Information Security News mailing list archives
Re: Uncovering the secrets of SE Linux
From: InfoSec News <isn () C4I ORG>
Date: Tue, 13 Mar 2001 22:45:59 -0600
Forwarded by: Larry Loeb <larryloeb () prodigy net> I must apologize in advance to the list for the bandwidth waste. On 3/13/01 11:07 AM, "Russell Coker" <russell () coker com au> wrote:
Are you remotely serious?
I'm sorry, I should have subtitled things for the irony-impaired. Do they get David Letterman in Oz?
Opening a .tgz file does not run anything, run "man 1 tar" if you don't believe me.
Thank you for pointing me in the right direction. It is left as an exercise to the reader to figure out how I examined the source code without ever using "tar" as well as having system-level traps in place to alert me should any untoward activity occur while the distribution file was expanded.
The issue is what happens when the code is compiled and then run.
No, the issue was that there was not a virus-vectored program embedded in the file wrapper. As well as the writerly trick of playing off reader's pre-existing perceptions and making fun of them. Your debater's trick of switching the subject to something other than I was discussing is called the "false canard" gambit. Derived from the boating term, I believe. It evidences the paucity of your analysis.
Also consider that an intelligent person who is writing a back-door (do not try to claim that the NSA are stupid) will make sure that it doesn't immidiately do something bad, it will wait until you least expect it!
And of course, this implies that the software will by some magical process "know" when you least expect it so it can wait for that point. Those kooky back-door routines! I will spare you the spelling weenie flamage on "immediate". If anyone on the list is intrigued by this exchange enough to check out part 1 of my article on SE Linux, I would be happy to provide them the URL which has already been posted. Please mail me off-list. If anyone has any questions after seeing part 2 and thus the complete article, I would be happy to answer either to the list or by mail. Again, I apologize for wasting the list bandwidth on this; but I could not let it stand unopposed. Thank your for your patience. --Larry Loeb ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Uncovering the secrets of SE Linux InfoSec News (Mar 09)
- <Possible follow-ups>
- Re: Uncovering the secrets of SE Linux James Goldston (Mar 12)
- Re: Uncovering the secrets of SE Linux InfoSec News (Mar 12)
- Re: Uncovering the secrets of SE Linux InfoSec News (Mar 13)