Am 06.09.2013 00:35, schrieb Javier Perez:
> I know it is a long shot and a lot of paranoid-think, after
all, if I have to depend on SELinux to defend my
system
> from external breaches, I am F*ck up already.
says who?
I say so, based on my current knowledge of how to defend your system from external
threats
but your knowledge is very little it seems
If your ONLY defense left is SELinux then one is quite naked to the
world with only one
last fig leaft to protect you :)
uneducated and wrong guess - SELinux is not your only defense - it is the last resort by
design
Althought I think you answered this line too fast, taking that line
out of context, given the explanation I gave in
the next paragraph.
no my daily job is security based on knowledge and not on uneducated guesses
> Attackers should first have to breach the firewall and then
obtain some sort of user access
*what* has a firewall to do with a potential buffer overlow in running code
resulting in execute inujected code on your system - that's what SElinux is
about
may i suggest to learn basics about the different layers of a operating system
before read random completly unrelated articles and speard FUD based on them
without understan dwhat they are talking about?
Again, I think I am not explaining properly my thoughts. In this paragraph I am talking
of the total security of
the system and the different layers an attacker would have to peel before pawining the
system, not of SELinux alone.
again: SElinux is the *last resort*
> then trick the system to scalate it to a root access before
SELinux comes into play
may i suggest to learn how SElinux works
it is supposed to prevent exactly this
And that is my point exactly. If as the article has said, NSA is spending millions to
compromise security systems,
how sure are we that there isn't something in the code that allows them to bypass the
protection that SELinux
promises to confer? Before the article, I'd agree with you, "FUDmongering".
After it, I wonder.
BTW, thanks for the correction, I was forgetting once an attacker gets root, you are
pawned. I was wondering at the
wrong level :)
anything not proven by facts is FUD
> But again, It is good to know that all links in the chain to
being pawned
> are good and strong before trusting them, and this article certainly throws
> some mud to whatever contribution NSA has made to any security system
without any specified backround it is uneducated FUD
no tmore and not less
As I said, before the article I would agree with you. But after reading it, I just wonder
if there is any Achilles
heel in the armor
if you only would understand how stupid your whole argumentation is
* SLinux is opensource
* it is part of the kernel
* it is reviewed by a lot of people outside the USA
* if you do not trust these people you must not trust the rest of the kernel
well, and in this case use Windows or OSX
but wait, both are closed source and US companies
so who do you trust more - USA closed source, ot reviewed
or opensource widely reviewed?
none of them? well than shut down your computer at all