Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] I got yet another NSA backdoor to my kernel
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
etnull
Guru
Guru


Joined: 26 Mar 2019
Posts: 330

PostPosted: Thu Apr 09, 2020 12:24 pm    Post subject: [solved] I got yet another NSA backdoor to my kernel Reply with quote

linux 5.6.* has this enabled:
Code:
NSA SELinux Support (SECURITY_SELINUX) [Y/n/?] y
  NSA SELinux boot parameter (SECURITY_SELINUX_BOOTPARAM) [Y/n/?] y
  NSA SELinux runtime disable (SECURITY_SELINUX_DISABLE) [Y/n/?] y
  NSA SELinux Development Support (SECURITY_SELINUX_DEVELOP) [Y/n/?] y
  NSA SELinux AVC Statistics (SECURITY_SELINUX_AVC_STATS) [Y/n/?] y
  NSA SELinux checkreqprot default value (SECURITY_SELINUX_CHECKREQPROT_VALUE) [0] 0
  NSA SELinux sidtab hashtable size (SECURITY_SELINUX_SIDTAB_HASH_BITS) [9] (NEW)
  NSA SELinux SID to context string translation cache size (SECURITY_SELINUX_SID2STR_CACHE_SIZE) [256] (NEW)

What are downsides of not enabling it?


Last edited by etnull on Thu Apr 09, 2020 3:22 pm; edited 1 time in total
Back to top
View user's profile Send private message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 517
Location: Inner Space

PostPosted: Thu Apr 09, 2020 12:35 pm    Post subject: Reply with quote

hard to tell. is a matter of what secret service you trust.
_________________
CLOSED|||||||||||LISTEN
SYN-SENT --> SYN-RECEIVED
ESTABLISHED <-- SYN-RECEIVED
ESTABLISHED --> ESTABLISHED
ESTABLISHED --> <DATA> --> ESTABLISHED
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7416

PostPosted: Thu Apr 09, 2020 1:38 pm    Post subject: Reply with quote

it's not because NSA has given it that it's a backdoor, it's only in movies that the vilain explains his whole plan stupidly instead of keeping it hidden :)
Back to top
View user's profile Send private message
etnull
Guru
Guru


Joined: 26 Mar 2019
Posts: 330

PostPosted: Thu Apr 09, 2020 2:19 pm    Post subject: Reply with quote

krinn wrote:
it's not because NSA has given it that it's a backdoor, it's only in movies that the vilain explains his whole plan stupidly instead of keeping it hidden :)
the most hidden is always in the plain sight.
Back to top
View user's profile Send private message
Etal
Veteran
Veteran


Joined: 15 Jul 2005
Posts: 1703

PostPosted: Thu Apr 09, 2020 3:15 pm    Post subject: Reply with quote

Quote:
│ CONFIG_SECURITY_SELINUX:

│ This selects NSA Security-Enhanced Linux (SELinux).
│ You will also need a policy configuration and a labeled filesystem.
If you are unsure how to answer this question, answer N.

_________________
“And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”– Hillary Clinton, Jan. 21, 2010
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6491

PostPosted: Thu Apr 09, 2020 6:31 pm    Post subject: Reply with quote

There's no "(NEW)" next to it, meaning you already enabled it before 5.6. That option is not on by default, meaning you made a conscious choice to turn it on.
Back to top
View user's profile Send private message
etnull
Guru
Guru


Joined: 26 Mar 2019
Posts: 330

PostPosted: Thu Apr 09, 2020 6:50 pm    Post subject: Reply with quote

Ant P. wrote:
There's no "(NEW)" next to it, meaning you already enabled it before 5.6. That option is not on by default, meaning you made a conscious choice to turn it on.
No way. This is regular gentoo kernel and I have nothing in my config to enable it!
Back to top
View user's profile Send private message
Zucca
Veteran
Veteran


Joined: 14 Jun 2007
Posts: 1775
Location: KUUSANKOSKI, Finland

PostPosted: Thu Apr 09, 2020 8:48 pm    Post subject: Reply with quote

... unless some other config pulled all the SElinux stuff with it.
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
JustAnother
Tux's lil' helper
Tux's lil' helper


Joined: 23 Sep 2016
Posts: 111

PostPosted: Sun May 31, 2020 10:12 pm    Post subject: Reply with quote

Just emerge systemNSA and admit defeat...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum