Systemd and SELinux: Safe?

Isaac

2 minutes

Hardware security padlocked circuit

In recent years there have been some important changes in many GNU / Linux distros such as the integration of the new systemd boot system, of which we have already spoken on several occasions and that has brought tail and guaranteed controversies. Therefore, it has divided many developers and also many users who are in favor and others against this new system, as is always the case with everything. It never rains to everyone's liking ...

Another rugged issue that also has its detractors and its faithful is the issue of the security module SELinux, to create rules to protect the distribution and to compete with AppArmor directly. However, SELinux has had the NSA involved in its development and this raises doubts among many users and experts. Why would a burglar who is dedicated to breaking into homes sell you a good lock? This is what many of SELinux think, why does the NSA that needs to penetrate computers for its espionage work help you protect your computer from attacks?

Many think that SELinux could have backdoors that help the NSA to have immediate and seamless access to any equipment or server that implements it, while on the other hand they block the way to other attacks by fulfilling the real work for which it was created. Others do not agree very much with the security of systemd to implement it on servers and this is where the great doubt arises.

Among the most disturbing changes to Linux in the last decade has been the introduction and extensive integration of the systemd boot system into Linux. Precisely this has been debated in the Core OS Fest which was held this past week in Berlin. Where Lennart Poettering, one of the main developers of systemd made a keynote speech defending systemd as a secure system for servers, but was against SELinux. Despite being an employee of Red Hat, a company that is behind SELinux together with the NSA, he said “he did not understand it. […] There are probably 50 people in the world who understand SELinux policies ”.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Rolo said
    ago 8 years

    I can't understand what the security risk of systemd is, and on selinux it is supposed to be a program under a free license, and because it is developed by the nsa, it has the eyes of the developer community on it.
    It is one thing for it to be difficult to understand or configure its rules and another for it to be insecure

    Reply to rolo