Home > Privacy, Security > Security Is No Secret

Security Is No Secret

  Submitted by Rahul Privacy, Security 7 Comments

NSA takes its Flask architecture to the open-source community to offer an inexpensive route to trusted systems. “What it really helps out with is something called zero-day exploits,” said Daniel Walsh, a principal software engineer at Red Hat and leader of the company’s SELinux team. “If you have a bug in your software that allows a machine to be taken over, SELinux [provides] another layer of controls to make sure that application only does what is was designed to do. SELinux is your last line of defense.

About The Author

7 Comments

  1. 2008-07-24 6:03 pm
    umccullough

    Mine is the power button ;)

  2. 2008-07-24 6:16 pm
    antik

    And what does most(all?) wannabe system administrators? THEY TURN SELINUX OFF! Why, you ask? Because it’s PITA to configure and slows your system down to knees. That’s why.

    It is amusing to read every single day about critical bugs in serious applications. Maybe it is not a fault of programmers but serious design faults in compilers itself- it should stop compiling your shitty code and send a message to authorities about your stupidity.

    Whatever.

    • 2008-07-24 7:28 pm
      ichi

      And what does most(all?) wannabe system administrators? THEY TURN SELINUX OFF!

      SELinux or not, I would certainly not hire a “wannabe system administrator” nor trust his security decisions.

  3. 2008-07-24 9:07 pm
    madcrow

    …until every single line of code had been independently verified to not provide a back door for the NSA to spy on the data. While the FBI and CIA have done their share of foul stuff, the NSA probably takes the cake in terms of sheer evilness over the last 10 years or so.

    • 2008-07-24 9:45 pm
      DrillSgt

      “…until every single line of code had been independently verified to not provide a back door for the NSA to spy on the data. While the FBI and CIA have done their share of foul stuff, the NSA probably takes the cake in terms of sheer evilness over the last 10 years or so.”

      Help yourself. SELinux is under the GPL and the code is available.

  4. 2008-07-26 3:17 pm
    RHCE07

    In RHEL and Fedora by default SELinux is ‘on’ if you leave it on and you are setting up a machine, server, laptop you can use this command.

    setenforce 0 to set it to permissive so you can install the packages or updates…

    When you are finished customizing your machine

    setenforce 1 to turn it back to enforcing mode no reboot is required.

    You can reference another directory with the same SELinux context with chcon –reference /var/www/html /var/www/mywebstuff

    It is another area that is amazing in what it can do, it takes a lot of practice, studying and understanding to administer it in the correct manner.