Is google sabotaging browsers?
in [General Linux]
|
From: notbob on 7 Mar 2010 00:31 On 2010-03-07, Grant Edwards <invalid(a)invalid.invalid> wrote: > put a lot of work into perfecting it. The NSA's kernel patches > intentionally _add_ paranoia to your kernel. A lot of it. That's the > whole point: That's a pretty provocative statement, Grant. Not being any kinda *nix guru, I'm confused. Lord knows there's a lot of reasons to not trust the govt, but what do you mean? Are you saying selinux is a govt plot to co-opt the masses, that they are distributing a purposely flawed version of linux? nb
From: notbob on 7 Mar 2010 00:32 On 2010-03-07, Grant Edwards <invalid(a)invalid.invalid> wrote: > put a lot of work into perfecting it. The NSA's kernel patches > intentionally _add_ paranoia to your kernel. A lot of it. That's the > whole point: That's a pretty provocative statement, Grant. Not being any kinda *nix guru, I'm confused. Lord knows there's a lot of reasons to not trust the govt, but what do you mean? Are you saying selinux is a govt plot to co-opt the masses, that they are distributing a purposely flawed version of linux? nb
From: Grant Edwards on 7 Mar 2010 00:44 On 2010-03-07, notbob <notbob(a)nothome.com> wrote: > On 2010-03-07, Grant Edwards <invalid(a)invalid.invalid> wrote: > >> put a lot of work into perfecting it. The NSA's kernel patches >> intentionally _add_ paranoia to your kernel. A lot of it. That's >> the whole point: > > That's a pretty provocative statement, Grant. No it's not. Did you read the SE Linux documentation to which I provided a link? > Not being any kinda *nix guru, I'm confused. Lord knows there's a > lot of reasons to not trust the govt, but what do you mean? The NSA developed SE Linux. The purpose of the SE Linux patches is to make the kernel more paranoid -- to make it far less trusting. Traditionally, Unix had a very "trusting" security model. SE Linux doesn't. It allows very fine-grained restrictions on who can do what. Tradionally, anybody who needed to do admon stuff was allowed root privleges that allowed them to do absolutely anything. With SE Linux Linux you can set up much more "paranoid" settings so that the person in charge of the printer queues can't do anything except mess with the printer queues. > Are you saying selinux is a govt plot to co-opt the masses, that they > are distributing a purposely flawed version of linux? I've absolutely no idea where you're getting that from. -- Grant
From: Keith Keller on 7 Mar 2010 00:42 On 2010-03-07, notbob <notbob(a)nothome.com> wrote: > On 2010-03-07, Grant Edwards <invalid(a)invalid.invalid> wrote: > >> put a lot of work into perfecting it. The NSA's kernel patches >> intentionally _add_ paranoia to your kernel. A lot of it. That's the >> whole point: > > That's a pretty provocative statement, Grant. Not being any kinda > *nix guru, I'm confused. Lord knows there's a lot of reasons to not > trust the govt, but what do you mean? Are you saying selinux is a govt > plot to co-opt the masses, that they are distributing a purposely > flawed version of linux? Not remotely (at least I believe so). He's saying that their version of Linux is (or can be) so paranoid it'd alert you every time someone connected to another node on the network. Read the link he posted! http://www.nsa.gov/research/selinux/index.shtml "Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security." AFAIK (having never used it) SELinux is still completely open source, so it'd be fairly difficult for NSA to slip in methods of coopting the machine for its own nefarious purposes. It uses Silverlight for that. ;-) --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: notbob on 7 Mar 2010 02:02
On 2010-03-07, Grant Edwards <invalid(a)invalid.invalid> wrote: > On 2010-03-07, notbob <notbob(a)nothome.com> wrote: >> That's a pretty provocative statement, Grant. > > No it's not. Did you read the SE Linux documentation to which I > provided a link? Not all, but I get the gist. >> Not being any kinda *nix guru, I'm confused. Lord knows there's a >> lot of reasons to not trust the govt, but what do you mean? > The purpose of the SE Linux patches is to make the kernel more > paranoid -- to make it far less trusting. You make it sound like this is a bad thing. One of the primary reasons I made the decision to commit to linux is paranoia and security. > Traditionally, Unix had a very "trusting" security model. C'mon.... your talking 40 yrs ago. Time does not stand still. > .....It allows very fine-grained restrictions on who can do what. I was under the impression that was the whole point of *nix'es. > Tradionally, anybody who needed to do admon stuff was allowed root > privleges that allowed them to do absolutely anything. With SE Linux > Linux you can set up much more "paranoid" settings so that the person > in charge of the printer queues can't do anything except mess with the > printer queues. I don't know the particulars, but uber control is what I want, no matter how amateurish I may be at it. Do I misunderstand what you mean by "paranoid"? Again, how is this a bad thing? Does selinux restrict even admin control. nb -still confused > >> Are you saying selinux is a govt plot to co-opt the masses, that they >> are distributing a purposely flawed version of linux? > > I've absolutely no idea where you're getting that from. > |