[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How NSA access was built into Windows



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

R. G. Newbury wrote:
<BIG snip>

> So lets hear your answer to the question: is it possible that Selinux
> could have a backdoor in it. and how difficult is it to compile a system
> that has no selinux modules included.
> The answers does not require any analysis of the probabilities attached
> to the reasoning that the NSA would not bother to do this.

Hi Geoff,

I have never said that I was a SElinus expert. I only have said that before I
first installed FC-2 in 2004, which had SElinux, I did a little research on it
first. Did you do any research before your first install fedora Core? What
ever version that was.

Question one. Is it possible that Selinux could have a backdoor in it?

Answer part one. Possible. Yeah I guess so. But, as have I have said several
times, you should have ask this question on the fedora-selinux-list where you
will find the Selinux experts, where you could have gotten answers from
experts, and not on the fedora-users-list were you where more likely to find
people with a general knowledge of Fedora and Linux but not SElinux experts.
makes sense to me.

Likely? I would think that answer would be a no. Since this is a security
feature designed to help protect you and your system from 'attacks' by malware
and the code is OSS. The programmers/developers can read and examine the code
at anytime and I would think that anything in the code that was 'bad' they
would have already fixed or removed. Changes are made with patches and edits
to the rules that SElinux uses which also have to be examined and approved.

Question two. How difficult is it to compile a system that has no selinux
modules included? I would say very difficult. It would, as near as I can tell,
require having the knowledge to modify packages starting with the kernel and
going on for somewhere in the number of several hundred more packages. And
then you would have to rebuild them on a Linux system. I do know that if you
try to just remove SElinx from fedora using rpm, or if you wish, using yum,
you will remove about 800 packages. One of which is the kerneland you would no
longer have a working Linux system.

So. To repeat.

Possible? maybe. It looks that way. I guess that anything is possible with
enough effort. In this case a lot of effort.

Difficult? To say the very least yes. I would say so. Almost bordering or
impossible at this point in time.

Any more questions?
- --

  David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFsxedAO0wNI1X4QERAnGmAKCiCfjX/lIL+KAOBr5Pt0BlxrvXkwCfS/ou
FgT/3oCFmOrzKHbN9wuMMjM=
=mjr0
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]