Re: NSA software in Debian

To: "Marko Randjelovic" <markoran@eunet.rs>
Cc: debian-security@lists.debian.org
Subject: Re: NSA software in Debian
From: "Andreas Kuckartz" <a.kuckartz@ping.de>
Date: 20 Jan 2014 08:41:16 +0100
Message-id: <[🔎] 52DCD31C.7010905@ping.de>
In-reply-to: <[🔎] 20140120005556.612de372@eunet.rs>
References: <[🔎] 87000BDF-320B-403F-AC8C-E0BCC89DA622@yahoo.de> <[🔎] CAGMPS54aifNK9Ye-e-Xn8bajaNQGEDXPms213LJw4BpQLedr_Q@mail.gmail.com> <[🔎] 52DBB409.5080307@ping.de> <[🔎] 20140120005556.612de372@eunet.rs>

Marko Randjelovic:
> SELinux security benefits are vague because it makes possible to
> use it's hooks to add a backdoor which would be nearly impossible
> to detect:
> 
> https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm 
> https://grsecurity.net/lsm.php

SELinux, AppArmor, Smack and Tomoyo are using the Linux Security
Module (LSM) framework.

I am aware of the claims made by grsecurity regarding LSM, but I do
not agree with several of them.

> Consider alternatives like PaX/grsecurity and RSBAC.

Both seem to be compatible with SELinux.

Cheers,
Andreas

Reply to:

References:
- NSA software in Debian
  - From: Marco Saller <marcosaller@yahoo.de>
- Re: NSA software in Debian
  - From: Bjoern Meier <bjoern.meier@gmail.com>
- Re: NSA software in Debian
  - From: "Andreas Kuckartz" <a.kuckartz@ping.de>
- Re: NSA software in Debian
  - From: Marko Randjelovic <markoran@eunet.rs>

Prev by Date: Re: NSA software in Debian
Next by Date: Re: NSA software in Debian
Previous by thread: Re: NSA software in Debian
Next by thread: Re: NSA software in Debian
Index(es):
- Date
- Thread