[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows



On Thu, 2007-01-18 at 13:50 -0500, Gene Heskett wrote:
> On Thursday 18 January 2007 12:57, Stephen Smalley wrote:
> >On Thu, 2007-01-18 at 12:44 -0500, Gene Heskett wrote:
> >> On Thursday 18 January 2007 10:13, Lyvim Xaphir wrote:
> >> >On Tue, 2007-01-16 at 01:55 -0500, Gene Heskett wrote:
> >> >> I believe you will have to build a generic kernel.org kernel,
> >> >> configured without that support, something I have underway right
> >> >> now, using 2.6.20-rc4.  I was amazed at the number of options I
> >> >> found turned on that a proper 'make oldconfig' should absolutely
> >> >> never have turned on.  My scripts take care of everything but
> >> >> grub.conf for a kernel install, so when its done all I should have
> >> >> to do is reboot since I'm already running 2.6.20-rc4.  Several
> >> >> things I found may even account for the apparent slowness of later
> >> >> kernels.  Things like 15 seconds to launch firefox on an xp-2800
> >> >> athlon with a gig of ram?
> >> >
> >> >When you get that kernel up and running, see if you can then do
> >> > without libselinux installed.
> >
> >Not a good idea without rebuilding your userland without selinux
> >support.  Even /sbin/init links against it (to load policy) and will die
> >without it.
> >
> >> I'm not sure as I haven't tried to pull that yet.  But without the
> >> stuff in the kernel, the logs are being filled by cron processes
> >> stuff, but the stuff, like amanda, seem to run normally.
> >>
> >> Lots of this sort of stuff:
> >>
> >>  **Unmatched Entries**
> >>     crond[1014]: pam_loginuid(crond:session): set_loginuid failed
> >> opening loginuid: 1 Time(s)
> >
> >That isn't selinux - that is audit-related.  Depends on
> >CONFIG_AUDITSYSCALL.
> 
> If you are referring to the kernel .config, that name doesn't exist in 
> mine, and 'CONFIG_AUDIT is not set' and wasn't.

Yes, kernel .config option.  AUDITSYSCALL  (system-call auditing
support) depends on AUDIT (basic audit infrastructure), so you
apparently have both disabled.

>   But I just found a few 
> more things turned on that are for hardware I don't have, or stuff I 
> don't use, so it's rebuilding again.  Somehow or druther, even the board 
> achitecture got changed, from PC to generic oddball, way down the list.  
> Maybe I'll find some speed out of this thing yet. :-)


-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]