Slashdot Mirror

← Back to Stories (view on slashdot.org)

Would You Use SELinux?

Posted by Cliff on from the NSA-wouldn't-dare-backdoor-a-penguin-,,,-would-they dept.

silent_tyr asks: "I am going to re-install my Linux box and being security conscious I am looking for a secure distribution. After a couple of Google searches I found a version called Secure Linux, which sounded ideal. So I followed this link, which turned out to be what I assume is a genuine NSA web-site. All in all, it looks like a good idea and I can play around with it as I wish, but eventually I will be using this machine as my base-system. So before I start I want to ask two questions: 1) Do you think that it is a good idea to trust the NSA not to put in back-door/spy-ware type code to enable them to snoop my personal information? 2) What other security-patched distro's can people recommend? I don't want to open up the floor for generic NSA-bashing, but I also don't want to have to work my way through every line of code before I install." There was a similar question that was asked a while ago, but there wasn't much to the discussion. For those of you who are running SELinux, what have your experiences been, so far?

6 of 65 comments (clear)

  1. Re:What? by thefroatgt · · Score: 5, Informative
    From the main SELinux page:
    Security-enhanced Linux is being released under the same terms and conditions as the original sources. The release includes documentation and source code for both the system and some system utilities that were modified to make use of the new features. Participation with comments, constructive criticism, and/or improvements is welcome.
  2. Re:What? by tka · · Score: 5, Insightful

    GPL'd source guarantees that nothing lives in your kernel that you cannot examine as much as you like for backdoors. Yet this examination has to be done somebody else, by larger group of people who have great amount of knowledge and experience on these matters. It is simply not "possible" to this guy/girl to examine the kernel. Besides it is not not a easy task look for backdoors etc. Does anybody know that this kind of examination has been taken place by independent group?

  3. Alternative options by redhat421 · · Score: 5, Informative
    I have not really used SELinux that much, but I have used and would recommend the following two projects.

    grsecurity

    LIDS

    As far as the NSA planting a back door into SELinux, I really doubt it. A backdoor in open source code would be discovered eventually, and the NSA would have a very hard time denying it.

    It seems much more likely that they would put back doors into closed source products, which do not receive as much scrunity.

  4. So, use OpenBSD already... by ivi · · Score: 5, Interesting


    Does it -have- to be Linux?!?

    SDF (the free shell-provider) switched -from-
    Linux... after a security breech...

    OpenBSD is claiming to have had:

    "Only one remote hole in the default install,
    in more than 7 years!"

    That's not too bad IMO.

    And... if you -really- itch for Linux...
    you can always put it on a box -this-
    side of an OpenBSD box (ie away from
    the Internet...)

  5. It's a modification of a standard distro, so... by metamatic · · Score: 5, Insightful
    "I also don't want to have to work my way through every line of code before I install..."


    % man diff

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  6. SELinux Backdoor Found by berb · · Score: 5, Funny

    After exaustive code riview of the LSM patches I have discovered a backdoor in the PAM module re-write lin...

    excuse me, there's some at the door. brb.....

    thers no suh thig as backdoor in seLinux, he was joking.

    --
    In teh event of an actual emergency this space might provide useful information.