On 5 Mar, 00:19, plenty...@yahoo.com wrote:
> I've learned that there are bits of NSA's SELinux in various
> places in kernel 2.6. *How can I be sure that Big Brother isn't
> using back doors or bugs to break into my computer?
> Especially with all the illegal spying done these days...
> How much safer would it be to just switch back to 2.4 or 2.5?

OK, people are making fun of you. Most seriously, the SELinux bits are
open source and recompilable, so there are good chances to review it:
I don't consider it a big risk. No, the big SELinux risk is that lots
of people turn it *off* and don't bother to use it, because it
interferes with all sorts of reasonable tools in unpredictable ways
and the configuration tools for it suck really, really hard. So if
you're in a hurry to get work done, many folks simply turn it off to
eliminate the burden of maintaining it.

This is particularly true with webtools, many of which scatter their
writable directories and utilities all over your file system and
refuse to acknowledge the UNIX File System Hierarchy, much less any
security practices. I once went through conniptions trying to get
Bugzilla working, and rejoiced when it was finally packaged up into a
clean RPM that worked well with SELinux.

If I see one more utility that says "download the latest CVS from here
and just run it iin place on your system!" and the CVS blatantly does
not work, much less have any way of detecting which particular verson
of the software it contains.....