[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows

On Thu, 2007-01-18 at 18:05 -0800, Peter Gordon wrote:
> On Thu, 2007-01-18 at 10:15 -0500, Lyvim Xaphir wrote:
> > The story is more complex than that of course, but the experience was
> > very instructional.  Todd Zullinger was correct in his suggestion that a
> > distro switch would be the most efficient way to get rid of selinux.
> > 
> Not at all. Anaconda explicitly gives you the option of installing
> SELinux in enforcing (blocks unauthorized access attempts), passive
> (makes an AVC log entry of, but does not block unauthorized attempts),
> or entirely not at all (reverting to the standard user/group/other
> discretionary access controls).

You don't understand what is being said, or you haven't read, or both.
When I say "get rid of selinux", I mean exactly that; the whole
enchilada.  Libs, kernel modules, the works.  Your approach does in no
way achieve that objective.

We already *know* how to "disable" or make selinux inactive.  That
should be starkly apparent from the copious messages in these threads;
not sure how you could have missed that.  Our point (confirmed
experimentally and also painfully) is that the selibs/kmods are going to
be there no matter what, requiring a recompile of userspace apps to be
independent of them.  This was subsequently confirmed by Dr Smalley of
the National Security Agency.


Off Topic or Political Discussions:

"Character is what you do when nobody's looking." - J.C. Watts

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]