Benjamin Franz wrote:
> On Mon, 28 Jan 2008, John Summerfield wrote:
>
>> solarflow99 wrote:
>>> I wonder if anyone has run apache like this? it seems interesting that
>>> only
>>> bind runs in a root jail..
>>
>> I'm not sure that there's any point except for the most paranoid,
>> given well-configured enforcing selinux.
>
> Security problems come in many guises. One of the most insidious is a
> security system that causes more problems than the things it purports to
> protect against.
>
> When you understand why passwords made of thirty completely random
> alpha/non-alpha characters are a really bad idea in general practice
> despite having excellent theoretic justifications, you will also
> understand why SELinux is _also_ a very bad idea in general practice,
> despite having a good base in theory.
>
> Or to put it another way: "The more they overthink the plumbing, the
> easier it is to stop up the drain."

In that case, you may want to actually provide a solution/suggestion instead
of supposedly poking holes in other peoples suggestions. All you've done is
poured hot grease down a cold drain.


--
Fifth Law of Procrastination:
 Procrastination avoids boredom; one never has the feeling that
 there is nothing important to do.

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list