Furthermore, why people believe adding complexity to a system "makes it more secure" baffles me, We enter into the realms of "security by obscurity", and Bill Gates' "bloat and crash ware" epitomises that.... Peter Farrow wrote: > I agree Les, > > Selinux just adds bloat that we've managed without for many many years. > > Another layer of complexity to allow another layer of > holes/backdoors/exploits. > > NOT NEEDED!!!! > > Regards > > Pete > > > Les Mikesell wrote: > >> On Mon, 2005-11-14 at 05:04, Tony wrote: >> >> >>> It always amazes me how quick people are to suggest that you just >>> switch selinux off, without balancing the suggestion with an >>> explanation of what they are losing by doing this. >>> >> >> >> What you get without it is the well-understood unix permission >> system that served everyone well for several decades. Exploits >> involving buggy code have happened, but If we've learned anything >> along the way it is that adding new and less-tested code to a >> working system doesn't necessarily make it more secure. >> >> >> >>> Would you switch a firewall off because it keeps filling your log >>> files up with packet info? An English expression involving babies and >>> bathwater springs to mind ;-) >>> >> >> >> I'd need some reason to think that the firewall code was >> less likely to be exploited than the rest of the system it >> is supposed to be protecting to consider it important. >> >> >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos