[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows

On Fri, 2007-01-19 at 07:40 -0500, Stephen Smalley wrote:

> Aside from rebuilding from source with selinux options disabled in the
> compile-time configuration, you are correct - you cannot remove the
> actual selinux bits from Fedora at runtime, although you can disable
> their execution (boot with selinux=0).  Performing an audit of the code
> associated with disabling SELinux at boot time isn't difficult, and
> doesn't require understanding the rest of the SELinux code that is never
> reached in that case.
> The entire discussion of allowing one to rpm -e libselinux is a red
> herring; applications already perform an is_selinux_enabled() test
> before performing SELinux processing and skip it if disabled. Supporting
> removal of libselinux would just mean that those applications would
> first dlopen() libselinux (vs. direct calls to the libselinux functions,
> which create the current fixed link-time dependency) and fall back to
> the selinux-disabled code path if libselinux isn't present.  But in both
> cases, you are relying on the application code to follow the right
> branch and to truly skip all SELinux processing when selinux isn't
> enabled / libselinux isn't present.  It might make a difference in terms
> of code bloat (although libselinux isn't that big and you are trading
> off runtime performance for the dlopen), but it doesn't change the trust
> issues.  It also doesn't change the situation wrt to the selinux kernel
> code, which is built-in.  We played around with trying to support it as
> a loadable kernel module long ago, but it wasn't practical (tight
> coupling with the core kernel is inherent in the goal of mediating
> access to all kernel objects and requires very early initialization,
> prior to normal module init), and the mainline kernel developers
> actively discouraged us from pursuing it.
> -- 
> Stephen Smalley
> National Security Agency

What was the primary motivation behind NSA in the genesis of Selinux?  I
understand that more inductive reasoning type engineering can be
beneficial, and better security is obviously the outcome; but was it
because the NSA has security-related concerns to fill with Linux, (which
could only be served by getting involved with the community), or was it
because the military requires a higher plateau of security with it's
Linux systems, or some other similar things?


Off Topic or Political Discussions:

"Character is what you do when nobody's looking." - J.C. Watts

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]