Rik van Riel
riel at imladris.surriel.com
Sun Aug 3 20:20:05 PDT 2003
On Sat, 2 Aug 2003, walt wrote:
> As previously stated, I know little about system security, but what
> I do know is this: it's too damn complicated!
Personally I don't think the OS should compromise on the
security infrastructure in order to make things easier
I guess the most reasonable solution would be to have the
popular daemons installed in a secure setup by default;
ie. named, apache, the MTA and other important daemons
would come pre-packaged to run in a restricted environment.
That way the security people can tweak everything until
it's right, without having to compromise on security, while
the system administrators get something safe.
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
More information about the Kernel