On Mon, 28 Jan 2008, John Summerfield wrote:
solarflow99 wrote:
I wonder if anyone has run apache like this? it seems interesting that
only
bind runs in a root jail..
I'm not sure that there's any point except for the most paranoid, given
well-configured enforcing selinux.
Security problems come in many guises. One of the most insidious is a
security system that causes more problems than the things it purports to
protect against.
When you understand why passwords made of thirty completely random
alpha/non-alpha characters are a really bad idea in general practice
despite having excellent theoretic justifications, you will also
understand why SELinux is _also_ a very bad idea in general practice,
despite having a good base in theory.
Or to put it another way: "The more they overthink the plumbing, the
easier it is to stop up the drain."
--
Benjamin Franz
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
