Skip to main content


 
The new CEO of #docker comes from an #nsa company (NSA vets and NSA projects), #hortonworks

RIP, Docker.
Rob Bearden to replace Steve Singh as Docker CEO

Apart from the fact, that Docker had no life to loose yet, SeLinux was made officially with collaboration of the NSA and its quite alive and not so bad at all.

SeLinux is a paradox. If the NSA is using it, it must be secure, yet it cannot be too secure...

SeLinux was made officially with collaboration of the NSA and its quite alive and not so bad at all.
Said the one who sells "closed free software" in the Third World Countries in violation of the GPL license and withholds information:
https://diasp.org/posts/12258107#49191627-40ed-48b5-903a-1cf22a03c663
It is not surprising that in this case, he promotes backdoors from Western intelligence agencies.

Only backdoors to your computers, @ivan zlax

BTW: may be you feel inclined to explain the sweet little monkey here, what "inhouse software" means @tomgrz ?

Well, I have more questions than explanations: If SeLinux is indeed used "in-house" in the NSA, and if there are any back-doors, the existence of those back doors would weaken their own in-house software security, either directly and/or indirectly. On the other hand, can the NSA really afford to release seriously secure systems software?

Ahh, there is some misunderstanding here. I do inhouse software for african projects that of course and as usual will not be disclosed to anyone but the users. The latter of course can do what they see fit with it and the full source codes we deliver.

And yes, I would find it astounding, if the NSA would not use Linux/SeLinux inhouse, we cannot know though, because: secrecy.

Regarding seriously secure: its open source with a free license and its but the lock, not the keys or better: not even thze lock but a blueprint for a lock. So: it would not be very wise, to install and run a binary delivered by the NSA but SeLinux binaries built from properly audited source codes is another story....

it would not be very wise, to install and run a binary delivered by the NSA but SeLinux binaries built from properly audited source codes is another story…

Yes, of course. But my question remains: can the NSA really afford to release seriously secure systems software (sourcecode)?

It is worth speculating that they have some of their own sources which are not released.

Well seriously secure... thats hard to define, I'd say. In the end SeLinux is not much more that a tool to restrict access under Linux somewhat more detailed than possible with user accounts and groupes alone.
I would dare to say, that, if a real attacker needs to deal with SeLinux, he or she is already into the perimeter...
Its a tool to fend off overambitious staff members, not intruders from the outside. Of course that may have some effect if a intruder has owned a simple user account.

@tomgrz
Yes, of course. But my question remains: can the NSA really afford to release seriously secure systems software (sourcecode)?
No. There are technically incompetent people working there. Because they are for the most part military. They even can not properly save their backdoors:
https://github.com/zlaxy/EQGRP

In the end SeLinux is not much more that a tool to restrict access under Linux

Yes, good point. A "seriously" secure system would need to be engineered from the start with security as a priority, hardened and tested to ridiculous extremes. Why don't they have that?

@tomgrz because government pay them salaries for developing backdoors and spying on users, but not for closing vulnerabilities and blocking spying. It's simple.

@tomgrz agreed... to improve security on the softwareside in Linux is a job for low level devs improving already existing libs and the kernel. Shiny new stuff cannot add much to that....