Bonum Certa Men Certa

SELinux is Security-Vulnerability-Enhanced Linux, Developed by NSA (Now With All References to the NSA Removed by IBM/Red Hat)

posted by Roy Schestowitz on Jan 18, 2024

Vintage soldier with coffee

Reprinted with permission from Ryan Farmer.

Latest Round of Xorg Vulnerabilities Added Recently and Some Don’t Work Without SELinux Turned On.

The latest round of Xorg (X11) vulnerabilities to be patched were added within the last several years.

Out of half a dozen, the oldest ones were added in 2006, but many in 2011, 2012, or 2014.

Many of the defects might have been added by Red Hat employees.

They don’t specify which revision added them, only the release, however, Red Hat likes to complain that they’ve had most of the maintenance burden of Xorg “for years now” whenever the topic of Wayland, which doesn’t really work productively, comes up and they have to read the “Xorg is a mess and we have to do something and this is something” spiel.

This is the company that tells us we need to use Wayland, and which is mainly responsible for Wayland, which breaks everything and makes my computer impossible to use productively until I run the X11 session.

Honestly, Wayland is so f***ed that it causes more graphical glitching, session crashes, and power management issues and other annoyances than X11, which were supposedly the list of reasons X11 had to go, plus it also has no concept of screen savers, so I can’t use XScreenSaver with it. I’ve written a lot about why Wayland is in no sense of the word ready.

Jamie Zawinski said he no longer maintains XScreenSaver for the practical reasons we used to use screen savers for (to prevent burn in, although LCD/LED panels can still burn in).

For years now, the “Environmental Protection Agency” (Employment Prevention Agency) has been a party-pooper requiring the screen to turn off regardless of what the user wanted, because we need MOAR POWER to charge Teslas which won’t charge when it’s cold outside, or something. Or to “SAVE THE PLANET!” because of the sheer arrogance that the people responsible for overpopulation and environmental destruction are going to save it if the computer uses three watts less.

I think the real policy issue with IBM/RH’s war on screen savers is that a world dominated by mega-corporations has no use for art, or a well-educated public, or people who can think for themselves to any meaningful degree.

I don’t even have bizarre hardware, and Wayland is a big shitpile. Intel was promoting Wayland heavily and it doesn’t even work quite right on Intel’s graphics chipsets.

The only thing Wayland accomplished (Mission Accomplished) was stop and make everyone reinvent the wheel to the point of not getting much else done, just so that their software would do what it already did, with implementation gaps that are “not in scope” and reimplementing the same feature in different code (with different quirks) depending on which compositing manager your desktop environment runs in.

Two of the security vulnerabilities (CVE-2024-0409: SELinux context corruption and CVE-2024-0408: SELinux unlabeled GLX PBuffer) don’t work at all unless the user is running with SELinux turned on, which Fedora and Red Hat Enterprise Linux do.

SELinux is such an ungainly mess that it’s hardly possible to understand, and Fedora bumps the selinux-policy all the time because it’s still managing to cause a lot of trouble even more than two decades in.

Now it is actually adding security problems through the “security” policy for the X Server.

A while back, SELinux was patched to remove references to the United States National Security Agency, which originally wrote it. The Agency likes to spy on the entire world and “accidentally” bulk-collect data about Americans, or “incidentally” collect it, and then look at the data, with only a secret court that basically only ever says yes to them supervising it.

Stephen Smalley updated his email address and "debranded" SELinux from "NSA SELinux" to simply "SELinux".  We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense.
-Linux Kernel Mailing List

Ah yes, which community would that be? The Intelligence Community? IBM/Red Hat? Those are really the only people who have a lot of interest in SELinux. Most non-RH distributions don’t even have it or don’t even have any sort of “security modules” loaded by default, or use AppArmor.

I haven’t seen any evidence that there are major security problems that SELinux is saving real people from. It ticks a box, and in this case, it managed to make Xorg even worse just by being turned on. If IBM/RH cared about security, they wouldn’t be telling people to use RH in Microsoft Azure and AWS where the data breaches keep happening.

I’m just not sure this monthly panic about Xorg bugs is “organic”. Actually, it’s getting pretty Groundhog Day-ish.

I mean, the issues are being fixed. Lots of software has an old and complicated codebase that is difficult to understand and the source of constant bugs.

Also, some of the prior hysteria pointed out that some dated back into the 1980s and 1990s. (Windows routinely has security vulnerabilities this old and no big deal is usually made about them.)

By this example, we should delete Mozilla Firefox and even Linux itself because they too tick all those requirements for not being “secure”, or “modern” or something.

“Secure” and “Modern” are increasingly marketing buzz words, which translate to “Heinously bloated” and “under the control of someone else”, counter-respectively.

Typically, when someone starts throwing those words around to the point of abuse, I just start tuning out.

As always, patch your software. Nothing to see here.

Other Recent Techrights' Posts

Investigative Journalism Protects Society From Corruption, Crimes Against Women, Assaults on Civil Society
"what is the point of men doing military practice to defend a system that is so rotten?"
Swiss pimp usurping reputation of legendary Tissot boss Francois Thiébaud from France (BaselWorld, SWATCH Group SA)
Reprinted with permission from Daniel Pocock
Paris 'Love Nest' & Debian Outreachy: from Lycée Lakanal to ENS Cachan, Cr@ns, nepotism
Reprinted with permission from Daniel Pocock
Richard Stallman to Give Public Talk in 3 Hours, Then in the Technical University of Munich (Germany) Next Week
Richard Stallman at TUM on 21.10.2025 18:00, MW2001
Leaks and Whistleblowers: Our Plan for Today
Society simply cannot advance when too many people self-censor
 
