selinux
I was wondering what the viewpoint is on selinux from trisquel/-users? I didn't go deep with researching it, but few things I noticed didn't made it particulary seem like a good thing. It's initiated by the NSA? Also I didn't find any information on the FSF website, nor the GNU website, which kind of seems a little strange, as I would expect the FSF would have some kind of viewpoint on it.
edit: except some support info on the GNU website.
It sounds like you're wondering what the FSF's stance would be on SELinux. As far as I know, the FSF hasn't made an official statement on it. However, it's important to remember that SELinux is free software. The FSF has always advocated for all software to be free, giving users the ability to run, study, redistribute, and modify the software. If the NSA chose to develop SELinux to address their security concerns and decided to share it (freedom #2), they are fully within their rights under the principles of software freedom. So it's unclear what the FSF would even have to say, since it's just another example of some person or organization developing free software somewhere. Is there a specific aspect of SELinux you're curious about?
>"Also I didn't find any information on the FSF website"
SELinux as a kernel security module is not addressed specifically by the FSF, but the FSF does mention 3 tools that may be used to configure SELinux policy:
1. Jupp text editor - supports SELinux context copying on Debian systems with the Linux kernel - https://directory.fsf.org/wiki/Jupp#tab=Overview
2. Segatex - tool to configure SELinux policy with the help of a GUI - https://directory.fsf.org/wiki/Segatex
3. runcon with GNU Core Utils allows running in specified SELinux CTX - https://directory.fsf.org/wiki/Collection:GNU_Core_Utilities
>"It's initiated by the NSA?"
DARPA pioneered the internet, and yet, here we are. Although we would probably be safer on Gemini space.
I dont want NSA in computer.
You can't use git then. Do you know that SHA-1 cryptographic hash function? It was designed by the NSA.
https://en.wikipedia.org/wiki/SHA-1?useskin=vector
Plan to use GNU Coreutils to check the hash for that downloaded ISO with SHA-2? That was also designed by the NSA.
https://en.wikipedia.org/wiki/SHA-2?useskin=vector
SHA-2 is also used in other places, including GPG, SSH, and even TLS that you're probably using to browse these forums.
Do you ever use virtualization with xen? The NSA make contrbutions:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76ce7618f9a24f7b13958c67f7d5ccfcdab71475
However, it's worth noting that these contributions undergo peer review. Things like SHA-1, SHA-2, and whatnot have been looked at by many people over many years. So while NSA's involvement is cryptography is undeniable, there is also scrutiny going on. There's no need for paranoia.
I did not find anything leading to confirmation of a backdoor in selinux.
They could try to put one in because there was a backdoor in the algorithm "Dual EC DRBG". I am not sure how long it took people to notice; Schneier called it obvious [1].
There was also that paper by a university that suggested it is possible to subvert free software by submitting the hypocrite patches. But the article points out that there are some who think the submission system proved it does work correctly [2].
https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source
>"They could try to put one in because there was a backdoor in the algorithm "Dual EC DRBG"."
That's true. I guess you can trust the NSA almost as far as you can throw them.
I am a translator!
Thanks for the references.
> Schneier called it obvious [1]
In the article you linked, he says "rather obvious" and it comes after a presentation from someone showing the problem.
This reminds me of a math teacher who said that when she asked us to demonstrate something, "it is obvious" was a perfectly acceptable answer provided we said why, from our perspective, it was obvious.
My comment is not specifically towards the NSA. In general, I feel like I should at least try to know how the software I am using was reviewed. I don't know whether there are free software projects that try to capture some information about this.