Turning off SELINUX

Marko Vojinovic vvmarko at gmail.com
Fri Sep 6 16:18:28 UTC 2013 

On Fri, 6 Sep 2013 17:58:03 +0200
Heinz Diehl <htd at fritha.org> wrote:
> On 06.09.2013, Javier Perez wrote: 
> 
> > My beef is given the NSA origin of this software, It could very
> > well have a backdoor to turn itself off under the appropriate
> > circumstances like an NSA-sponsored breach an allow unrestricted
> > access to my system..
> 
> Every person contributing to free open source software could do
> that. You're talking about the NSA: they could easily pay
> somebody to do that for them. Everybody with a lot of money could do
> the same. If that's your concern, you can never ever be
> shure, unless you have reviewed all of the sourcecode running on your
> machine by yourself, and recompiled the software using this source
> afterwards.

That's not enough, because the compiler may be rigged to reintroduce
backdoors straight into binaries. You need to check the compiler source
code, and then bootstrap it from a simpler compiler that you have wrote
yourself in machine code (and I mean machine code, not the assembly
language).

However, this also isn't good enough, since the bios, CPU (firmware and
hardware in general) might have an undocumented set of instructions
that can remotely trigger total control over the machine. It's quite
simple, actually --- NSA pays some money to rig Intel, AMD, ARM and PPC
architectures in this way, and they can access anything remotely.

So in order to go around that, you need to build a computer yourself
from scratch, in particular the CPU. After bootstraping Linux on that
hardware (LFS distro comes to mind...), you're safe against the NSA.

As for the tinfoil hat, it needs two layers --- the inside layer needs
to be orientend shiny-side in, which would prevent the NSA from spying
on your brain waves. But the outside layer needs to be oriented
shiny-side out, to prevent the NSA from feeding your brain with
undesired signals. The two layers need to be well insulated against
each other --- it's obvious that a short-circuit between them will
leave you completely vulnerable...

HTH, :-)
Marko

More information about the users mailing list