On Thu, Sep 12, 2013 at 3:23 PM, <[email protected]> wrote: > On Thu, 12 Sep 2013 08:57:55 +0800, Steve Wray said: > >> In some cases it could be quite difficult to disengage from NSA-influenced >> projects, eg selinux. So far as I can tell this is pretty much everywhere >> now. Redhat embraced it ages ago, its been integrated in the kernel since >> 2.6, so how do we opt out of selinux? > > Well, given that SELinux *did* come out of the NSA, but has had tons of code > review of the base code (which isn't really all that much) and the actual > policy files (which is where I'd hide a backdoor, they're a lot more obscure > than the actual kernel code), by lots of people who would have *loved* to be > the one who caught the NSA doing something underhanded, I think you're barking > up an entirely incorrect tree. They ignored my comments on fixed size arrays based on MAX_PATH and the subsequent overflows and silent truncations due to use of sprintf and snprintf....
Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