The EPO's War on Techrights Was a Massive Mistake
The EPO started the SLAPPs after we had published a few hundreds of articles; we've since then published close to 6,000 because the attacks on us emboldened insiders to help us
General-Purpose Computers to Become Growing Area of Coverage
Without them, we have little left for controlling our lives
"They missed a great opportunity to shut up." -Jacques Chirac
Brett Wilson LLP has been trying to cheat the legal system many times
Harassment evidence: Switzerland, overcrowded fitness and yoga centers, incompetence and racism in accident response
Reprinted with permission from Daniel Pocock
Vincent Danjean & Debian NXIVM collateral, blackmail risks
Reprinted with permission from Daniel Pocock
In Sweden This Past Friday Richard Stallman Explained Why Copyleft is Important
And he didn't have to 'bash' BSDs, either
Dystopian Trends in Technology Make Richard Stallman More Relevant Than Ever
It's good to see him attracting vast audiences
IBM Layoffs Due to a Lack of Money and Company Debt Rising by Almost 10 Billion Dollars in 6 Months
IBM didn't buy Red Hat for any ideological reasons; it was a fast "cash grab" for revenue
Forbes Already Stopped Being a News Sites. Now It's a Spam and Propaganda Platform for "Paying Partners" (Companies).
news from Forbes became very scarce
Is the Second-Largest Institution in Europe (EPO) Gradually Becoming More Like a Sweatshop?
Underpaid, unqualified, inexperienced and incompatible people are already recruited to replace veteran examiners
The Register MS Has No FOSS Coverage Anymore
The Editor in Chief is like a Microsoft plant
Links 13/10/2025: "Toasty Subwoofer" and WiFi Speakers "Are About To Go Dumb"
Links for the day
Gemini Links 13/10/2025: iNaturalist and Tove Jansson’s Moominpappa at Sea
Links for the day
Microsoft Does Not Deny That Large Retailers Like Walmart, Costco and Target Are Giving Up on XBox (and Not Stocking It)
No doubt XBox is in trouble and rumours suggest that more mass layoffs are imminent
We'll Encourage Richard Stallman to Talk About Software Patents at the EPO Next Week When He Visits Munich (EPO Headquarters)
Go listen to Richard Stahlmann
Arnaud Parreaux lost case defending rogue employer
Reprinted with permission from Daniel Pocock
Mathieu Elias Parreaux declared bankrupt in Switzerland
Reprinted with permission from Daniel Pocock
Breakdown of the Rule of Law and Patent Law in the European Union (EU)
The EPO cannot recruit suitably qualified patent examiners this way, let alone retain them
Gemini Links 13/10/2025: Good Films, Wizard of Earthsea, Upgrading the Steam Controller's Stick
Links for the day
It's Not Justice When One Side Denies the Other Side the Ability to Even Speak
At this stage, Brett Wilson LLP is in my humble opinion acting in contempt of the Court
Links 13/10/2025: Australian Catholic University Uses Slop to Libel Students, Canada Threatens to Kill Beluga Whales
Links for the day
How Not to Silence Tux Machines (It'll Only Backfire, Badly)
defending Microsoft while attacking this site
Slopwatch: UbuntuPIT and Google News
It seems abundantly clear that Google News and Google in general participates in the slop epidemic
Vincent Danjean (not INTERPOL), Claire Bardel & Debian pregnancy cluster
Reprinted with permission from Daniel Pocock
Christmas lynchings: Martin Krafft (madduck), Penny Leach (mjollnir) & Debian pregnancy cluster
Reprinted with permission from Daniel Pocock
Gemini Links 13/10/2025: Birthdays and "Committee Unable to Contact Nobel Prize Winner"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 12, 2025
IRC logs for Sunday, October 12, 2025
The Same People Who Attacked Richard Stallman (RMS) Are Attacking Daniel Pocock to Discourage People From Listening to His Information
Pocock is being demonised for the same reasons and by the same people who attack RMS
Your Typical Anti-Richard Stallman (RMS) Cancellist
"About the RMS cancellation"
Richard Stallman (RMS) Has Announced His Talk in Rome Less Than 20 Hours in Advance (and on a Sunday)
Why did he wait until the night before?
We Are Safe in a Modern "Tech" Society, Right?
People are safer if they control their own computing
GNU Tools Cauldron Event in Portugal: Videos Now Available via Invidious
Go have a look
The Way Things Are Going, They May Soon Stop Saying "Web Address" and Instead Say "Chrome Address"
The Web isn't built or based around open Web standards anymore. It's centered around user-agent.
Microsoft as a Golden Cage
"I was laid off by Microsoft and can't find a job. I'm weeks away from giving up my apartment and moving across the country to live with family."
Weekend Discussion About How IBM's Bluewashing of Red Hat Will Cause "Enshittification" for Users
"I worked at a software company that was acquired by IBM so I knew it was game over for RedHat the day they were acquired"
Brett Wilson LLP Getting Sued by Its Very Own Clients, a Legal Story That Has Made the Mainstream News (Law360)
Law360 or Law.com are about as mainstream as one can get in that "sector" (litigation 'industry')
Slopwatch: GNU/Linux Sites That Became Slopfarms and Spamfarms
The Web is a mess and "Linux" or "Ubuntu" sites became part of the problem
