9 Sep
2013
9 Sep
'13
11:11 p.m.
Robin Humble <rjh+luv@cita.utoronto.ca> wrote:
...it didn't really, but... is anyone still a selinux fanboi after the recent NSA revelations?
if so then (Russell, I'm looking at you :-) why are you still confident selinux is a good thing and not just something designed to be so complex or so subtly buggy that the NSA can hide backdoors in it?
The code has been worked on extensively by people who are not associated with the NSA, so at this point I'm not concerned that it harbours intended vulnerabilities. Also remember that SELinux adds to the security of a system: the Linux discretionary access controls are checked first. Only if the operation is allowed is SELinux invoked to apply the security policy.