How NSA access was built into Windows
Lyvim Xaphir
knightmerc at yahoo.com
Fri Jan 19 04:01:49 UTC 2007
On Thu, 2007-01-18 at 18:05 -0800, Peter Gordon wrote:
> On Thu, 2007-01-18 at 10:15 -0500, Lyvim Xaphir wrote:
> > The story is more complex than that of course, but the experience was
> > very instructional. Todd Zullinger was correct in his suggestion that a
> > distro switch would be the most efficient way to get rid of selinux.
> >
>
> Not at all. Anaconda explicitly gives you the option of installing
> SELinux in enforcing (blocks unauthorized access attempts), passive
> (makes an AVC log entry of, but does not block unauthorized attempts),
> or entirely not at all (reverting to the standard user/group/other
> discretionary access controls).
You don't understand what is being said, or you haven't read, or both.
When I say "get rid of selinux", I mean exactly that; the whole
enchilada. Libs, kernel modules, the works. Your approach does in no
way achieve that objective.
We already *know* how to "disable" or make selinux inactive. That
should be starkly apparent from the copious messages in these threads;
not sure how you could have missed that. Our point (confirmed
experimentally and also painfully) is that the selibs/kmods are going to
be there no matter what, requiring a recompile of userspace apps to be
independent of them. This was subsequently confirmed by Dr Smalley of
the National Security Agency.
LX
--
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Off Topic or Political Discussions:
http://mandrakeot.mdw1982.com/
http://www.mdw1982.com/mailman/listinfo/mandrakeot
"Character is what you do when nobody's looking." - J.C. Watts
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
More information about the fedora-list
mailing list