[CentOS] SELinux - way of the future or good idea but !!!

Ben McGinnes ben at adversary.org
Tue Nov 30 09:35:45 EST 2010


On 30/11/10 10:54 PM, Leonard den Ottolander wrote:
> On Tue, 2010-11-30 at 02:12 -0800, John Doe wrote:
> 
>> Because it comes from the NSA!
>> The backdoor experts... ;P
> 
>> PS: joking of course, the NSA would never do anything bad...
> 
> This of course was a serious concern by any of the early adopters. It
> has been discussed in length on various mailing lists. But since the
> code is available it can and has been audited. Unless of course the
> Linux developers are collaborating with the NSA to take over your
> computer and they slipped us a mickey.

As you say, it was eventually determined that the NSA did not insert
anything dodgy in the code to give them access.  They only did two
things which caused a certain amount of questioning, to a greater or
lesser extent:

1) They only work with Red Hat officially because it is an American
company, though the current business model of Red Hat made the
partnership far more viable.

2) In spite of many requests, they refused point blank to incorporate
encryption in any of the enhancements.

The reason for the second one is pretty obvious, though, they know
that SELinux would be (and is) used by non-Americans and they don't
want to protect foreign secrets, they want to discover them.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos/attachments/20101201/40997334/attachment.bin 


More information about the CentOS mailing list