On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote: > It's too bad that Red Hat has jumped on the SELinux bandwagon > so wholeheartedly. That is, it is for those of us who don't like > it, but want to use Red Hat products or projects. One of the (almost) unsung benefits of it is to do with created software. If the programmers use a system with SELinux, they're forced into writing their software better. And we end up with software which doesn't require dangerous executable things in places they shouldn't be, doesn't try to access files it shouldn't, etc. They can, of course, just write it any old way, and it won't work on our systems. Or try to get us to use sloppy security to allow it, but probably won't succeed in getting that approach accepted. On the other hand, without any SELinux, trying to make your system secure, when you're using programs that the software authors had free-range to do any old crap in the first place, is much more difficult. -- [tim@bigblack ~]$ uname -ipr 2.6.22.4-65.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
