On 9/21/07, Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx> wrote: > Tim wrote: > > On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote: > > > >>It's too bad that Red Hat has jumped on the SELinux bandwagon > >>so wholeheartedly. That is, it is for those of us who don't like > >>it, but want to use Red Hat products or projects. > > > > > > One of the (almost) unsung benefits of it is to do with created > > software. > > > > If the programmers use a system with SELinux, they're forced into > > writing their software better. And we end up with software which > > They are forced into writing it SELinux aware. That is not > part of my definition of "better". You could give google a try to see how much others agree. As in, others who've found and fixed bugs in their apps due to SELinux. > > On the other hand, without any SELinux, trying to make your system > > secure, when you're using programs that the software authors had > > free-range to do any old crap in the first place, is much more > > difficult. > > I don't like to load and run crap. Do you? > That's one reason I don't have SELinux enabled on the machines > I administer. Not all of them are FC2, BTW. Because calling a piece of software crap because you don't like it is the mark of good administration. > Note that SELinux does not attempt to make a machine more > secure, except in a very general sense. It attempts to mitigate > damage on a machine WHICH IS ALREADY COMPROMISED. > > It does little AFAICT to prevent compromise. Further proving that you are not properly informed about it. Please, do a little research into the matter. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )