Benjamin Franz wrote:
On Mon, 28 Jan 2008, John Summerfield wrote:
solarflow99 wrote:
I wonder if anyone has run apache like this? it seems interesting that
only
bind runs in a root jail..
I'm not sure that there's any point except for the most paranoid,
given well-configured enforcing selinux.
Security problems come in many guises. One of the most insidious is a
security system that causes more problems than the things it purports to
protect against.
When you understand why passwords made of thirty completely random
alpha/non-alpha characters are a really bad idea in general practice
despite having excellent theoretic justifications, you will also
understand why SELinux is _also_ a very bad idea in general practice,
despite having a good base in theory.
Or to put it another way: "The more they overthink the plumbing, the
easier it is to stop up the drain."
If you don't like selinux, then what do you propose to fix it, or as an
alternative?
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
