On Fri, 2007-01-19 at 22:26 -0800, David Boles wrote: Hi, David, I assume that I am included in this, so I have to reply. You don't know me, and you don't know my background. To say that I or any of the others don't know what SELinux does is fair, but then I am willing to bet that you don't either. I understand all the concepts that are espoused on the notes provided by the NSA website, and I like Dr. Smalley, but I also believe that the NSA has more dogs in this hunt than just system security, and that Dr. Smalley is not the only one there, nor is he the one with his hand on the tiller. The ship of state has many stops to make and there are many routes to those stops. From one of the articles posted, it can be seen that bad code can be placed into a program without being self evident. From my own experience I can tell you that programs can be written to manage very complex conversion issues between machines, languages and even hardware attached to the machine. The size of modern operating systems permits many things to go into the OS that are not part of the function of the OS, like easter eggs, secret keys, backdoors and trigger code to name just a few. You may trust our government, I do, but with some reservations, and I recommend that all governments be trusted to make their own lives easier. This is not a condemnation of anyone, but a simple observation of human nature. Computers exist to make many jobs easier. I do not believe that the folks tasked with the security of our nation should be required to fore go such enhancements to their work environment. However, the sanctity of my own life is of much greater value to me than to those tasked with more global concerns. And while I don't believe they target specific individuals with all sorts of penetration logic, I do believe that if they figured out a way to make it easier to penetrate the systems of folks they have identified, that it would be relatively simple to install that capability everywhere. The rub comes when you or I or anyone else becomes critical of government, or some issue, that we may then be "selected", and with the ability to penetrate our personal space, vulnerable in ways that we may not be able to prevent without action up front. Yes, the article was dated 1999. And it was available. I read prodigiously, but I was unaware of this particular article. There are many technical articles that I am not aware of. However, it is not due to lack of effort. I subscribe to several professional journals, I am on line (A LOT), and still I don't know all possible developments. Do you? So when I do become aware, then I begin to try to understand the implications and to hopefully raise awareness. Not "FUD", but fact based as much as I can, supported by my own research, and backed by my own prior experience and skills. I am not a resourceful idiot, and removing SELinux was an exercise that was attempted to discover just how it was invested into the system. So, please educate my friends and I. What does SELinux do? How does it do it? Why is it so tightly bound to the OS? And by the way, what do you want it to do for you? Regards, Les H
