[SGVLUG] Reverse Engineering / Analyzing the SELinux Kernel
Source Code?
Michael Proctor-Smith
mproctor13 at gmail.com
Fri May 19 15:50:50 PDT 2006
On 5/19/06, sean at seanodonnell.com <sean at seanodonnell.com> wrote:
> All this talk of SELinux reminds of a question I've never really known
> how/who/where to ask...
>
> Q?: Has anyone reverse engineered the SELinux Kernel? Or analyzed the
> source code for possible rootkits or 'undocumented features'??
Well you would not have to reverse engineer anything as SELinux is
100% GPL main line kernel code at this point. And as such has had many
non-NSA eyes look at it. I would have been easier to post patches that
created a security "back door" then to create SELinux and get that
included in the kernel.
> I've always avoided using that 'hardened' kernel due to privacy
> concerns in regards to (possible) circumvention capabilities by the NSA.
>
> My confidence-level in the NSA in terms of (innocent civilian)
> privacy/security has been at a state of FUD for years, and with the
> recent turn of publicized events (which only confirmed my prior
> assumptions), that concern has not receded.
>
> I don't know enough about kernel programming in general to determine
> whether or not such circumvention is even possible, although I assume
> it would be.
>
> I'm sure this has been thought-through and discussed by others before
> me, (hopefully by those who actually understand kernel architecture),
> but I was just curious.
Well as far as I know the NSA is quite paranoid they developed SELinux
so that they could use it. The fact of the matter is a backdoor could
be found by someone else and exploted so it is best for then not to
exist, it you are going to use the system your self. SELinux is a
great idea in that you can actaul create a system where you can give
out a root password (uid 0) and still have a prefectly secure system.
But again I have know idea how to audit kernel code for secuirity and
have not checked it myself.
P.S. If you are using most modern distro produced kernels they have
SELinux compilled into the kernel even it is disabled at run time.
More information about the SGVLUG
mailing list