On Tue January 16 2007 1:40 am, Tim wrote: > I was being more of a devil's advocate than anything else... But going > along with what you mention, is more in keeping with what I had in mind. > > SELinux is about restricting access, not providing more of it. If you > remove it, you're granting access to more of your system. The real > question is whether SELinux has a loophole that grants access without > you knowing about it (lunatic wild conspiracy theory). Unless SELinux > provides yet another way into your system, removing it doesn't bring > about any tangible security benefits. > > It goes back to one of the original discussions, what *EXACTLY* does it > do (more than we know about?). If it *only* adds restrictions, there's > nothing for anybody to worry about. Except, perhaps, for some program > authors that think that they should be able to read any file on the > system without restrictions (e.g. your /etc/passwd files, and so on, > being served out through Apache). While, you make cogent points, I think that triggering the discussion has been useful, nevertheless. However, to simply dismiss the speculation about back doors as "lunatic wild conspiracy theory" is off-base. For example, the U.S. government has been fighting tooth and nail against certain encryption protocols because they would be too difficult for them to crack. There's much that could be said about that, I realize, but the idea that they can propose to make certain kinds of secrecy a criminal enterprise is breathtaking... I realize that is not the same as a secret back door into everyone's computer, but it reveals a mentality that is not to be taken lightly... -- Claude Jones Brunswick, MD, USA
