Author Topic: WTF? Ubuntu caving in to NSA's SELInux?!  (Read 22870 times)

wvoutlaw2002

  • Guest
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #80 on: September 04, 2008, 01:41:49 pm »
So basically, SE Linux has no known backdoors yet. How about Debian, does that have SELinux libraries installed by default?

I believe any Linux distro which uses version 2.6.x of the Linux kernel has the SELinux libraries pre-installed and basically kardwired to the kernel. So if your version of Debian uses the 2.6.x kernel, then the short answer is "yes".

wvoutlaw2002

  • Guest
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #81 on: June 22, 2010, 12:43:35 pm »
http://www.loresinger.com/FWIS/viewtopic.php?p=40713&sid=d65e747a2ee9e8215e02a68cd8896fc5

I guess the Linux sheeple don't like any criticism of SELinux.

Offline EvadingGrid

  • Toxophillite
  • Global Moderator
  • Member
  • *****
  • Posts: 12,381
  • Rat Catcher
    • Mystery Babylon - MP3 Archive
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #82 on: June 22, 2010, 12:59:02 pm »
I get the impression that people just see NSA and have not got a clue the nature of the code.

We few, we happy few, we band of brothers; For he today that sheds his blood with me, Shall be my brother;

Global Gulag

Offline CaptBebops

  • Member
  • *****
  • Posts: 650
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #83 on: June 22, 2010, 03:37:49 pm »
There should be distros with SELinux removed.  There was a great deal of interest in that the NSA even said it could be removed.  I've never thought it was there for spying on the public but to give them a backdoor so they could use something other than Windows for government machines.  And they WOULD justifiably want a backdoor for that.  After all they would be saving taxpayer dollars (much to Microsoft's chagrin) that way.

Offline Overcast

  • Member
  • *****
  • Posts: 4,130
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #84 on: June 22, 2010, 04:38:14 pm »
http://www.loresinger.com/FWIS/viewtopic.php?p=40713&sid=d65e747a2ee9e8215e02a68cd8896fc5

I guess the Linux sheeple don't like any criticism of SELinux.

Oh.. depends on where you look.

http://forums.fedoraforum.org/showthread.php?t=102919

There were a lot of hits for 'remove SELinux'.

This thread has some good info also: http://ubuntuforums.org/showthread.php?t=1063667

Plus - I'm a packrat, I have versions of OS's - way the hell back. Sealed copies of DOS 5.0 and Windows 3.11, Solaris 7 x86, bunch of versions of RedHat, Ubuntu, Suse, and Debian. I just don't throw CD's away, lol.

I've never been 100% of the opinion that newer software is better..
And dying in your beds, many years from now, would you be willin' to trade ALL the days, from this day to that, for one chance, just one chance, to come back here and tell our enemies that they may take our lives, but they'll never take... OUR FREEDOM!

wvoutlaw2002

  • Guest
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #85 on: June 22, 2010, 06:27:26 pm »

I've never been 100% of the opinion that newer software is better..

Me neither. After all, I still use Mythbuntu 8.04 on my HTPC. I tried Mythbuntu 10.04 and it doesn't like my Hauppauge PVR-250 TV tuner card. (I read there's something wrong with IVTV in 10.04. It isn't a new Ubuntu release without stupid bugs.) And I tried the latest Mythdora and didn't have much luck there either. I'm thinking about putting the latest XFCE version of Sidux on my netbook. Sidux is based on Debian's "unstable" branch but it is more closely related to Debian than Ubuntu is.

Offline FreeBooteR

  • Member
  • *
  • Posts: 22
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #86 on: June 23, 2010, 01:33:21 am »
If your really paranoid about SELinux it is open source code that you could look at yourself or have a 3rd party evaluate for you. There are distros that do not have SELinux in the kernal by default such as Archlinux.

Offline zdux0012

  • Member
  • *****
  • Posts: 876
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #87 on: June 23, 2010, 04:15:40 am »
I have a question though now. Isn't SELinux now an open source project despite being developed for use with the NSA?

The last major bug with SELinux required a specific set of compiler flags in order to have a very specific bug to be exploitable. 

In other words a Open Source project is only as good as it's community.
Get off of Windows / Mac!! You are not safe.
Get an OS you can trust. Linux, Free BSD. Ask for help!

Offline BruntFCA2

  • Member
  • ****
  • Posts: 346
Let's get the fox to guard the chicken coup!
« Reply #88 on: June 23, 2010, 05:46:30 am »
Thanks for posting and the info.

