Re: [PLUG] Linux zero day

LeRoy on 19 Jan 2016 11:52:35 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux zero day

From: LeRoy <ldc@lrcressy.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux zero day
Date: Tue, 19 Jan 2016 14:51:47 -0500
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

On 01/19/2016 10:57 AM, brent timothy saner wrote:
> On 01/19/2016 08:55 AM, jeff wrote:
>> http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html
>
>>
>>
>> 
> 
>> Been around since 2012
> 
> 
> yikes. thankfully it requires local shell at the least.
> 
> also a good example of why you shouldn't make compilers available
> to regular users without good auditing in place, and ALWAYS use 
> something like SELinux or grsecurity/PaX whenever possible.

Your comment on using SELinux is accurate, while most of the
distributions com with SeLinux installed, it is not configured and
activated.  To configure a SELinux system takes an arduous effort and
a lot of reading to get it right.

Several months ago I bought a new Android Cell Phone (Moto G 3) and I
was happily surprised to see a properly configured SELinux system on
this new phone.

Gentoo Wiki has some excellent articles on setting up and configuring
a SELinux system.

https://wiki.gentoo.org/wiki/SELinux/Tutorials

Along with these documents you should also tackle reading the original
NSA documents.

https://www.nsa.gov/research/_files/selinux/papers/policy2/t1.shtml

Editorial:

Most do not even realise that it was the "evil" NSA that even created
the SELinux source.  The NSA agents and computer scientists do an
excellent job though the press continually lambasts them.  We must
remember that the people doing the job collecting and analyzing data
do not have the job of capturing and convicting the bad guys.  The NSA
gives a daily security briefing to the President.  The president is
the one who must decide what to do with the reported data.  Now the
press wants to blame the creators of a wonderful security tool for the
lapses in security instead of blaming the one who makes the final
decision.

Though the NSA is probably reading our GnuPG encrypted mail and stuff,
it is our job to protect ourselves and not to depend upon the
government for our security.

-- 
 Rev. LeRoy D. Cressy  mailto:leroy@lrcressy.com    /\_/\
                       mailto:rev.cressy@gmail.com ( o.o )
                       			            > ^ <
		       Cell Phone:  267-668-9686

Please See My posts on facebook or googleplus

Open PGP Key:     C34B77CC
gpg fingerprint:  8AD5 35EF 1FDF F1A7 E483  8CCE A50D 4E81 C34B 77CC

For info on enigmail:	https://www.enigmail.net/
For info on gpg:	https://gnupg.org/
For secure Cell Phone:	https://whispersystems.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Linux zero day
  - From: jeff <jeffv@op.net>
- Re: [PLUG] Linux zero day
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: Re: [PLUG] Linux zero day
Next by Date: [PLUG] Idiotic Misleading Headline
Previous by thread: Re: [PLUG] Linux zero day
Next by thread: [PLUG] Beginners Resources
Index(es):
- Date
- Thread