Furthermore, why people believe adding complexity to a system "makes it more secure" baffles me,
We enter into the realms of "security by obscurity", and Bill Gates' "bloat and crash ware" epitomises that....
Peter Farrow wrote:
I agree Les,
Selinux just adds bloat that we've managed without for many many years.
Another layer of complexity to allow another layer of holes/backdoors/exploits.
NOT NEEDED!!!!
Regards
Pete
Les Mikesell wrote:
On Mon, 2005-11-14 at 05:04, Tony wrote:
It always amazes me how quick people are to suggest that you just switch selinux off, without balancing the suggestion with an explanation of what they are losing by doing this.
What you get without it is the well-understood unix permission system that served everyone well for several decades. Exploits involving buggy code have happened, but If we've learned anything along the way it is that adding new and less-tested code to a working system doesn't necessarily make it more secure.
Would you switch a firewall off because it keeps filling your log files up with packet info? An English expression involving babies and bathwater springs to mind ;-)
I'd need some reason to think that the firewall code was less likely to be exploited than the rest of the system it is supposed to be protecting to consider it important.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos