On 01/20/2014 05:29 AM, Marco Saller wrote: > I have read that the NSA proposed to include SELinux in linux 2.5. (Linux > Kernel Summit 2001) > Don't you think that may be one of their fancy tricks to gain access to > computers running linux? Some news websites also mention vulnerabilities > similar to this one. > It would be a great idea to include malicious software to kernel modules.
It is easy to come up with that idea, and it's easy to fear to it. It's easy to write about it and to popularize it and cause mass-delusion. It's difficult to prove, though. If you consider that SELinux code available and with so many auditing humans and tools it's not as easy as it sounds. It can happen, but it's not as easy as "they can, therefore they are". As others have said, the NSA doesn't need specific backdoors. There are many vulnerabilities in all software already available which are already being exploited. The more general problem is that not all programmers like or know formality and that not all developers like strict code and algorithm correctness. *That* is something to worry about. I wouldn't worry about SELinux specifically. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
