[CentOS] SELinux threads, cynicism, one-upmanship, etc.
Chris Mauritz
chrism at imntv.com
Sat Nov 19 02:48:18 UTC 2005
Lamar Owen wrote:
>On Thursday 17 November 2005 18:12, Chris Mauritz wrote:
>
>
>>Lamar Owen wrote:
>>
>>
>>>After reading through the various SELinux threads, I really became quite
>>>perturbed. I mean, really quite perturbed.
>>>
>>>
>
>
>
>>If you get perturbed over something so trivial, perhaps it's time to
>>re-examine your priorities in life. 8-)
>>
>>
>
>Security is not trivial. Or do you want your server or workstation to become
>a zombie in the next cyberattack? What if that attack is against a
>government? What if said government is your own and they decide to try you
>because you didn't prevent the attack (could happen; saw headlines last week
>about open wireless being outlawed somewhere)? What if you are found guilty,
>or, in a civil action, found personally liable because you consciously turned
>off a security feature that was known to prevent said attack from occurring
>(like, for instance, and allow everything outgoing firewall, perhaps).
>
>Security is never trivial.
>
>
>
Look, I don't think I intimated that security is/was trivial. Someone
asked about a particular security tool. I commented that I didn't think
that tool was worth the effort for many people. Many of us have been
doing just fine with traditional hardening methods without installing
kernel patches that actively break applications, add quite a bit of
complexity, and is turned on by default...thus confusing people who
don't know what SELinux is. Your attitude is that if you don't actively
point every weapon in your arsenal at the world that you're somehow
inept is just plain foolish and that SELinux is some magic panacea for
securing a Linux box. It isn't.
I have been building and maintaining unix systems hanging off the net
since the late 80's. To date, I have yet to have a machine compromised
that I secured myself. So I'm somewhat confident in my ability to judge
the relative risks/rewards of not using SELinux in many cases. You
appear to feel differently. That's just dandy. You run your little
corner of academia the way you want and I'll run my little corner of
running dog capitalism the way I want. I have no idea why you feel the
need to be so belligerent about it. *shrug*
And for you potential employers out there googling the net for any
mention of my name....if you feel like Lamar, PLEASE just don't hire
me. I couldn't bear the thought of some poor astrophysicist losing a
day's worth of cosmic EMI/RFI due to my gross negligence. Find someone
more worthy. 8-)
Cheers,
More information about the CentOS
mailing list