I've read 2 pages so far, and it's just people who already know the problem talking among each other. From what I've read in the links however, I'm amazed, so some open source dudes compiled into the kernal...a security package developed by the NSA! I mean lol? Let's get the fox to guard the chicken coup!

Why did the community need to use something developed by the NSA? Surely there most be a ton of other security models out there? It would be good if someone could write  a summary about this - the links from white I've read do seem like propaganda.

Offline EvadingGrid

  • Toxophillite
  • Global Moderator
  • Member
  • *****
  • Posts: 12,381
  • Rat Catcher
    • Mystery Babylon - MP3 Archive
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #89 on: June 23, 2010, 07:37:37 am »
The SELinux is not secret closed code.
So please don't post about "backdoors" with out proof.

The lack of logic makes us all look stupid and paranoid.


We few, we happy few, we band of brothers; For he today that sheds his blood with me, Shall be my brother;

Global Gulag

Offline BruntFCA2

  • Member
  • ****
  • Posts: 346
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #90 on: June 23, 2010, 05:41:19 pm »
The SELinux is not secret closed code.
So please don't post about "backdoors" with out proof.

The lack of logic makes us all look stupid and paranoid.




That's true, but what would be needed would be an expert in code and the encryption algorithms to read all the code, approve it, and then sign it with something like an MD5 hash.

Given the complexity and size of so much software these days, it would not suprise me to find errant bits of code making its way hither and yon. Different versions, different MD5 hashes needed etc. All thats needed is a wedge, once its there and the community "assumes" xyz is "safe" because it was signed by abc 2 years ago etc etc.

The only really way to be safe these days is to just unplug your computer, and encrypt all the stuff with an algorithm you typed in from some academic paper years ago....as if most people could be bothered.

Offline Overcast

  • Member
  • *****
  • Posts: 4,130
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #91 on: June 28, 2010, 04:25:01 pm »
The SELinux is not secret closed code.
So please don't post about "backdoors" with out proof.

The lack of logic makes us all look stupid and paranoid.




It's not stupid and paranoid to be cynical of things - some will say it's paranoid. But if one takes human history as a 'guideline' in which to measure things - you would in fact be stupid to not be wary of big government and corporations.

But yes, without proof - it's a baseless conclusion that one could jump to.

From what I gathered, it appears Ubuntu uses 'apparmor' and not 'SELinux' - but I haven't dug that far.

One thing though - to take into consideration about *any* backdoor, is that it should be well known to any IT professional that in many cases, *other* machines can and do monitor the activity of various hosts.

On other words - if Microsoft was to put in a back door that communicates with other machines, a Linux server (whatever flavor) could potentially be monitoring all network traffic and detect it.

That's what got RealNetworks into a whole heap of trouble years ago and likely has a lot to do with them never becoming the real 'video standard' in computing. Old news, but I doubt many remember it or never about it.

http://news.cnet.com/2100-1001-232766.html

Steve Gibson was the one, I believe - who exposed them: http://www.grc.com/downloaders.htm

And dying in your beds, many years from now, would you be willin' to trade ALL the days, from this day to that, for one chance, just one chance, to come back here and tell our enemies that they may take our lives, but they'll never take... OUR FREEDOM!

Offline xopatriot

  • Member
  • *****
  • Posts: 692
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #92 on: June 28, 2010, 04:46:32 pm »
As far as I can see 10.04 LTS does not come with SELinux by default. If you want it you have to download it and install it. SELinux is simply available in the repository.
Even though I walk through the valley of the shadow of death, I will fear no evil, for you are with me; your rod and your staff, they comfort me.

You prepare a table before me in the presence of my enemies. You anoint my head with oil;  my cup overflows.

Offline zdux0012

  • Member
  • *****
  • Posts: 876
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #93 on: June 29, 2010, 06:26:30 am »
The SELinux is not secret closed code.
So please don't post about "backdoors" with out proof.

The lack of logic makes us all look stupid and paranoid.


I refer you to this article:

Quote
The Register
Dan Goodin
17th July 2009 22:32 GMT

---
'NULL pointer' bug plagues even super max versions.

A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews.

...

Linux developers "tried to protect against it and what this exploit shows is that even with all the protections turned to super max, it's still possible for an attacker to figure out ways around this system," said Bas Alberts, senior security researcher at Immunity. "The interesting angle here is the actual thing that made it exploitable, the whole class of vulnerabilities, which is a very serious thing."

