[LINK] Security: from a different direction
Robert Hart
hartr at interweft.com.au
Fri Dec 17 10:07:24 EST 2004
On Thu, 2004-12-16 at 15:12, Stilgherrian wrote:
> Ah but can we be "sure"?
>
> How can we know, one way or the other?
As in all cases in this imperfect world, can't know for sure, ever.
However, I do know a bit about this, having been involved in it whilst
at Red Hat in 1999/2000.
First of all, remember that all SELinux actually provides in the kernel
is a framework for fine grained security and privilege management down
to the process level in Linux. The actual details of that management are
provided by a module that is 'plugged in' to the framework.
The NSA wrote the framework and also a plug in module to demonstrate
this (based on Red Hat Linux). The Kernel side of things had to go
though fairly substantial approval (as do all major kernel mods) before
it was accepted into the Linux kernel. Kernel hackers working for Red
Hat were directly involved in this.
So I am fairly confident that there has been sufficient scrutiny of the
kernel side of things to say that it is as free of trojans and back
doors itself as has proven to be the case for the rest of the kernel.
As far as the plug in modules go, you would need to investigate the one
you want to use. I feel reasonably confident that Red Hat has
scrutinised the one that forms part of Fedora Core 3. However, it is NOT
part of their Enterprise Linux offering (but is going to be) and so it
possibly has not yet had detailed attention.
It is however, clearly not free of bugs - as Howard has discovered!
--
Robert Hart hartr at interweft.com.au
+61 (0)438 385 533
Brisbane, Australia http://www.hart.wattle.id.au
More information about the Link
mailing list