Announcement

Collapse
No announcement yet.

SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • marlock
    replied
    @smidthbag
    about the reply to (1) and the whole idea of "if you're in favour of privacy you're hiding something illegal and/or immoral"
    yes, we should care about not offending others with baseless accusations that disqualify them from even being heard and taken seriously

    that's not just being polite vs. rude (which honestly should be a concern too unless you enjoy highly toxic discussions) but also it's a broken argumentative recourse (i believe this is called "ad hominen", where you attack the speaker instead of the speech)

    it's also not really a "reality check" since it's baseless, aka not grounded in reality


    about the reply to (2) and my (edit)
    the existance of legally and morally acceptable/mandatory uses of privacy (even in general-purpose personal computing) proves that not having the possibility of privacy is not OK for an OS and software (even ones for general-purpose personal use)

    this alone should be enough for you to realize most vulnerabilities are a problem that does need to be tackled by those OSs and softwares, at scale, for everyone, as a baseline approach


    about the reply to (7):
    there are others but wannacry is a pretty recent example of a hugely widespread, sucessful and notorious case of "attack everything, ask for ransom from everyone, cash in all you can"

    even if these are not the most common attacks, ignoring CVEs or generally letting an OS become easy enough to exploit everyone that uses it is asking for someone to notice this and make simpler use of open breaches at a large scale instead of just high-effort attacks to narrow targets

    failure to ensure safer defaults in routers (eg: by shipping them with default passwords and not enforcing a user-assigned password at first use by device design) is actually part of the reason for germany's law on personal internet protection being mandatory... plenty botnets are comprised of small routers with default passwords that got "recruited"


    about the reply to (3):
    my original post already contained the counter-argument to your reply

    the damage open cybervunerabilities can cause to human lives is extensive when weaponized, so they shouldn't stay open, period

    leaving them open so the NSA can spy on them so it can prevent the attacks on them is a tautological proposal if they can simply be closed and the damage prevented

    by the way, spying does not prevent such damage, it *might* give early warning, but part of the fuss around NSA wistleblowing was discovering just how little it prevented with their massive spying efforts, so lots of colateral damage for very little benefit


    about the reply to (4):
    same thing... counter-argument contained in original post

    "planting false evidence is made much much easier if you have extraordinary access"

    not all crooked governments have absolute power over all citizens all the time... most bank on plausible denial, legitimating their repressive actions, gradually encroaching over resistances until they can get their roots firmly in place

    not giving them easy-to-use weapons over the resistance while they are establishing their power is essential to preventing them from becoming a full-out despotic power


    about the rest, in short:
    you don't like privacy for yourself, that's your usecase

    others like it and have the right to have it (legal and/or moral), you don't get to say their usecase is illegal, immoral and/or invalid

    Leave a comment:


  • Magissia
    replied
    Originally posted by sarmad View Post

    Closing few holes with SELinux is better than closing none, but closing more holes using a better technology is even better.
    Which technology is it?

    Leave a comment:


  • mirmirmir
    replied
    Originally posted by schmidtbag View Post
    Yup and I still stand by that.
    Don't break the law and you've got nothing to worry about. Seriously, it's not that hard to have a great life and be a good citizen at the same time. That's what gets me to question people like you: the only reason you care is because you're probably doing something morally objectionable.
    Nice try NSA agent...

    Leave a comment:


  • sarmad
    replied
    Originally posted by Magissia View Post

    Closing few holes using SELinux is better than closing none?
    Closing few holes with SELinux is better than closing none, but closing more holes using a better technology is even better.

    Leave a comment:


  • Magissia
    replied
    Originally posted by sarmad View Post
    It's a bad technology anyway. They may as well just drop it altogether rather than only dropping the NSA reference. It's bad because it's over complicated, and when something is over complicated it leaves room for mistakes that result in security holes. I remember needing to turn it off whenever I needed to test my web server back in the days when I was using Fedora before getting fed up with SELinux and jumping distros.
    Closing few holes using SELinux is better than closing none?

    Leave a comment:


  • SeeM
    replied
    Originally posted by billyswong View Post

    So how do someone not aware of the existence of SELinux suddenly know to look at that particular log file locating in that obscure place? Please enlighten everyone here. If you want to defend SELinux, you may suggest some killer feature that other modules such as AppArmor can't. But when someone said "I didn't know my problem is due to SELinux thus lost a day of time", response such as "you should have gone take a look at a log file that only SELinux users will watch out for" is NOT an answer.
    Actually, I know one killer feature, which I never seen elsewhere. I would have a Wordpress site and a database on a simple VPS. Then my site is hacked and start to scan Your sites, or get into a DDoS botnet. For some reason by default - at least on Fedora and RHEL - selinux is preventing Apache from making any external connections. To the point, that Wordpress can not update itself, nor its plugins. So it is annoying to me, as administrator, who have to switch httpd_can_network_connect boolean during update window, but Selinux is protecting You from my server. It is contained and will stay that way, as long as Selinux is enabled with enforcing mode.

