I find everyones thoughts interesting, the reason I had was if bind runs in a chroot, why nothing else. I don't know that bind was any less secure than apache.
On 1/28/08, John Summerfield <[EMAIL PROTECTED]> wrote: > > Benjamin Franz wrote: > > On Mon, 28 Jan 2008, John Summerfield wrote: > > > >> solarflow99 wrote: > >>> I wonder if anyone has run apache like this? it seems interesting > that > >>> only > >>> bind runs in a root jail.. > >> > >> I'm not sure that there's any point except for the most paranoid, > >> given well-configured enforcing selinux. > > > > Security problems come in many guises. One of the most insidious is a > > security system that causes more problems than the things it purports to > > protect against. > > > > When you understand why passwords made of thirty completely random > > alpha/non-alpha characters are a really bad idea in general practice > > despite having excellent theoretic justifications, you will also > > understand why SELinux is _also_ a very bad idea in general practice, > > despite having a good base in theory. > > > > Or to put it another way: "The more they overthink the plumbing, the > > easier it is to stop up the drain." > > If you don't like selinux, then what do you propose to fix it, or as an > alternative? > > > > > -- > > Cheers > John > > -- spambait > [EMAIL PROTECTED] [EMAIL PROTECTED] > -- Advice > http://webfoot.com/advice/email.top.php > http://www.catb.org/~esr/faqs/smart-questions.html > http://support.microsoft.com/kb/555375 > > You cannot reply off-list:-) > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list >
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
