Re: NSA software in Debian
Marko Randjelovic:
> On Wed, 22 Jan 2014 12:24:27 +1100
> Russell Coker <russell@coker.com.au> wrote:
>
>> The possibility of LSM hooks being used to hide a kernel rootkit is
>> widely cited. But most sysadmins aren't going to find a kernel
>> rootkit anyway so using a non-LSM security system for that reason is
>> trading off the real benefit of being able to save time and effort
>> in maintaining systems for the probably impossible theoretical
>> benefit of not using LSM.
>
> If I cannot prove there is a rootkit, then I cannot be sure there is a
> rootkit, but neither can I be sure the is *not* a rootkit. And merely
> because you cannot know you are secure, you *feel* insecure.
> Furthermore, your computer may be abused to attack other computers,
> even to make a botnet. And though you cannot know the attacker is
> doing against your interests, neither you can know the opposite and
> again, this generates feeling of insecurity.
I do not see which implications that has for LSM.
> And if you neglect this, you are unconsciously submitting to the
> aggressor.
I am not aware of anybody here doing that.
Cheers,
Andreas
Reply to: