Re: Turning off SELINUX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 6 Sep 2013 17:58:03 +0200
Heinz Diehl <htd@xxxxxxxxxx> wrote:
> On 06.09.2013, Javier Perez wrote: 
> 
> > My beef is given the NSA origin of this software, It could very
> > well have a backdoor to turn itself off under the appropriate
> > circumstances like an NSA-sponsored breach an allow unrestricted
> > access to my system..
> 
> Every person contributing to free open source software could do
> that. You're talking about the NSA: they could easily pay
> somebody to do that for them. Everybody with a lot of money could do
> the same. If that's your concern, you can never ever be
> shure, unless you have reviewed all of the sourcecode running on your
> machine by yourself, and recompiled the software using this source
> afterwards.

That's not enough, because the compiler may be rigged to reintroduce
backdoors straight into binaries. You need to check the compiler source
code, and then bootstrap it from a simpler compiler that you have wrote
yourself in machine code (and I mean machine code, not the assembly
language).

However, this also isn't good enough, since the bios, CPU (firmware and
hardware in general) might have an undocumented set of instructions
that can remotely trigger total control over the machine. It's quite
simple, actually --- NSA pays some money to rig Intel, AMD, ARM and PPC
architectures in this way, and they can access anything remotely.

So in order to go around that, you need to build a computer yourself
from scratch, in particular the CPU. After bootstraping Linux on that
hardware (LFS distro comes to mind...), you're safe against the NSA.

As for the tinfoil hat, it needs two layers --- the inside layer needs
to be orientend shiny-side in, which would prevent the NSA from spying
on your brain waves. But the outside layer needs to be oriented
shiny-side out, to prevent the NSA from feeding your brain with
undesired signals. The two layers need to be well insulated against
each other --- it's obvious that a short-circuit between them will
leave you completely vulnerable...

HTH, :-)
Marko

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux