Benjamin Franz wrote:
> On Mon, 28 Jan 2008, John Summerfield wrote:
>
>> solarflow99 wrote:
>>> I wonder if anyone has run apache like this? it seems interesting that
>>> only
>>> bind runs in a root jail..
>>
>> I'm not sure that there's any point except for the most paranoid,
>> given well-configured enforcing selinux.
>
> Security problems come in many guises. One of the most insidious is a
> security system that causes more problems than the things it purports to
> protect against.
>
> When you understand why passwords made of thirty completely random
> alpha/non-alpha characters are a really bad idea in general practice
> despite having excellent theoretic justifications, you will also
> understand why SELinux is _also_ a very bad idea in general practice,
> despite having a good base in theory.
>
> Or to put it another way: "The more they overthink the plumbing, the
> easier it is to stop up the drain."

If you don't like selinux, then what do you propose to fix it, or as an
alternative?




--

Cheers
John

-- spambait
1aaaaaaa@(protected)
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list