Slashdot Mirror

← Back to Stories (view on slashdot.org)

Would You Use SELinux?

Posted by Cliff on from the NSA-wouldn't-dare-backdoor-a-penguin-,,,-would-they dept.

silent_tyr asks: "I am going to re-install my Linux box and being security conscious I am looking for a secure distribution. After a couple of Google searches I found a version called Secure Linux, which sounded ideal. So I followed this link, which turned out to be what I assume is a genuine NSA web-site. All in all, it looks like a good idea and I can play around with it as I wish, but eventually I will be using this machine as my base-system. So before I start I want to ask two questions: 1) Do you think that it is a good idea to trust the NSA not to put in back-door/spy-ware type code to enable them to snoop my personal information? 2) What other security-patched distro's can people recommend? I don't want to open up the floor for generic NSA-bashing, but I also don't want to have to work my way through every line of code before I install." There was a similar question that was asked a while ago, but there wasn't much to the discussion. For those of you who are running SELinux, what have your experiences been, so far?

6 of 65 comments (clear)

  1. What? by 4of12 · · Score: 3, Interesting

    Do you think that it is a good idea to trust the NSA not to put in back-door/spy-ware type code to enable them to snoop my personal information?

    Am I mistaken, or is SE Linux not a source distribution?

    GPL'd source guarantees that nothing lives in your kernel that you cannot examine as much as you like for backdoors.

    It's a powerful guarantee, one that cannot be made of many commercially produced operating systems, whether they are called "secure" or anything else.

    --
    "Provided by the management for your protection."
    1. Re:What? by Aix · · Score: 2, Interesting

      While I understand your point, this is unfortunately not entirely accurate. I suggest reading Ken Thompson's Turing Award Lecture for an explanation of exactly why having the source code is not necessarily enough. I don't think the scenario he describes is a likely one, but it's worth looking at and thinking about in any case.

      --
      Nonperiodic Central Trajectory
  2. NSA already has your keys by Hungus · · Score: 3, Interesting

    I personally have a great deal of respect for the folks at the NSA. I am also quite aware of their abilities, and let me say this if you are going to hand teh keys to your system to any one organization you might as well hand them over to the NSA becasuse they already have them.

    Seriously I work in the security field, and have worked closely with all kinds of govt. operatives from local, state national and even foreign groups in my various and sundry dealings. Nobody and I mean NOBODY has the smarts/ ability / computational facilities as the NSA. The only other group I hold in such extreme regard is Mosad

    --
    Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
    1. Re:NSA already has your keys by dmayle · · Score: 3, Interesting

      That's very nice to say, but there's a WORLD of difference between being incredibly competent and being incredibly trustworthy.

      I in no way intend to imply that the two are mutually exclusive, but there is no correlation between the two. And what's important in this case is the trustworthy aspect. I, like many Americans, don't have that much trust in the government. It's one of the great things about our country. (Skepticism, that is; it keeps us on our toes...)

  3. self-defeating... by belbo · · Score: 4, Interesting
    "I also don't want to have to work my way through every line of code before I install."

    Hum, so you ask us, who you don't know, which developers, who - in most cases - you nor we know either -, to trust? Maybe you are an NSA agent in search of backdoor-free distributions? Why should we trust you, sir?

    Seriously, short of a full code audit, you can never be sure. Security is a process, and not something you can install. I thought that was commonplace around here.

    --

    --
    "Just believe everything I tell you, and it will all be very, very simple."

  4. So, use OpenBSD already... by ivi · · Score: 5, Interesting


    Does it -have- to be Linux?!?

    SDF (the free shell-provider) switched -from-
    Linux... after a security breech...

    OpenBSD is claiming to have had:

    "Only one remote hole in the default install,
    in more than 7 years!"

    That's not too bad IMO.

    And... if you -really- itch for Linux...
    you can always put it on a box -this-
    side of an OpenBSD box (ie away from
    the Internet...)