And

Quote
http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/

The "NULL pointer dereference" bug has been confirmed in versions 2.6.30 and 2.6.30.1 of ... Also, bypass of mmap_min_addr via SELinux vulnerability! ... (on a 64bit system -m64 may be necessary to compile a 64bit .so
Get off of Windows / Mac!! You are not safe.
Get an OS you can trust. Linux, Free BSD. Ask for help!

Offline Femacamper

  • Member
  • *****
  • Posts: 9,960
  • LIVE FREE OR DIE!
    • PLANET INFOWARS
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #94 on: July 01, 2010, 11:34:27 pm »
You take a "bug" like this and with some binary/trinary/x-nary code you get yourself a nice little linux rootkit. Gotta love Chinese hackers.

Offline Valerius

  • Member
  • *****
  • Posts: 4,696
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #95 on: July 02, 2010, 02:13:47 am »
TRSDOS or AmigaDOS... the only way to go!  :)
"No man can put a chain about the ankle of his fellow man without at last finding the other end fastened about his own neck."  -Frederick Douglass

wvoutlaw2002

  • Guest
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #96 on: September 18, 2010, 09:56:36 pm »
I just used the following website as a guide to compile the Ubuntu Maverick kernel on my Ubuntu Lucid system, and it allows you to remove SELinux when you get to the debian/rules editconfigs part. ;D

http://blog.avirtualhome.com/2010/07/14/how-to-compile-a-ubuntu-2-6-35-kernel-for-lucid/

Offline Femacamper

  • Member
  • *****
  • Posts: 9,960
  • LIVE FREE OR DIE!
    • PLANET INFOWARS
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #97 on: September 18, 2010, 10:25:56 pm »
I just used the following website as a guide to compile the Ubuntu Maverick kernel on my Ubuntu Lucid system, and it allows you to remove SELinux when you get to the debian/rules editconfigs part. ;D

http://blog.avirtualhome.com/2010/07/14/how-to-compile-a-ubuntu-2-6-35-kernel-for-lucid/

Win!

Offline CaptBebops

  • Member
  • *****
  • Posts: 650
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #98 on: September 19, 2010, 02:57:20 pm »
I was a developer Amiga software.  The kernel was rewritten 7 times.  It was a great (if not buggy) system.   Windows is so poorly done that they really should throw out the kernel, use Linux or Unix and the Windows GUI on top.  David Cutler wrote a good OS for NT but it got compromised when marketing insisted it should be backward compatible.  Again I think the only reason SELinux is in distros is because the government wanted to use Linux instead of Windows because of multiple sources (not to mention cost).  The NSA early on provided instructions on how to remove it.

Offline BruntFCA2

  • Member
  • ****
  • Posts: 346
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #99 on: November 14, 2010, 03:40:22 pm »
I know NT was written on a Micro-Kernal architecture so that it could run on multi vendor CPU. It was at one time I think backward compatible with OS2, even POSIX.

The way this was achieved however was to write C wrapper libraries around NT-Native Micro-Kernal instructions. In fact as far as NT and by extension Windows 7 is concerned Win32 (Win64) is just another wrapper library, in the same way the OS2 libraries (also in C) were just another API to the core NT Micro-Kernel. I can't see therefore how, just adding a set of wrapper libraries in any way compromises the NT-Kernel?

The whole piont of David Cutlers approach was to make a modern OS that would not be screwed up by either changes in CPU (a new micro-kernel for that CPU), or making it run OS2 (just another set of wrappers).

Windows 95 and its successors however were just a steaming pile of garbage. It had no microkernel and was basically nothing more than a set of Win32 libraries compiled directly for the i*86 processors.

WINE for linux as far as I know still interfaces Win32 (which itself then iterfaces the microkernel), this makes it much easier to program for, but slower. The early POSIX support (now dropped) in fact intefaced directly with the micro-kernel.

Offline GH0STMASTER

  • Member
  • ****
  • Posts: 306
    • Get Your Geek On!
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #100 on: November 18, 2010, 09:43:13 am »
Either of two things will happen...

