Bonum Certa Men Certa

SELinux is Security-Vulnerability-Enhanced Linux, Developed by NSA (Now With All References to the NSA Removed by IBM/Red Hat)

posted by Roy Schestowitz on Jan 18, 2024

Vintage soldier with coffee

Reprinted with permission from Ryan Farmer.

Latest Round of Xorg Vulnerabilities Added Recently and Some Don’t Work Without SELinux Turned On.

The latest round of Xorg (X11) vulnerabilities to be patched were added within the last several years.

Out of half a dozen, the oldest ones were added in 2006, but many in 2011, 2012, or 2014.

Many of the defects might have been added by Red Hat employees.

They don’t specify which revision added them, only the release, however, Red Hat likes to complain that they’ve had most of the maintenance burden of Xorg “for years now” whenever the topic of Wayland, which doesn’t really work productively, comes up and they have to read the “Xorg is a mess and we have to do something and this is something” spiel.

This is the company that tells us we need to use Wayland, and which is mainly responsible for Wayland, which breaks everything and makes my computer impossible to use productively until I run the X11 session.

Honestly, Wayland is so f***ed that it causes more graphical glitching, session crashes, and power management issues and other annoyances than X11, which were supposedly the list of reasons X11 had to go, plus it also has no concept of screen savers, so I can’t use XScreenSaver with it. I’ve written a lot about why Wayland is in no sense of the word ready.

Jamie Zawinski said he no longer maintains XScreenSaver for the practical reasons we used to use screen savers for (to prevent burn in, although LCD/LED panels can still burn in).

For years now, the “Environmental Protection Agency” (Employment Prevention Agency) has been a party-pooper requiring the screen to turn off regardless of what the user wanted, because we need MOAR POWER to charge Teslas which won’t charge when it’s cold outside, or something. Or to “SAVE THE PLANET!” because of the sheer arrogance that the people responsible for overpopulation and environmental destruction are going to save it if the computer uses three watts less.

I think the real policy issue with IBM/RH’s war on screen savers is that a world dominated by mega-corporations has no use for art, or a well-educated public, or people who can think for themselves to any meaningful degree.

I don’t even have bizarre hardware, and Wayland is a big shitpile. Intel was promoting Wayland heavily and it doesn’t even work quite right on Intel’s graphics chipsets.

The only thing Wayland accomplished (Mission Accomplished) was stop and make everyone reinvent the wheel to the point of not getting much else done, just so that their software would do what it already did, with implementation gaps that are “not in scope” and reimplementing the same feature in different code (with different quirks) depending on which compositing manager your desktop environment runs in.

Two of the security vulnerabilities (CVE-2024-0409: SELinux context corruption and CVE-2024-0408: SELinux unlabeled GLX PBuffer) don’t work at all unless the user is running with SELinux turned on, which Fedora and Red Hat Enterprise Linux do.

SELinux is such an ungainly mess that it’s hardly possible to understand, and Fedora bumps the selinux-policy all the time because it’s still managing to cause a lot of trouble even more than two decades in.

Now it is actually adding security problems through the “security” policy for the X Server.

A while back, SELinux was patched to remove references to the United States National Security Agency, which originally wrote it. The Agency likes to spy on the entire world and “accidentally” bulk-collect data about Americans, or “incidentally” collect it, and then look at the data, with only a secret court that basically only ever says yes to them supervising it.

Stephen Smalley updated his email address and "debranded" SELinux from "NSA SELinux" to simply "SELinux".  We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense.
-Linux Kernel Mailing List

Ah yes, which community would that be? The Intelligence Community? IBM/Red Hat? Those are really the only people who have a lot of interest in SELinux. Most non-RH distributions don’t even have it or don’t even have any sort of “security modules” loaded by default, or use AppArmor.

I haven’t seen any evidence that there are major security problems that SELinux is saving real people from. It ticks a box, and in this case, it managed to make Xorg even worse just by being turned on. If IBM/RH cared about security, they wouldn’t be telling people to use RH in Microsoft Azure and AWS where the data breaches keep happening.

I’m just not sure this monthly panic about Xorg bugs is “organic”. Actually, it’s getting pretty Groundhog Day-ish.

I mean, the issues are being fixed. Lots of software has an old and complicated codebase that is difficult to understand and the source of constant bugs.

Also, some of the prior hysteria pointed out that some dated back into the 1980s and 1990s. (Windows routinely has security vulnerabilities this old and no big deal is usually made about them.)

By this example, we should delete Mozilla Firefox and even Linux itself because they too tick all those requirements for not being “secure”, or “modern” or something.

“Secure” and “Modern” are increasingly marketing buzz words, which translate to “Heinously bloated” and “under the control of someone else”, counter-respectively.

Typically, when someone starts throwing those words around to the point of abuse, I just start tuning out.

As always, patch your software. Nothing to see here.

