How NSA access was built into Windows
Bruno Wolff III
bruno at wolff.to
Sat Jan 20 18:40:20 UTC 2007
On Sat, Jan 20, 2007 at 09:44:51 -0800,
Les <hlhowell at pacbell.net> wrote:
>
> So, please educate my friends and I. What does SELinux do? How does
> it do it? Why is it so tightly bound to the OS? And by the way, what
> do you want it to do for you?
It provides mandatory access to resources based on the context of processes.
Access to various contexts for processes is one of the resources that is
controlled.
Presently it's main use in Fedora is to limit access of services to resources
on the computer so that if the service is compromised it will have limited
ability to cause damage.
There are plenty of places that the NSA could try to sneak bugs into the
kernel. There is no particularly good reason to single out SELinux as
a place they would do that. The kind of things that SELinux done are not
such that the NSA could leave a back door. (The notable exception would be
to not properly protect some application they know is compromised, but the
rest of the world doesn't.)
More information about the fedora-list
mailing list