[CentOS] selinux stuff - I just don't get

Les Mikesell lesmikesell at gmail.com
Mon Nov 14 13:56:05 UTC 2005

On Mon, 2005-11-14 at 05:04, Tony wrote:
> It always amazes me how quick people are to suggest that you just
> switch selinux off, without balancing the suggestion with an
> explanation of what they are losing by doing this.

What you get without it is the well-understood unix permission
system that served everyone well for several decades.  Exploits
involving buggy code have happened, but If we've learned anything
along the way it is that adding new and less-tested code to a
working system doesn't necessarily make it more secure.

>  Would you switch a firewall off because it keeps filling your log
> files up with packet info?  An English expression involving babies and
> bathwater springs to mind ;-)

I'd need some reason to think that the firewall code was
less likely to be exploited than the rest of the system it
is supposed to be protecting to consider it important.

  Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list