[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



On Thu, 2008-01-17 at 15:53 +0100, Valent Turkovic wrote:

> Are you actually hoping to really protect from real threats? Not even 
> SElinux can protect from rootkits.

Um ... yes, it can.

Russel Coker for many years has run an SELinux enabled server on the
open Internet ... with an openly published root password.  In all those
years, with full root access, not one single crack attempt has
succeeded.

> A quick googleing showed that security experts see SELinux like a 
> backdor and as a problem just waiting to happed, and they suggest 
> UNINSTALLING SElinux!
> 
> "As a final note, I follow the logic of the grsecurity team, who claim 
> that LSM and SELinux are backdoors waiting to happen."

One could just as easily say (as if it were an actual argument):

        "As a final note, I follow the logic of the NSA and Red Hat
        security experts, who claim that grsecurity is a backdoor
        waiting to happen"

I'm not going to go taking shots at the grsecurity team, who have spent
many years attacking SELinux (which "competes" with their "solution".)
They clearly have a biased opinion

But when it comes to who knows how to implement IT security, I'll take
the US's National Security Agency over just about any group in the
history of the world.

In the "fantasy football" of NSA v. grsecurity team, I wonder who wins?

-- 
Karsten Wade, Developer Community Mgr.
Dev Fu : http://developer.redhatmagazine.com
Fedora : http://quaid.fedorapeople.org
gpg key : AD0E0C41

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]