[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Chris Mauritz chrism at imntv.com
Sat Nov 19 02:48:18 UTC 2005 

Lamar Owen wrote:

>On Thursday 17 November 2005 18:12, Chris Mauritz wrote:
>  
>
>>Lamar Owen wrote:
>>    
>>
>>>After reading through the various SELinux threads, I really became quite
>>>perturbed.  I mean, really quite perturbed.
>>>      
>>>
>
>  
>
>>If you get perturbed over something so trivial, perhaps it's time to
>>re-examine your priorities in life.  8-)
>>    
>>
>
>Security is not trivial.  Or do you want your server or workstation to become 
>a zombie in the next cyberattack?  What if that attack is against a 
>government?  What if said government is your own and they decide to try you 
>because you didn't prevent the attack (could happen; saw headlines last week 
>about open wireless being outlawed somewhere)?  What if you are found guilty, 
>or, in a civil action, found personally liable because you consciously turned 
>off a security feature that was known to prevent said attack from occurring 
>(like, for instance, and allow everything outgoing firewall, perhaps).
>
>Security is never trivial.
>
>  
>

Look, I don't think I intimated that security is/was trivial.  Someone 
asked about a particular security tool.  I commented that I didn't think 
that tool was worth the effort for many people.  Many of us have been 
doing just fine with traditional hardening methods without installing 
kernel patches that actively break applications, add quite a bit of 
complexity, and is turned on by default...thus confusing people who 
don't know what SELinux is.  Your attitude is that if you don't actively 
point every weapon in your arsenal at the world that you're somehow 
inept is just plain foolish and that SELinux is some magic panacea for 
securing a Linux box.  It isn't.

I have been building and maintaining unix systems hanging off the net 
since the late 80's.  To date, I have yet to have a machine compromised 
that I secured myself.  So I'm somewhat confident in my ability to judge 
the relative risks/rewards of not using SELinux in many cases.  You 
appear to feel differently.  That's just dandy.   You run your little 
corner of academia the way you want and I'll run my little corner of 
running dog capitalism the way I want.  I have no idea why you feel the 
need to be so belligerent about it.  *shrug*

And for you potential employers out there googling the net for any 
mention of my name....if you feel like Lamar, PLEASE just don't hire 
me.  I couldn't bear the thought of some poor astrophysicist losing a 
day's worth of cosmic EMI/RFI due to my gross negligence.  Find someone 
more worthy.  8-)

Cheers,

More information about the CentOS mailing list