From: Karl O. P. <ko...@me...> - 2009-07-29 16:17:32
|
On 07/28/2009 11:47:57 PM, Alon Bar-Lev wrote: > Well, > I do not understand you guys. > > If you think SELinux is so great, why do you need chroot? > It is like you put some money in safe, and then put the safe into > another safe, it never ends... Why only two safe, let's put another > safe... > I know that this is the approach many of security advisors use, but I > never could have found the logic. > If you want to keep your money safe use a single safe and select the > strongest one. The idea is more like selecting the strongest safe, then putting it behind a moat inside a ring of fire. That way the thief not only has to be a good safe cracker, he must also be a fire walker and a swimmer, with experience wrestling alligators a decided advantage. Multiple layers of _different_ security raises the bar considerably. Karl <ko...@me...> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein |