How NSA access was built into Windows

Lyvim Xaphir knightmerc at yahoo.com
Tue Jan 16 05:49:43 UTC 2007


On Tue, 2007-01-16 at 15:54 +1030, Tim wrote:

> 
> I'd be inclined to try using something other than YUM, though.  Having
> read messages about yum removing one package resulting in the complete
> removal of Gnome or KDE, etc...
> 
> Of course, you don't have to use the provided kernels, likewise for
> other packages.  You could roll your own without any dependency on
> SELinux.  Though that rather obviates the purpose for using a distro.


The only line of attack I see right now is an inadequate one, which
basically involves taking out libselinux.  Attempting to do so evokes
the following:

[root at localhost ~]# rpm -ev libselinux
error: Failed dependencies:
libselinux.so.1 is needed by (installed) device-mapper-1.02.02-3.2.i386
libselinux.so.1 is needed by (installed) findutils-4.2.27-4.i386
libselinux.so.1 is needed by (installed) coreutils-5.93-7.2.i386
libselinux.so.1 is needed by (installed) rpm-libs-4.4.2-15.2.i386
libselinux.so.1 is needed by (installed) rpm-4.4.2-15.2.i386
libselinux.so.1 is needed by (installed) net-tools-1.60-62.1.i386
libselinux.so.1 is needed by (installed) lvm2-2.02.01-1.2.1.i386
libselinux.so.1 is needed by (installed) logrotate-3.7.3-2.2.1.i386
libselinux.so.1 is needed by (installed) libuser-0.54.5-1.i386
libselinux.so.1 is needed by (installed) SysVinit-2.86-2.2.2.i386
libselinux.so.1 is needed by (installed) passwd-0.71-3.2.i386
libselinux.so.1 is needed by (installed) usermode-1.85-2.2.i386
libselinux.so.1 is needed by (installed) at-3.1.8-81.1.i386
libselinux.so.1 is needed by (installed) nscd-2.4-4.i386
libselinux.so.1 is needed by (installed) dmraid-1.0.0.rc9-FC5_5.2.i386
libselinux.so.1 is needed by (installed) MAKEDEV-3.21-3.i386
libselinux.so.1 is needed by (installed) udev-084-13.i386
libselinux.so.1 is needed by (installed) vim-minimal-6.4.007-4.i386
libselinux.so.1 is needed by (installed) rpm-build-4.4.2-15.2.i386
libselinux.so.1 is needed by (installed) parted-1.6.25-8.i386
libselinux.so.1 is needed by (installed) nss_db-2.2-35.i386
libselinux.so.1 is needed by (installed) vixie-cron-4.1-54.FC5.i386
libselinux.so.1 is needed by (installed) prelink-0.3.6-3.i386
libselinux.so.1 is needed by (installed) shadow-utils-4.0.14-6.FC5.i386
libselinux.so.1 is needed by (installed) libsemanage-1.6.2-2.fc5.i386
libselinux.so.1 is needed by (installed) psmisc-22.1.03072006cvs-1.1.i386
libselinux.so.1 is needed by (installed) libselinux-python-1.30-1.fc5.i386
libselinux.so.1 is needed by (installed) policycoreutils-1.30.1-3.fc5.i386
libselinux.so.1 is needed by (installed) util-linux-2.13-0.20.1.i386
libselinux.so.1 is needed by (installed) libsetrans-0.1.20-1.fc5.i386
libselinux.so.1 is needed by (installed) httpd-2.2.0-5.1.2.i386
libselinux.so.1 is needed by (installed) dbus-0.61-3.fc5.1.i386
libselinux.so.1 is needed by (installed) pam-0.99.5.0-5.fc5.i386
libselinux.so.1 is needed by (installed) usermode-gtk-1.85-2.2.i386
libselinux.so.1 is needed by (installed) vim-X11-7.0.042-0.fc5.i386
libselinux.so.1 is needed by (installed) vim-enhanced-7.0.042-0.fc5.i386
libselinux.so.1 is needed by (installed) openssh-server-4.3p2-4.11.fc5.i386
libselinux >= 1.25.6-1 is needed by (installed) coreutils-5.93-7.2.i386
libselinux >= 1.21.10-1 is needed by (installed) SysVinit-2.86-2.2.2.i386
libselinux >= 1.17.10-1 is needed by (installed) nscd-2.4-4.i386
libselinux >= 0:1.17.9-2 is needed by (installed) udev-084-13.i386
libselinux >= 1.25.2-1 is needed by (installed) vixie-cron-4.1-54.FC5.i386
libselinux >= 1.25.2-1 is needed by (installed) shadow-utils-4.0.14-6.FC5.i386
libselinux = 1.30-1.fc5 is needed by (installed) libselinux-python-1.30-1.fc5.i386
libselinux >= 1.15.2 is needed by (installed) dbus-0.61-3.fc5.1.i386
libselinux >= 1.17.14-1 is needed by (installed) hal-0.5.7-3.fc5.1.i386
libselinux >= 1.27.7 is needed by (installed) pam-0.99.5.0-5.fc5.i386
libselinux >= 1.27.7 is needed by (installed) openssh-4.3p2-4.11.fc5.i386
libselinux >= 1.19.1 is needed by (installed) system-config-securitylevel-1.6.16-3.i386


Which I think could be successfully done with a force and nodeps, as
long as you have selinux=0 on the grub boot line; however even if you
did so this still wouldn't address the presence of the selinux modules
in the kernel.

Selinux=0 may completely evacuate all selinux code from the boot
process.  Then, on the other hand, it may not.


LX




More information about the fedora-list mailing list