Re: Basic SELinux Question

To: debian-user@lists.debian.org
Subject: Re: Basic SELinux Question
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Thu, 14 Jun 2007 19:32:47 -0400
Message-id: <[🔎] 20070614233247.GC6268@titan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 4671B183.9010506@elp.rr.com>
References: <[🔎] 4671B183.9010506@elp.rr.com>

On Thu, Jun 14, 2007 at 03:22:11PM -0600, Telly Williams wrote:
>    I was going to use an SE Linux mailing list for this, but, figured 
> I'd ask on this list first, figuring that I may have a better chance of 
> not getting a biased answer.
> 
>    I've heard all of this "talk" about how secure SE Linux is.  
> However, how secure can this thing be if it has been developed by the 
> NSA?  I mean, wouldn't THEY know how to get into your computer?  And, 
> it's the NSA!  If this question sounds elementary, it's because I'm 
> still learning how to secure my computer(s).  I'm not a nihilist, just a 
> little skeptical of how secure SEL is in reality (and the NSA).  Thanks. 

A reasonable question.  

Unless you write your whole OS yourself, you have to trust someone.

For open source you have two general categories: Linux and BSD.

With the BSD category: 
	FreeBSD: focus on i386, performance, features, security
	NetBSD: focus on many archetectures, security.
	OpenBSD: focus on security first, and they keep the system small
		so they can watch it all.  Some call it the most secure
		publicly-available OS in the world.  It's also based in
		Canada not the US.

Within the Linux category:
	Debian: (IMHO) the most stable and secure linux.
	Others: various foci.

	However, the linux kernel is, as you've seen in other posts,
	the biggest open-source project in the world with thousands of
	pairs of eys on it.  It is highly improbable that NSA slipped
	something in unnoticed (and highly unlikely that those who
	notice are complicit).

	Also as you've heard, even if NSA did slip something in, that's
	only a concern if the NSA (or more broadly, the US Government)
	is on your threat list.

If your threat list does include the US government, then you may want to
consider OpenBSD and carry on this discussion on the OBSD mailing list.
Note, however, that OBSD is a steeper learning curve than Debian.

If you wish to continue the thread here:

Remember, that if you're new to an OS (any OS) and you change any
configs, you are more likely to be the biggest security threat.

What are your security concerns?

Doug.

Reply to:

Follow-Ups:
- Re: Basic SELinux Question
  - From: William Pursell <bill.pursell@gmail.com>

References:
- Basic SELinux Question
  - From: Telly Williams <twilliams001@elp.rr.com>

Prev by Date: Re: Comparing files in two directories
Next by Date: Re: error while loading shared libraries
Previous by thread: Re: Basic SELinux Question
Next by thread: Re: Basic SELinux Question
Index(es):
- Date
- Thread