On 11/14/05, Les Mikesell lesmikesell@gmail.com wrote:
On Mon, 2005-11-14 at 08:29, Jim Perrin wrote:
Selinux just adds bloat that we've managed without for many many years.
We used to manage just fine with telnet for many many years also, and these days I wouldn't think of running accessing a machine via telnet. If you don't change with the times, you're going to get steamrolled by them.
But note that there have been times that having ssh enabled exposed your system to additional exploits.
I never said it didn't. However it protected people from far more than it allowed, which was my point. With ssh, it was more diffcult to gain access to the system simply by running grep against a packet dump for a username and password as was the case with telnet.
Another layer of complexity to allow another layer of
holes/backdoors/exploits.
Given the organization who gave us selinux and their dire need for security, I get the feeling it'll block many more problems that it allows, just as ssh did.
Except for the versions of ssh that allowed exploits...
See point above.
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center