[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Fri Dec 16 18:23:22 UTC 2005
Elizabeth Palomino <liz at groupee.com>

Priceless :) You just made it to my email quote of the week wall :)

*laugh*

On Nov 25, 2005, at 3:09 PM, Peter Farrow wrote:

> Some you seem to be drowning in the "complex=secure" scenario.
>
> SELinux adds complexity, the biggest dangers in computer hacking  
> come from within your own network.
>
> 90% of hacking jobs are in house as the statistics show.
>
> SELinux makes security complex and bloat like, the same thing that  
> makes Windows insecure, this makes the admin job harder, which will  
> lead to mistakes, which will make it hard to find holes, which will  
> inevitably lead to a less secure system.... QED.
>
> Perhaps all of you that _LOVE_ SElinux so much should branch off to  
> a new flavour of Linux,
>
> I propose that you name it BloatOS,
>
> Just keep it well away from me.
>
> My boxes have SELinux=disabled on all of them (thats a big number  
> by the way).
>
> I don't need it, those sysadmins who feel they need to use, sure go  
> ahead and use it, but please don't take the morale high ground  
> saying using it is definately better and more secure, because I  
> find that kind of talk irritating because it is so wrong.
>
> One thing is for sure, SELinux slows the box down, which perhaps  
> you could start arguing that "aah yes the box is so much slower  
> now, it wil take a hacker longer to get in - hey SElinux really is  
> secure for that reason alone" -- ROTFLOL....
>
> I think you should rename this thread BloatOS.
>
> You could then write shell script called "unbloat" or "speedup"
>
> I propose it contains
>
> rpm -e  libselinux-1.19.1-7  selinux-policy-targeted-1.17.30-2.110  
> libselinux-devel-1.19.1-7
>
> Maybe that too has some marketing mileage, you could sell this  
> script as a box performance enhancer,
>
> LOL
>
>
> Les Mikesell wrote:
>> On Fri, 2005-11-18 at 22:42, Lamar Owen wrote:
>>
>>
>>> Maybe I'm wrong, but I think any admin needs to experience having  
>>> their box
>>> cracked.  It will produce the humbleness necessary to the trade,  
>>> because
>>> overconfidence is dangerous.
>>>
>> Yes, but when the box gets cracked _because_ they are using the
>> latest new thing their distribution added under the guise of
>> increased security, as happened with ssh a while back, it
>> also produces the attitude that new stuff should soak a long,
>> long while in a distribution like fedora before going onto
>> production boxes.  You want to at least wait until the surprises
>> stop - and I take the flurry of reports of broken apps at
>> every update as an indication that they haven't stopped yet.
>>
>> Your analogy to a weapon was a good one.  When the experts
>> tuning the distribution still can't keep it from blowing
>> up in peoples's faces some of the time, normal people should
>> keep their distance.  When the fedora and Centos lists go
>> several months without a mysterious app failure caused by
>> SELinux it will be time to reconsider.
>>
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Elizabeth Palomino
liz at groupee.com
Sr. Performance Engineer
Groupee
(206)283-5999
Infopop is now Groupee... Same Company, New Name



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20051216/f45864bb/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20051216/f45864bb/attachment-0004.sig>