Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Internet has vuln.
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 12 Sep 2013 18:23:53 -0400

On Thu, Sep 12, 2013 at 3:23 PM,  <Valdis.Kletnieks () vt edu> wrote:
On Thu, 12 Sep 2013 08:57:55 +0800, Steve Wray said:

In some cases it could be quite difficult to disengage from NSA-influenced
projects, eg selinux. So far as I can tell this is pretty much everywhere
now. Redhat embraced it ages ago, its been integrated in the kernel since
2.6, so how do we opt out of selinux?

Well, given that SELinux *did* come out of the NSA, but has had tons of code
review of the base code (which isn't really all that much) and the actual
policy files (which is where I'd hide a backdoor, they're a lot more obscure
than the actual kernel code), by lots of people who would have *loved* to be
the one who caught the NSA doing something underhanded, I think you're barking
up an entirely incorrect tree.
They ignored my comments on fixed size arrays based on MAX_PATH and
the subsequent overflows and silent truncations due to use of sprintf
and snprintf....


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]