[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NSA software in Debian

On Mon, 20 Jan 2014 09:22:04 -0800
Octavio Alvarez <alvarezp@alvarezp.ods.org> wrote:

> On 01/20/2014 05:29 AM, Marco Saller wrote:
> > I have read that the NSA proposed to include SELinux in linux 2.5. (Linux Kernel Summit 2001)
> > Don't you think that may be one of their fancy tricks to gain access to computers running linux? Some news websites also mention vulnerabilities similar to this one.
> > It would be a great idea to include malicious software to kernel modules.
> It is easy to come up with that idea, and it's easy to fear to it. It's
> easy to write about it and to popularize it and cause mass-delusion.
> It's difficult to prove, though.
> If you consider that SELinux code available and with so many auditing
> humans and tools it's not as easy as it sounds. It can happen, but it's
> not as easy as "they can, therefore they are".
> As others have said, the NSA doesn't need specific backdoors. There are
> many vulnerabilities in all software already available which are already
> being exploited.
> The more general problem is that not all programmers like or know
> formality and that not all developers like strict code and algorithm
> correctness. *That* is something to worry about.
> I wouldn't worry about SELinux specifically.

As I already pointed out, there is something:
[🔎] 20140120005556.612de372@eunet.rs">http://lists.debian.org/[🔎] 20140120005556.612de372@eunet.rs

Education is a process of making people see what is advanced and not
obvious, but also not seeing what is basic and obvious.


Reply to: