[CentOS] SELinux - way of the future or good idea but !!!

m.roth at 5-cent.us m.roth at 5-cent.us
Tue Nov 30 14:09:24 EST 2010


Benjamin Franz wrote:
> On 11/30/2010 10:42 AM, Lamar Owen wrote:
>>
>> It boils down to balancing 'it breaks my app that I can't or won't fix'
>> against 'you've been pwned!'
>
> Actually, it boils down to 'what causes more total costs to the
> business'. Right now, in my experience, that is SELinux. Break ins to my
<snip>
> Security in not an end unto itself. It exists to support the business
> making money. If a cost saving measure is costing the business more than

Not just making money, says the guy who's works for a federal contractor.
It exists, in the IT world, to keep the systems working, and not
corrupted.

> it is saving it, it is *not* a good idea no matter how technically
> superior it is.

There's a story on today's slashdot, about how the terrorists have won -
for *very* little money, they've cause countries and governments, esp. the
US gov't, to spend hundreds of billions of dollars on prevention.
>
> This in a very real sense is similar to the 'how much resources should
> measures to prevent shoplifting be given' in a retail store. If the
> anti-shoplifting measures are costing *more* than the shoplifting you
> are preventing - you have lost sight of the actual reason for
> anti-shoplifting measures in the first place.

Yup. Seen lots of companies do just that, or try to squeeze out the last
dime... and spend dollars doing it.

         mark



More information about the CentOS mailing list