Benjamin Franz wrote:
On Mon, 28 Jan 2008, John Summerfield wrote:
solarflow99 wrote:
I wonder if anyone has run apache like this? it seems interesting that
only
bind runs in a root jail..
I'm not sure that there's any point except for the most paranoid,
given well-configured enforcing selinux.
Security problems come in many guises. One of the most insidious is a
security system that causes more problems than the things it purports to
protect against.
When you understand why passwords made of thirty completely random
alpha/non-alpha characters are a really bad idea in general practice
despite having excellent theoretic justifications, you will also
understand why SELinux is _also_ a very bad idea in general practice,
despite having a good base in theory.
Or to put it another way: "The more they overthink the plumbing, the
easier it is to stop up the drain."
In that case, you may want to actually provide a solution/suggestion instead
of supposedly poking holes in other peoples suggestions. All you've done is
poured hot grease down a cold drain.
--
Fifth Law of Procrastination:
Procrastination avoids boredom; one never has the feeling that
there is nothing important to do.
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
