hassle in the meantime :-).
> Of course that isn't quite true. What you would have done is made the
> decision to trust a single program. You haven't disable the various
> selinux protection schemes for other components. In other words, you've
> handed out a set of keys. You've not unlocked and opened all the doors
> and all the windows and turned off the alarm system.
I was going to make that point, but your analogy is elegant, and I think I'll
just save it for future quoting.
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users