[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Craig White craigwhite at azapple.com
Fri Nov 25 23:48:50 UTC 2005 

On Fri, 2005-11-25 at 23:09 +0000, Peter Farrow wrote:
> Some you seem to be drowning in the "complex=secure" scenario.
> 
> SELinux adds complexity, the biggest dangers in computer hacking come
> from within your own network.
> 
> 90% of hacking jobs are in house as the statistics show.
> 
> SELinux makes security complex and bloat like, the same thing that
> makes Windows insecure, this makes the admin job harder, which will
> lead to mistakes, which will make it hard to find holes, which will
> inevitably lead to a less secure system.... QED.
> 
> Perhaps all of you that _LOVE_ SElinux so much should branch off to a
> new flavour of Linux,
> 
> I propose that you name it BloatOS,
> 
> Just keep it well away from me.
> 
> My boxes have SELinux=disabled on all of them (thats a big number by
> the way).
> 
> I don't need it, those sysadmins who feel they need to use, sure go
> ahead and use it, but please don't take the morale high ground saying
> using it is definately better and more secure, because I find that
> kind of talk irritating because it is so wrong.
> 
> One thing is for sure, SELinux slows the box down, which perhaps you
> could start arguing that "aah yes the box is so much slower now, it
> wil take a hacker longer to get in - hey SElinux really is secure for
> that reason alone" -- ROTFLOL....
> 
> I think you should rename this thread BloatOS.
> 
> You could then write shell script called "unbloat" or "speedup"
> 
> I propose it contains
> 
> rpm -e  libselinux-1.19.1-7  selinux-policy-targeted-1.17.30-2.110
> libselinux-devel-1.19.1-7
> 
> Maybe that too has some marketing mileage, you could sell this script
> as a box performance enhancer, 
> 
> LOL
----
I'm not entirely sure why you decided to pick up this topic by replying
to a message that is a week old. Personally, I would have thought you to
be smart enough to let the thread die since you used it to insult one of
the CentOS developers. Apparently you decided to revive the thread just
to insult those of us that are actually trying to intelligently apply
the security features adopted by the upstream provider. Personally, I
find you offensive.

The fact that you think removing those files would speed up anything on
your computer is a complete demonstration of how little you understand
about selinux.

The fact that you cannot see how selinux would help protect you from
'inhouse hacks' is further evidence of how little you understand about
selinux.

Of course you can disable it. If you want a distribution without it
altogether, you would have to go elsewhere as the upstream provider
believes in it, includes it and that is that.

I was holding back on some interesting links about selinux not wishing
to bring the topic up on this list but since the topic was already
brought up...(of course, this is only going to be of interest to those
who actually are concerned with security of their boxes as opposed to
posturing for the benefit of their ego)

1.)   http://www.linuxsecurity.com/content/view/120567/49/

2.)   http://www.linuxsecurity.com/content/view/120622/49/

3.)   http://www.linuxsecurity.com/content/view/120700/49/

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the CentOS mailing list