SELinux last straw

Lamar Owen lowen at pari.edu
Thu Oct 18 18:29:24 UTC 2007 

On Wednesday 17 October 2007, Karl Larsen wrote:
>     I am pleased your many computers were not effected by the selinux
> update. I have no idea what is special about my computer but it is and
> I, just an old EE am not capable of figuring out what it is so I can run
> selinux. A sure fix EVERY time is to turn off selinux, relabel selinux
> and forget selinux. I am wondering why I have to relabel the stupid thing.

Karl, as an EE you certainly ARE capable of figuring it out (getting an EE is 
a hard thing; I know, got one myself).  It will take some digging; but 
anything worth knowing is worth digging for, and the engineering background 
is perfect for this task.  If you have decided you just don't want (or if you 
don't have time) to figure it out, that's a different thing altogether.  But 
I have no doubts that you have the ability if you apply that ability.

Karl, you should really think hard about reinstalling your system from 
scratch.  You've had a root-level system compromise; this hour delay you're 
experiencing could be a result of this compromise; something could be 
triggered by specific updates, and it not be the updates themselves causing 
the problem.  Maybe someone is intentionally messing with you and has a 
backdoor set up that you can't detect and is laughing at the situation even 
now (and, who knows, might even be someone on this list).  If a backdoor is 
open it doesn't matter whether you've disabled ssh or not.  Might even be 
someone with a bone to pick about SELinux; I know I'm speculating here, but 
it IS possible.

Think of a root-level compromise as being the computer equivalent to radio 
equipment experiencing a lightning strike; even when you think you have it 
fixed, you will miss something, or components will fail later.  Equipment 
that isn't too expensive that has failed due to a lightning strike needs 
replacement; sometimes repair is not an option (I saw a $12,000 broadcast 
audio console junked due to lightning; the repair bill was going to be at 
least 3/4's the new retail price, and the manufacturer wasn't willing to 
warranty the repair; the console's backplane itself had vaporized PC traces).

A new F7 install with all updates will likely behave in a different way than 
what you are seeing.  I've tried to duplicate your problem with an F7 machine 
here; I wasn't able to do so.

But if you have decided to not determine the root cause of the issue, then 
just simply run with SELinux disabled.  Your machine was already compromised, 
and it could still have a backdoor installed; only a thorough audit or a 
reinstall will remove that possibility.  The level of difficultly of an audit 
that is thorough enough is very high; a reinstall is a much easier thing to 
do.
-- 
Lamar Owen, KF4MYT
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu

More information about the users mailing list