SELinux removed from desktop cd spin?
Karsten 'quaid' Wade
kwade at redhat.com
Fri Jan 18 00:46:42 UTC 2008
On Thu, 2008-01-17 at 15:53 +0100, Valent Turkovic wrote:
> Are you actually hoping to really protect from real threats? Not even
> SElinux can protect from rootkits.
Um ... yes, it can.
Russel Coker for many years has run an SELinux enabled server on the
open Internet ... with an openly published root password. In all those
years, with full root access, not one single crack attempt has
succeeded.
> A quick googleing showed that security experts see SELinux like a
> backdor and as a problem just waiting to happed, and they suggest
> UNINSTALLING SElinux!
>
> "As a final note, I follow the logic of the grsecurity team, who claim
> that LSM and SELinux are backdoors waiting to happen."
One could just as easily say (as if it were an actual argument):
"As a final note, I follow the logic of the NSA and Red Hat
security experts, who claim that grsecurity is a backdoor
waiting to happen"
I'm not going to go taking shots at the grsecurity team, who have spent
many years attacking SELinux (which "competes" with their "solution".)
They clearly have a biased opinion
But when it comes to who knows how to implement IT security, I'll take
the US's National Security Agency over just about any group in the
history of the world.
In the "fantasy football" of NSA v. grsecurity team, I wonder who wins?
--
Karsten Wade, Developer Community Mgr.
Dev Fu : http://developer.redhatmagazine.com
Fedora : http://quaid.fedorapeople.org
gpg key : AD0E0C41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080117/e29dc408/attachment.sig>
More information about the fedora-devel-list
mailing list