On Sun, Apr 22, 2001 at 01:49:43PM -0700, Daniel Swan wrote: > >From: Catalin Ionescu <cataat_private> > > >Did anybody had a chance to test SELinux patches/extension to standard Linux > >2.4.2 ? > > > > Catalin, I havn't heard anything specifically bad about SeLinux, but considering the source of this package, an American Intelligence Agency, strong caution should be exercised before installing it on machines that store sensitive or proprietary information, at least until a rigorous code audit has been done of it. > > The NSA isn't interested in the security of others, so much as it is their *insecurity*. Using security tools written by them is like hiring babysitters from Nambla[1]. Please be realistic. Do you really think that if the NSA really wanted to introduce any kind of backdoor error in Linux, they would put their name of it ? (and go into all the troubles of maintaining such a big software package that has no chance to be included in the mainstream kernel for quite a long time instead of a two-lines hack in /usr/src/linux/net/ipv4/<whatever>.c ?) If you _really_ want to go into conspiracie theories, you'd better do a background check on every individual in /usr/src/linux/CREDITS (and maybe check the names of the contributors in bind and wu-ftpd, the two most popular backdoors even written ;) -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org
This archive was generated by hypermail 2b30 : Sun Apr 22 2001 - 16:26:51 PDT