On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: > >> i read in slashdot that there is a question mark over SELinux because it > >> came > >> from the NSA [4] but this is nonsense, as it is a means of securing > >> processes > >> not network connections. i find it difficult to believe that a backdoor > >> in a > >> locked cupboard in your house can somehow give access through the front > >> door. > > This point you get wrong. SELinux implement the LSM API (in fact the LSM API > > was tailored to SELinux needs). It has hooks in nearly everything > > (file/directory access, process access and also sockets). One of the biggest > > concerns at the time of creation of the LSM API was rootkits hooking that > > functions. It's definitively a thread. I'm not saying that SELinux contains > > a backdoor (I for myself would have hidden it in the LSM part, not in > > SELinux > > because that would enable me to use it even if other LSMs are used). If you > > google for "underhanded C contest" you'll see that it's possible to hide > > malicious behaviour in plain sight. And if the kernel is compromised all > > other > > defenses mean nothing. (As I said, I don't want to spread fearbut that is > > something to consider imho). > Interesting, I didn't realise LSM provisioned hooks for SELinux - > thought it it was more modular (and less 'shoehorned') than that. > I need to go read about that some more now
You can start here: http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_The_Foundations_3rd_Edition.pdf for a general overview (page 64ff has a list of the hooks). Other than that http://www.kroah.com/linux/talks/ols_2002_lsm_paper/lsm.pdf and http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf may be of interest (though both are quite old). WKR Hinnerk
signature.asc
Description: Digital signature
