On Thu, 23 Jun 2005, Stephen Smalley wrote:
But remember that SELinux is:
- upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
- open source (kernel code and userland and policy),
- a truly community-based project (with significant contributions by
external developers and users) ever since its initial release by the NSA
I feel that its interesting that NSA, famous for spying on other nations,
is helping to make linux more secure. Isnt that counterproductive? :)
I remember the NSA keys in the early windows versions. Not possible to use
netscape with more than 40 bit encryption, so I had to run fortify on it to
unlock it to 128 bit.
What if some with evil reasons uses SELinux? Or have NSA realized that the
old tactic doesnt work and its better to secure so many systems as possible
instead. To help millions to have a more secure system is worth more than
to possible prevent a few bad guys to also have secure systems. Probably
leading that it will be more complicated or impossible for NSA to break in?
Im sure NSA would love to have backdoor to SELinux if someone with evil
reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
source it cant be something obviously because it will be found very
quickly. Must be something that its really, really well hidden.
I guess you have heard opinions like this before :)
It was the first things I thought about when I first heard about SELinux
several years ago.