[CentOS] SELinux - way of the future or good idea but !!!
Les Mikesell
lesmikesell at gmail.com
Wed Dec 1 05:16:44 UTC 2010
On 11/30/10 9:28 PM, Marko Vojinovic wrote:
> On Tuesday 30 November 2010 20:54:37 m.roth at 5-cent.us wrote:
>> And about apache... most of those attacks are preventable through
>> defensive configuration and coding for httpd itself. Looking to selinux to
>> protect you is very sloppy.
>
> So a guy in a circus, performing acrobatics on a trapeze doesn't actually ever
> need a safety fishnet below, right? All he needs to do is make sure never to
> slip, or miss to catch the trapeze bar while performing. If he isn't sloppy,
> he will never fall. Simple. ;-)
Analogies rarely work well, but this one would be better if you assume the crew
doesn't have time to do a good job of setting up both the trapeze rigging and
the net. Would you rather have a trapeze you can trust or a trapeze and a net
both badly rigged and likely to break?
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list