    Both Selinux and Apparmor can be bypassed by a flaws - like https://cve.mitre.org/cgi-bin/cvenam...ame=2023-28642 in runc - but both are so narrowly used, that almost no one cares and many vulns are non-issue with Selinux enabled.

    Leave a comment:


  • smitty3268
    replied
    Originally posted by andyprough View Post
    When was the last time you tried blowing the whistle on government corruption as a federal agency insider? You should talk to a whistleblower and hear about the hell they go through. How about Edward Snowden? Have you seen him giving live in-person talks at American conferences on ethics and technology lately? How much has our government respected his rights to blow the whistle on blatant NSA corruption?
    Snowden was in a difficult position, but he gave up the moral high ground when he fled to Russia and allowed himself to be an anti-American propaganda symbol.

    If he truly wanted to make a difference, he should have stayed in the US and proudly stood up to those he thought were doing wrong. Yes, he probably would have ended up in jail for a few years, but he would have constantly been bringing attention to the issues he stood for and a lot of people likely would have backed him as a political prisoner and gotten him at least a commuted sentence.

    Instead, he fled the country and got pretty much everyone to ignore him and the issues he was worried about were free to be swept under the rug.

    Leave a comment:


  • schmidtbag
    replied
    Originally posted by marlock View Post
    1) this blanket statement implies anyone saying othewise is not honest, which means, even if you don't fully realize it, you are attacking the integrity your interlocutors here to make your point, which is inherently offensive especially as you're doing it in a blanket statement
    You say that as if I [should] care about who I offend. Some people need a reality check, and reality isn't always so pleasant. And it's not a blanket statement: as I've said before, someone who is actually oppressed would not be here griping about this kind of data privacy.
    2) you ignore the existance of legally acceptable secrets (personal passwords, social security numbers, industrial secrets, workplace access codes, etc)
    I'm not ignoring it if it isn't relevant. As you yourself just said: they're legally binding. Besides, there needs to be proof that an institution not only illegally acquired that data (and sometimes ther is ToS that users unwittingly agree to that may permit this data collection) but more importantly: distributed that data.
    3) you ignore that the attacker might not be your own country, instead a belicous foreign entity
    Why should I care about another country spying on my browser history? User discretion is a necessity to keep one's self safe on the internet.
    eg: Russia has been documented launching successful rehearsal attacks on european electric smart grids as part of a new class of cyberwarfare with the goal of quickly disabling civil infrastructure... this class of cyber-attacks can have a bigger strategic impact than conventional warfare even if the target is not millitary, and the entry points are usually civilians, through spear-physhing, vulnerability probings, multi-stage invasion... a pretty old and notorious example (but made by the USA) is stuxnet
    That's not really relevant to this discussion. In fact, that could even promote the use of the NSA's tracking, but I'm not interested in opening that can of worms.
    4) you ignore corrupt government authorities may use their leverage to target honest law-abiding citizens to frame them under false charges... planting false evidence is made much much easier if you have extraordinary access
    Actually, read the post I submitted right before this one: I did in fact address that, and I might have addressed that on a different thread too. But I'm glad you pointed that out because as I said: what's the point in fearing data collection when a corrupt government is going to screw you over anyway?
    5) look at the sheer amount of illegal persecution done towards immigrants before they even have a chance to plead for a legal recognition of their entry... and at the immorality of actively causing hordes of them to die mid-journey despite obviously needing to flee from their former homes for sheer survival, again albeit this being partly (only partly!) made legal... those people are spied on without cause and persecuted en-masse and electronic means of invasion are an integral part of this horrendous effort
    That's an even bigger can of worms I'm not about to open. I kind of get why you bring it up, but I can tell you're interpreting this situation in a very specific point of view, and you're not looking at the big picture. Doesn't mean the bigger picture is morally righteous (I would argue it's not, and that I would favor your point of view) but the reality "justifies" (I say that very loosely) what you describe.
    6) you ignore just how many extraordinary exploits fall into the hands of common cyber criminals nowadays, and how fast and widely they have been deploying all sorts of attacks... the same automation and convenience that powers datacenters is powering crooks to attack "nobodies" with "nothing to hide" and making serious bucks by catching several small fish instead one big fish
    I don't ignore that either, but I didn't get into it because the discussion never got that deep. But even then, most (not all) cybercriminals who successfully identify personal information do not screw over those people, at least not at random. Typically, they're seeking ransom from the company.
    7) finally, how comfortable are you about sharing every detail of your sex life with your mom and dad? because some companies have made it their business to sell spying tools and exploits as parental control, to paranoid people in relashionships which they distrust, etc
    If my parents distrusted me or my girlfriend so much as to use such a tool out of malice then they can go ahead and use it. There is nothing positive to gain from such a thing so it's ultimately their loss, not mine (and my girlfriend would care even less - she doesn't like keeping things secret). If my girlfriend were to use such a thing, there's really only 2 ways to look at it:
    A. I was doing something dishonest and deserve whatever comes my way.
    B. I was being honest and I realize I should end the relationship because she isn't trusting.
    It's a win-win for me.
    ps: this is not a comment on specifically what SELinux might help prevent, but then again the argument made was that nothing at all is needed if you have nothing to hide, which is just as generic
    I welcome you to challenge me further on this.
    some secrets are even mandatory by law and how failing to guard them is breaking the law too, so in some cases you litteraly HAVE to hide stuff (including your personal wifi password in some countries like iirc Germany) to be a law-abiding good citizen
    ‚ÄčI find that a little excessive but certainly not a bad idea.

