[ThatGeoGuy]

Oh please that's complete garbage.

The code for SELinux that's in both GNU/Linux distributions and Android are all open source, and anybody can go and review the code or change it.

The existence of Linux on the desktop doesn't remove the threat of having NSA code built into your processor, but if you honestly believe SELinux is a backdoor then feel free to point out where in the source code the backdoor is located instead of spreading FUD for no reason. SELinux has nothing to do with what the article is talking about, that is, having malicious firmware baked into the processor at the hardware level.

[WizzleKake]

Have you read the code? What makes you think that they're above inserting subtle bugs?

[gcr]

Because Linus signed off on it. To get that complex change into the kernel, the NSA had to convince Linus that it's a good idea, which can be a next-to-impossible task. I trust him to review the code more than I trust myself.

[NegativeK]

Linus doesn't review everything. He delegates and trusts.

That's tangential, though. More importantly, I expect NSA contributions to be poured over because the NSA isn't highly trusted, and it would make a great mailing list post to say "The NSA has a backdoor in our code here, here, and here."

Many eyes and a suspect contributor make all backdoors shallow.

[dobbsbob]

SElinux is just policy based MAC you can clearly see what the source is doing. Not everything the NSA does is totally evil, sometimes they actually do what they are supposed to do, which is secure US infrastructure and that includes open source projects. SEAndroid is also a good project, and the NSA is just like any other security specialist who likes to work with open software and rejects blackboxes. At least your intel agency gives you something in return, mine spies on us and gives us nothing.

They wouldn't need to purposely sabotage the linux kernel anyways it's like 15+ million lines of code they can easily review and find bugs as a homework assignment in first year internal classes on offensive exploitation.

[unsignedint]

While this is possible, I believe it'd be extremely unlikely.

Let's say they indeed decided to include something in the code submitted. It's an open source project, and it is a just matter of when someone will catch that. Once someone catch that, it gives them nothing but material evidence that they are up for something there. (and for that matter, it's not that every Linux users will have SELinux enabled to begin with.)

[AsymetricCom]

That's why you put it in binary drivers or protocol libraries, where nobody looks anymore.

[unsignedint]

Exactly, so it's not so productive for NSA to tinker with SELinux just to get their trojan in the gate.

IMNO, hardware backdoor on the processors is a bit skeptical, though. I'm no expert on this but I don't know how easy to even exploit this type of backdoor without an assistance from the OS kernel. (Which MS might have implemented somehow.)

[beagle3]

If properly done in hardware, it needs no help from anything. Think about CPU "data breakpoints" - breakpoints that trigger if a specified if a specific value gets written to a specific range.

It's really a no-brainer to make such breakpoints that watch data in memory or registers that will be triggered by (e.g.) just processing a specific DNS packet.

[unsignedint]

Yeah, I suppose. I thought it'd be a bit more challenging to get the data out. I suppose they could do drop and retrieve, or attach some air-interface, etc.

[Myrth]

Chillax man, what FUD? I posted a link to a pretty balanced article that doesn't claim anything, just raises questions. Read the last paragraph.