[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Penalty of SELinux?

On Mon, 24 Sep 2007 21:24:10 +0100, John Stumbles <john.stumbles@ntlworld.com> said: 

> Manoj Srivastava wrote:
>> On Sun, 23 Sep 2007 17:13:59 -0700, consultores agropecuarios
>> <consultores1@gmail.com> said:
>> 
>>> The real problem with SELinux is that it come from a really well
>>> known untrusted organization around the globe;
>> 
>> This is one place I differ.  I know and like Stephen Smalley, and I
>> do not look at all the products of the NSA as being, umm,
>> untrustworthy.  And it is not as if it is closed source; gazillions
>> of security conscious eyes have looked at the offering.

> "To what extent should one trust a statement that a program is free of
> Trojan horses? Perhaps it is more important to trust the people who
> wrote the software."

        Don't.  Do a full audit yourself.  I have been doing that (well,
 not quite so much the LSM hooks anymore, but there are other eyes on
 that) before I accepted SELinux myself.

        It is not as if the source code is hidden.  If you do not trust
 yourself to be able to find any trojans hidden there, find someone you
 can trust to do it for you.

        manoj
-- 
Breadth-first search is the bulldozer of science. Randy Goebel
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: