I find everyones thoughts interesting, the reason I had was if bind runs in a chroot, why nothing else.  I don't know that bind was any less secure than apache.

 

On 1/28/08, John Summerfield <debian@herakles.homelinux.org> wrote:

Benjamin Franz wrote:
> On Mon, 28 Jan 2008, John Summerfield wrote:
>
>> solarflow99 wrote:
>>>  I wonder if anyone has run apache like this?  it seems interesting that
>>>  only
>>>  bind runs in a root jail..
>>
>> I'm not sure that there's any point except for the most paranoid,
>> given well-configured enforcing selinux.
>
> Security problems come in many guises. One of the most insidious is a
> security system that causes more problems than the things it purports to
> protect against.
>
> When you understand why passwords made of thirty completely random
> alpha/non-alpha characters are a really bad idea in general practice
> despite having excellent theoretic justifications, you will also
> understand why SELinux is _also_ a very bad idea in general practice,
> despite having a good base in theory.
>
> Or to put it another way: "The more they overthink the plumbing, the
> easier it is to stop up the drain."

If you don't like selinux, then what do you propose to fix it, or as an
alternative?




--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu  Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list