-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 R. G. Newbury wrote: <BIG snip> > So lets hear your answer to the question: is it possible that Selinux > could have a backdoor in it. and how difficult is it to compile a system > that has no selinux modules included. > The answers does not require any analysis of the probabilities attached > to the reasoning that the NSA would not bother to do this. Hi Geoff, I have never said that I was a SElinus expert. I only have said that before I first installed FC-2 in 2004, which had SElinux, I did a little research on it first. Did you do any research before your first install fedora Core? What ever version that was. Question one. Is it possible that Selinux could have a backdoor in it? Answer part one. Possible. Yeah I guess so. But, as have I have said several times, you should have ask this question on the fedora-selinux-list where you will find the Selinux experts, where you could have gotten answers from experts, and not on the fedora-users-list were you where more likely to find people with a general knowledge of Fedora and Linux but not SElinux experts. makes sense to me. Likely? I would think that answer would be a no. Since this is a security feature designed to help protect you and your system from 'attacks' by malware and the code is OSS. The programmers/developers can read and examine the code at anytime and I would think that anything in the code that was 'bad' they would have already fixed or removed. Changes are made with patches and edits to the rules that SElinux uses which also have to be examined and approved. Question two. How difficult is it to compile a system that has no selinux modules included? I would say very difficult. It would, as near as I can tell, require having the knowledge to modify packages starting with the kernel and going on for somewhere in the number of several hundred more packages. And then you would have to rebuild them on a Linux system. I do know that if you try to just remove SElinx from fedora using rpm, or if you wish, using yum, you will remove about 800 packages. One of which is the kerneland you would no longer have a working Linux system. So. To repeat. Possible? maybe. It looks that way. I guess that anything is possible with enough effort. In this case a lot of effort. Difficult? To say the very least yes. I would say so. Almost bordering or impossible at this point in time. Any more questions? - -- David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFFsxedAO0wNI1X4QERAnGmAKCiCfjX/lIL+KAOBr5Pt0BlxrvXkwCfS/ou FgT/3oCFmOrzKHbN9wuMMjM= =mjr0 -----END PGP SIGNATURE-----