1.  Ubuntu users do nothing, and it's much ado about nothing.  (they don't care)

2. Ubuntu looses users, and they run to other flavors not sporting the back door.


I would like to say that number two will happen.  But deep down in my heart I don't think so.  Look at all of the ones griping about Winbloze, and they still use it, and yes it has a back door.  (plenty of them back doors) 
Get Your Geek On! http://getyourgeekon.info

wvoutlaw2002

  • Guest
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #101 on: November 18, 2010, 10:27:23 am »
Compared to all the geolocation crap now being included in Ubuntu (dropping Pidgin for Empathy...which includes geolocation, dropping GNOME in favor of their in-house Unity desktop interface for Ubuntu Desktop Edition all because the GNOME guys rejected the inclusion of Zeitgeist which logs the usersís activities and events, and Firefox now having geolocation), and Canonical/Ubuntu shilling like mad for cloud computing. SELinux is relatively tame and harmless.

http://forum.prisonplanet.com/index.php?topic=127506.0

http://forum.prisonplanet.com/index.php?topic=191577.0

Offline Overcast

  • Member
  • *****
  • Posts: 4,130
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #102 on: November 18, 2010, 10:31:40 am »
SELinux is just one facet. There are other things Ubuntu is doing which makes SELinux seem relatively tame and harmless...such as dropping Pidgin for Empathy (which includes geolocation), shilling like mad for cloud computing, and dropping GNOME in favor of their in-house Unity desktop interface for Ubuntu Desktop Edition all because the GNOME guys rejected the inclusion of Zeitgeist which logs the usersís activities and events, anywhere from files opened to websites visited and conversations. Oh, and don't forget that Firefox now has geolocation.

http://forum.prisonplanet.com/index.php?topic=127506.0

http://forum.prisonplanet.com/index.php?topic=191577.0

This is a lotta good info. I was just talking to a co-worked yesterday about Linux distros and I might try a change - not only in light of all of this, but to make sure I keep my CLI skills up to date :)

I was kinda thinking Slackware - true, it's older, but... nowadays - newer doesn't seem to be better in many cases.
And dying in your beds, many years from now, would you be willin' to trade ALL the days, from this day to that, for one chance, just one chance, to come back here and tell our enemies that they may take our lives, but they'll never take... OUR FREEDOM!

Offline ex_nihilo

  • Member
  • *****
  • Posts: 502
  • YHWH prevails Rev 20:10
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #103 on: November 18, 2010, 10:53:46 am »
Compared to all the geolocation crap now being included in Ubuntu (dropping Pidgin for Empathy...which includes geolocation, dropping GNOME in favor of their in-house Unity desktop interface for Ubuntu Desktop Edition all because the GNOME guys rejected the inclusion of Zeitgeist which logs the usersís activities and events, and Firefox now having geolocation), and Canonical/Ubuntu shilling like mad for cloud computing. SELinux is relatively tame and harmless.

http://forum.prisonplanet.com/index.php?topic=127506.0

http://forum.prisonplanet.com/index.php?topic=191577.0

Can't forget Firefox's closeness with google.


Replace default google search in Firefox:
http://forum.prisonplanet.com/index.php?topic=184353.0
An open mind, like an open wound, is prone to infection. -ex_nihilo

Offline Juntawatch

  • Member
  • *****
  • Posts: 637
  • "This ain't Rock-n'-Roll; † ††This is Genocide."
Re: WTF? Ubuntu caving in to NSA's SELInux?!
« Reply #104 on: January 20, 2013, 03:45:59 pm »
The SELinux is not secret closed code.
So please don't post about "backdoors" with out proof.

The lack of logic makes us all look stupid and paranoid.




Agreed. But they can't have their cake and eat it. You are paranoid, you told me yourself on the phone EV.
(only having a larf mate)
As  computer Maverick; - I can confirm that this looks like the post was started by 'Outlaw' someone or other ...

 ... Durh, let's see boss ...

SELinux wiki says:

"The Security-enhanced Linux kernel enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. When confined in this way, the ability of these user programs and system daemons to cause harm when compromised (via buffer overflows or misconfigurations, for example) is reduced or eliminated. This confinement mechanism operates independently of the traditional Linux access control mechanisms. It has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries".

http://www.nsa.gov/research/selinux/faqs.shtml#I1

"My God Man, this Password Works; - on all my computers and Servers. Genius!".
"The Dog has returned to its own vomit, and the sow that was bathed to rolling in the mire."
2 Peter, 2:2.

'The Intellectual, the Plebitian & the Proletariat could be treated; just as wasps are treated.'
- Sanctimonious III. 1st Century.