Re: NSA software in Debian

To: debian-security@lists.debian.org
Subject: Re: NSA software in Debian
From: Marko Randjelovic <markoran@eunet.rs>
Date: Mon, 20 Jan 2014 00:55:56 +0100
Message-id: <[🔎] 20140120005556.612de372@eunet.rs>
In-reply-to: <[🔎] 52DBB409.5080307@ping.de>
References: <[🔎] 87000BDF-320B-403F-AC8C-E0BCC89DA622@yahoo.de> <[🔎] CAGMPS54aifNK9Ye-e-Xn8bajaNQGEDXPms213LJw4BpQLedr_Q@mail.gmail.com> <[🔎] 52DBB409.5080307@ping.de>

On 19 Jan 2014 12:16:25 +0100
"Andreas Kuckartz" <a.kuckartz@ping.de> wrote:

> Bjoern Meier:
> > http://en.wikipedia.org/wiki/Security-Enhanced_Linux
> 
> I proposed this Debian Release Goal:
> https://wiki.debian.org/ReleaseGoals/SELinux
> 
> Cheers,
> Andreas
> 
> 

SELinux security benefits are vague because it makes possible to use
it's hooks to add a backdoor which would be nearly impossible to detect:

https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm
https://grsecurity.net/lsm.php

Consider alternatives like PaX/grsecurity and RSBAC.

-- 
Education is a process of making people see what is advanced and not
obvious, but also not seeing what is basic and obvious.

http://markorandjelovic.hopto.org

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: NSA software in Debian
  - From: "Andreas Kuckartz" <a.kuckartz@ping.de>

References:
- NSA software in Debian
  - From: Marco Saller <marcosaller@yahoo.de>
- Re: NSA software in Debian
  - From: Bjoern Meier <bjoern.meier@gmail.com>
- Re: NSA software in Debian
  - From: "Andreas Kuckartz" <a.kuckartz@ping.de>

Prev by Date: Re: NSA software in Debian
Next by Date: Re: NSA software in Debian
Previous by thread: Re: NSA software in Debian
Next by thread: Re: NSA software in Debian
Index(es):
- Date
- Thread