[CentOS] SELinux - way of the future or good idea but !!!

Tue Nov 30 14:35:45 UTC 2010
Ben McGinnes <ben at adversary.org>

On 30/11/10 10:54 PM, Leonard den Ottolander wrote:
> On Tue, 2010-11-30 at 02:12 -0800, John Doe wrote:
> 
>> Because it comes from the NSA!
>> The backdoor experts... ;P
> 
>> PS: joking of course, the NSA would never do anything bad...
> 
> This of course was a serious concern by any of the early adopters. It
> has been discussed in length on various mailing lists. But since the
> code is available it can and has been audited. Unless of course the
> Linux developers are collaborating with the NSA to take over your
> computer and they slipped us a mickey.

As you say, it was eventually determined that the NSA did not insert
anything dodgy in the code to give them access.  They only did two
things which caused a certain amount of questioning, to a greater or
lesser extent:

1) They only work with Red Hat officially because it is an American
company, though the current business model of Red Hat made the
partnership far more viable.

2) In spite of many requests, they refused point blank to incorporate
encryption in any of the enhancements.

The reason for the second one is pretty obvious, though, they know
that SELinux would be (and is) used by non-Americans and they don't
want to protect foreign secrets, they want to discover them.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101201/40997334/attachment-0005.sig>