[SGVLUG] Reverse Engineering / Analyzing the SELinux Kernel Source Code?

Terry Hancock hancock at anansispaceworks.com
Tue May 23 20:16:44 PDT 2006


Dustin Laurence wrote:
>  On Fri, May 19, 2006 at 05:30:04PM -0500, sean at seanodonnell.com
>  wrote:

> > Q?: Has anyone reverse engineered the SELinux Kernel? Or analyzed
> > the source code for possible rootkits or 'undocumented features'??

>  Effectively, yes. If you are paranoid, then it is probably the only
>  code you *should* trust. The problem with this is that you still
>  have lots of people poring over the code, you can't work in secret.

The way for the NSA to slip in a backdoor would be via a pre-built
SELinux *binary*, built from secret sources that don't match the
publically available ones.

With inside help from any distribution (commercial or community),
they could manage to slip such a thing into the binary version of
that distribution (as could others, of course).  It wouldn't be easy,
but there are documented examples of it being done by other
organizations.

Any opinion I had on the likelihood of such a strategy would
be biased by irrational reasons, so I'll avoid saying.  I'm merely
commenting on the technical feasibility of it: difficult, but
not impossible.

If you want to feel really paranoid, read:
"Reflections on Trusting Trust"
by Ken Thompson
http://www.acm.org/classics/sep95/

(which suggests a more-difficult-to-trace variation on the above
strategy).

I found this intriguing hit in the process of looking that up, though:
"Countering Trusting Trust through Diverse Double-Compiling"
by David A. Wheeler
http://www.acsac.org/2005/abstracts/47.html

"Hmm."

Cheers,
Terry

-- 
Terry Hancock (hancock at AnansiSpaceworks.com)
Anansi Spaceworks http://www.AnansiSpaceworks.com




More information about the SGVLUG mailing list