On Thu, 29 Jun 2017 19:05:00 -0400
Tom Horsley <horsley1953(a)gmail.com> wrote:
On Thu, 29 Jun 2017 15:51:43 -0700
stan wrote:
> My first take is that this doesn't represent a very serious
> threat. Do you disagree?
It depends. Is the CIA module part of the NSA authored selinux
source code, so it is already in every system? :-).
Yes, that would certainly make a material difference! I suspect not,
the conspiracy would have to be too widespread to keep that concealed.
But it might be possible that there is something in that code that
facilitates the installation of the module, by creating a
non-obvious security hole for it to pass through. I say this is more
likely, but still unlikely, less than a 1% chance.