Other Recent Techrights' Posts

European Patent Office (EPO) Series: Czech Mate: EPO Kingmaker or Merely a Pawn in the Game?
recent "missions" of the EPO President
SLAPP Censorship - Part 131 Out of 200: A Big Win for the Media in the United Kingdom (UK) Today
In a democratic society the Right to Know, which is closely connected to freedom of the press (or what one might label "blogging" or "blag"), comes above all else, except where there are lives being put at risk
IBM's Fedora Plans to Integrate Slop Into "Fedora Workstation as a Default Feature."
IBM does not care whether the community wants this or not
The Media Talks a Lot About XBox Layoffs, a Closer Look at the Data Shows Microsoft 'Bloodbath'
'Bloodbath' is the term insiders use
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 07, 2026
IRC logs for Tuesday, July 07, 2026
Links 07/07/2026: Microsoft Cuts Doom "id Software" and Turkey Detains Journalists
Links for the day
Gemini Links 07/07/2026: Old Computer Challenge (OCC) and Hardware Tests
Links for the day
A Break From the Routine
What matters is what whistleblowers keep feeding information to us
SLAPP Censorship - Part 132 Out of 200: When You Cannot Pay a Million Pounds (1,335,520.00 United States Dollar) to Lawyers But Have a Strong Community
Techrights compensates for its fiscal poverty with a wealth of community spirit
Fame is Not the Goal
"Fame" kills
Mental Health in Free Software Communities
clearly there is a subject that merits debate and it ought not be a taboo anymore
The Era of Sponsored Spam
There is no "era of AI", there is era of BRIBES to PRETEND there is an "era of AI"
Gemini Links 07/07/2026: Cleaning, Old Computer, and More
Links for the day
Links 07/07/2026: Le Monde Combats LLM Slop Plagiarism, "ACLU Launches Largest Ever Midterm Electoral Program"
Links for the day
Extremism in the Free Software World is Mostly a Myth
Only the firm belief that justice applies to all will produce a just society
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 06, 2026
IRC logs for Monday, July 06, 2026
Links 07/07/2026: Kernelized Secure Operating System (KSOS) and "Exploiting Thoughtcrime in LLMs"
Links for the day
SLAPP Censorship - Part 130 Out of 200: Jealousy, Envy, Hubris
This site is primarily about Free software
Gemini Links 06/07/2026: Still Mostly Dry, GoToSocial, and More
Links for the day
European Patent Office (EPO) Series: Effective Dispute Resolution… But Not For EPO Staff
Slovenia fielded one of the few Administrative Council delegations which managed to maintain its own independent line against the tyrannical EPOnian "Sun King"
Community Sites Need Genuine Collaboration and True Autonomy
People who want to communicate, federate and organise for effective change need to evolve
Free Software Foundation (FSF) Covers Quibble, Free Software for Secure Communications, in the FSF Summer Bulletin
The Georgia Tech folks are bringing Free software education and contributions to one of the better known Computer Science hubs in the US
Microsoft Layoffs Include Windows, Bing, Slop (CoPilot etc.) and There Will More More Rounds (or Waves) to Come
"43% of Xbox laid off"
Obscene Contradiction in Microsoft's Layoffs Tally ("Official" Numbers Do Not Add Up)
Notice how they treat "LinkedIn" as separate
Preserving Comments About the Real IBM Before They Get Deleted
IBM in the 1980s is not what it is right now
Cybershow on "Escaping Prisons For Your Mind"
"THE CYBER SHOW: Stealing technofascism's boots, and stomping on its own face with them."
Links 06/07/2026: At Least 20% Staff Reduction in XBox (Microsoft), Taiwan Sees Uptick in Chinese Aggression/Provocation, Senator Rodante Marcoleta Arrested
Links for the day
Confirmed: Microsoft Layoffs Come in Two Waves, Just Like Last Summer
To us, what stands out is the admission from Microsoft that there are two (or more) waves
In Praise of the UK's Stance on Free Speech (but Some Reservations)
At the moment there is a healthy discussion going on with the objective of disrupting attacks on British press
Exposing Corruption at the European Patent Office (EPO), a Call for More Whistleblowers
We predict that, provided enough whistleblowers speak out, António "the unready" won't even finish his current term
Leaving Our Pets for Several Days
This week our pets will be worried that "mommy and daddy" are away
Dating Trees and Dating 'Apps'
several high-profile stories in the news about scandals in "dating apps"
DW Documentary About Julian Assange Turns 2
It was released just days after Assange had turned 53 and about two weeks after he had left the UK
Independent Media is the Only Form of Legitimate Media
Independent media is, indeed, what we need to demand more of
The Story of the European Patent Office (EPO) Wagging the Dog (EU)
The aim of the series is to properly inform the world - not just Europeans - how Europe's second-largest institution is run [...] How did a corporate hub of monopolies become so detached from the Rule of Law?
GNU/Linux Up to New High in Libya, Windows Down to All-Time Low
GNU/Linux touches 5% there, based on statCounter
Links 06/07/2026: Artists Reject Slop (or Even de Facto Bribes to Market/Endorse Slop)
Links for the day
SLAPP Censorship - Part 129 Out of 200: Iranian Tactics
Hunger for revenge compels people to do overzealous, irrational things
Quiet Week
Many in the US are still enjoying an extended weekend
The Media Needs to Speak of Slop as a Climate Issue Like It Did With Bitcoin
But the slop industry keeps paying the media to play along with the hype
IBM's Fall
IBM's fate is closely connected to that of the Free software movement because of the salaries
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day