On 07/28/2009 11:47:57 PM, Alon Bar-Lev wrote:
> Well,
> I do not understand you guys.
>
> If you think SELinux is so great, why do you need chroot?
> It is like you put some money in safe, and then put the safe into
> another safe, it never ends... Why only two safe, let's put another
> safe...
> I know that this is the approach many of security advisors use, but I
> never could have found the logic.
> If you want to keep your money safe use a single safe and select the
> strongest one.
The idea is more like selecting the strongest safe, then putting
it behind a moat inside a ring of fire. That way the thief not
only has to be a good safe cracker, he must also be
a fire walker and a swimmer, with experience wrestling
alligators a decided advantage. Multiple layers of _different_
security raises the bar considerably.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