    Leave a comment:


  • schmidtbag
    replied
    Originally posted by billyswong View Post
    schmidtbag Keep on granting more power to the government, then your "1st world" country will be the next oppressive state when you wake up one day. Or granting power to corporations blindly, then your "1st world" country will become just a puppet one day and corporation cartels will be the true dictators ruling over the world.
    People in western countries get quite rebellious when even things they don't need get taken away from them. Imagine the rioting that would occur 1st world countries would respond if they modeled after the Taliban laws.
    I used Taliban as my initial example because even the stubbornest tankies won't support their policy in open (at the moment in 2023). So we can establish a common ground that at least some oppressive governments exist. For technical capacity, Russia and China are better examples. Especially for Chinese government which wholeheartedly endorses big-brother-is-watching-you policy and is actively implementing it. But I didn't want to muddle into endless political debate so I refrained from using them as examples at first. The chance of someone arguing they are "good big brother" is there and this would be tiring.
    Not sure what "tankies" means but regardless, yes, of course oppressive governments exist; I never said otherwise. But what I am saying is if I lived in such a country, I wouldn't be here griping about the NSA or Google since y'know, I'd have real problems to deal with. While I don't deny that it's possible for governments like my own to be super oppressive, in order for me to be oppressed would basically require a country such as Russia or China to successfully invade. That's not happening to any NATO country. Of course, I'm in a privileged position where my country could oppress other demographics, but in the past century, the trends show the opposite: people are attaining rights/liberties.
    Your show off of your "privilege" is disgusting.
    Well isn't that some cognitive bias at its finest. I acknowledge I'm in a privileged position, and I assume you are too. Yet, you're the one who thinks I should fear for my privacy. I couldn't care less if the NSA wants to watch me jerk off through my webcam and Google can go ahead and log my browser activity if they really want. These are so inconsequential compared to people who have real problems, and you think I'm the disgusting one? Here's the thing: if an oppressive/corrupt government really wants to take you down, they don't need to spy on you to do that. If you live a low-profile life (which ironically would include not trying to be on radio silence), any government is less likely to target you. In other words: you don't need to fear for your privacy because you're screwed either way (not you, specifically).

    It boggles my mind what people like you do to intentionally live in fear. I'm sure the Uyghurs, Afghani women, and Hong Kongers feel soooo honored by your motives! Don't forget to leave a like along with thoughts and prayers!

    Leave a comment:


  • avis
    replied
    Originally posted by billyswong View Post

    So you really can't see the logical flaw? Of course a person can google how to troubleshoot problem caused by SELInux *after* he/she know the problem is caused by SELInux. It is the how-do-one-know-the-problem-is-caused-by-SELinux-BEFORE-knowing-SELinux problem that markg85 was complaining. From Mark's experience, SELinux doesn't seem self-revealing. It is not commonly run in every Linux distribution.
    In addition to that file, on Fedora/RHEL all SELinux errors are logged in journalctl. I have a sneaking suspicion even that was never used or checked. I'm sorry but someone seemingly just couldn't be bothered to get to the bottom of it.

    Leave a comment:

Working...
X