On Mon, 20 Jan 2014 09:22:04 -0800 Octavio Alvarez <alvar...@alvarezp.ods.org> wrote:
> On 01/20/2014 05:29 AM, Marco Saller wrote: > > I have read that the NSA proposed to include SELinux in linux 2.5. (Linux > > Kernel Summit 2001) > > Don't you think that may be one of their fancy tricks to gain access to > > computers running linux? Some news websites also mention vulnerabilities > > similar to this one. > > It would be a great idea to include malicious software to kernel modules. > > It is easy to come up with that idea, and it's easy to fear to it. It's > easy to write about it and to popularize it and cause mass-delusion. > It's difficult to prove, though. > > If you consider that SELinux code available and with so many auditing > humans and tools it's not as easy as it sounds. It can happen, but it's > not as easy as "they can, therefore they are". > > As others have said, the NSA doesn't need specific backdoors. There are > many vulnerabilities in all software already available which are already > being exploited. > > The more general problem is that not all programmers like or know > formality and that not all developers like strict code and algorithm > correctness. *That* is something to worry about. > > I wouldn't worry about SELinux specifically. As I already pointed out, there is something: http://lists.debian.org/20140120005556.612de...@eunet.rs -- Education is a process of making people see what is advanced and not obvious, but also not seeing what is basic and obvious. http://markorandjelovic.hopto.org -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140122151053.60f20...@eunet.rs
