LeRoy on 19 Jan 2016 11:52:35 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux zero day

On 01/19/2016 10:57 AM, brent timothy saner wrote:
> On 01/19/2016 08:55 AM, jeff wrote:
>> http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html
>> Been around since 2012
> yikes. thankfully it requires local shell at the least.
> also a good example of why you shouldn't make compilers available
> to regular users without good auditing in place, and ALWAYS use 
> something like SELinux or grsecurity/PaX whenever possible.

Your comment on using SELinux is accurate, while most of the
distributions com with SeLinux installed, it is not configured and
activated.  To configure a SELinux system takes an arduous effort and
a lot of reading to get it right.

Several months ago I bought a new Android Cell Phone (Moto G 3) and I
was happily surprised to see a properly configured SELinux system on
this new phone.

Gentoo Wiki has some excellent articles on setting up and configuring
a SELinux system.


Along with these documents you should also tackle reading the original
NSA documents.



Most do not even realise that it was the "evil" NSA that even created
the SELinux source.  The NSA agents and computer scientists do an
excellent job though the press continually lambasts them.  We must
remember that the people doing the job collecting and analyzing data
do not have the job of capturing and convicting the bad guys.  The NSA
gives a daily security briefing to the President.  The president is
the one who must decide what to do with the reported data.  Now the
press wants to blame the creators of a wonderful security tool for the
lapses in security instead of blaming the one who makes the final

Though the NSA is probably reading our GnuPG encrypted mail and stuff,
it is our job to protect ourselves and not to depend upon the
government for our security.

 Rev. LeRoy D. Cressy  mailto:leroy@lrcressy.com    /\_/\
                       mailto:rev.cressy@gmail.com ( o.o )
                       			            > ^ <
		       Cell Phone:  267-668-9686

Please See My posts on facebook or googleplus

Open PGP Key:     C34B77CC
gpg fingerprint:  8AD5 35EF 1FDF F1A7 E483  8CCE A50D 4E81 C34B 77CC

For info on enigmail:	https://www.enigmail.net/
For info on gpg:	https://gnupg.org/
For secure Cell Phone:	https://whispersystems.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)

Attachment: signature.asc
Description: OpenPGP digital signature

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug