Re: Internet has vuln.

[Steve Wray <stevedwray () gmail com>]

I'm wondering how much of the industry/community is going to be in denial.

In some cases it could be quite difficult to disengage from NSA-influenced
projects, eg selinux. So far as I can tell this is pretty much everywhere
now. Redhat embraced it ages ago, its been integrated in the kernel since
2.6, so how do we opt out of selinux?

Are instructions like "you just need to edit the kernel boot line, usually
in /boot/grub/grub.conf, if you're using the GRUB boot loader. On the
kernel line, add selinux=0 at the end." just laughable? The code is in the
kernel therefore the kernel is (potentially) compromised, right?

Are there any kernels available after 2.6 with no selinux? How easy or
difficult would it be to strip it out? Hardware devices that are running
Linux kernels, do they have the selinux code in them?

I'm pretty sure that a lot of people are going to throw their hands up in
despair at this kind of thing and say "but its open source, its been
verified and checked by people around the world, surely it can be trusted."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/