Richard Stallman's Talk 25 Hours Away, Aula Magna Palazzo del Rettorato (CU001), Sapienza Università di Roma (Piazzale Aldo Moro, 5)
The talk is 25 hours away and we see some QR code for it
Gemini Links 12/10/2025: Watches, the Depression of 2026, Gamboling with Odds
Links for the day
Links 12/10/2025: 'False' DMCA Claims and Slop Facing Perils Again (the Hype Wears Off)
Links for the day
Microsoft Has Just Lost Privacy Case in Austria and Its Latest Moves Make a Complete Ban Seem Imperative
Microsoft is not a software company, it's a spying agency that uses software to collect data
The Register MS: Microsoft is the Security Expert, Not the Prime Culprit, So Buy More Microsoft
This front page feature is devoid of any actual substance, it's just Microsoft copypasta
Stefano Zacchiroli (Zack) & Debian pregnancy cluster
Reprinted with permission from Daniel Pocock
Lucas Nussbaum & Debian pregnancy cluster
Reprinted with permission from Daniel Pocock
Gemini Links 12/10/2025: "Palm Computering", Further Exploration of Slide Rules, and Key Takeaways from The Well-Grounded Rubyist
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 11, 2025
IRC logs for Saturday, October 11, 2025
Tomorrow: Founder of the Free Software Foundation and of GNU/Linux, Richard Stallman, Speaks in Roma (Rome), Italy at 4PM
GNU/Linux is more important than ever in this dystopian world
Microsoft and Apple Are Rare Topics in Geminispace
in Geminispace it's rather safe to assume everyone is into BSD, GNU/Linux, and sometimes retro
Qualcomm and Manchester United Appear to Have Dumped Microsoft (Qualcomm Now Invests More in Linux, Apparently)
It's a relief to no longer see Microsoft logos and brands on a local football club's gear (I'm not a Manchester United fan, but not a foe either)
As Guest of Honour in Rome, Founder of the Free Software Foundation to Speak ("Distinguished Lecture") After Introduction by Leonardo Querzoni
Happy hacking...
All Things Open is Proprietary
The OSI has become a front group of proprietary software openwashers, led and sponsored by proprietary giants
When Microsoft Lays Off Lots of Workers They Say It "Invests in AI" (a Lie), Now It's "Reshuffles" or "Microsoft Tightens"
Microsoft "news" by bots
"I saw Richard Stallman give a talk in the mid 80s, which began my fear and loathing of software patents" and "Richard Stallman was always right."
"By betraying the legacy of our ancestors, we’ve set ourselves on a path toward self-destruction — moral, intellectual, economic, and ultimately biological."
There Were Several Waves of Microsoft Shanghai Layoffs in 2025, Western Media Continues to Turn a Blind Eye to Chinese Layoffs of an Epic Scale
Sometimes select Taiwanese news sites (published in English) or automated translations are all we have
Brett Wilson LLP Spreads Trumpism to the United Kingdom, Looking to Profit From 'Legal Colonialism' (Overriding Sovereignty)
There's growing recognition of this conundrum worldwide
The Demise of Shopping in Person
In a world like this, how valued is the customer?
This Past Friday, "Nearly 700 People Came to Listen to RMS!" (Richard Stallman)
"Nearly 700 people came to listen to RMS!"
Distinguished Lecture by Richard Stallman This Coming Monday in Rome
After "Free software, Crucial for Freedom in a Digital World"
Slopwatch: UbuntuPIT Churning Out Plagiarism and the Slopfarm LinuxSecurity Turns to Pseudonyms
Our hunch is, UbuntuPIT will sooner or later realise that this toxic approach is just harming UbuntuPIT and tainting the reputation of past articles
The Lawsuit by Clients of Brett Wilson LLP Against Brett Wilson LLP is Officially On, It is Progressing, The 'Experts' Pick Outside Law Firms (RPC and Mills & Reeve) to Spare Them From Litigants in Person
So it is probably quite potent
Gemini Links 11/10/2025: Nyctography, Gerrymandering, and Lurking
Links for the day
The 'Culture Wars' in Free Software Have Gone Out of Control
Social control media amplifies such utterly infantile discourse
Teaser: To Compensate for the Fact Our Clients Are Terrible Human Beings Who Strangle Women (While on Microsoft's Payroll) and We Get Paid by Mystery Parties We Bombard You and Your Wife With Almost 10 Kilograms of Legal Papers
If you can't win an argument, then drown the other side with papers?
Links 11/10/2025: World Mental Health Day 2025, Another European Legal Defeat for Microsoft 360
Links for the day
MIT Technology Review is Part-Time SPAMfarm of Billionaires and Mega-Corporations
Does MIT operate its own "b2b" SPAMfarm?
Open Source Initiative Executive Director Leaves, Replacement Sought by Monopolists, Not the Community or OSI Members
Serves to show who runs this show...
Links 11/10/2025: China-US Tensions Grow Again, "Hey Hi" More Widely Recognised as Bubble Made of Capital That Doesn't Exist
Links for the day
Now Confirmed in Western Media: Microsoft Azure Layoffs This Month
Affirmed by more sources moments ago
Peter O'Callaghan QC represented grandparents, Westernport Hotel, at Liquor Royal Commission
Reprinted with permission from Daniel Pocock
Either The Register MS Divests From FOSS Coverage or Liam Proven is on Long Holiday
Publishers perish when their audience loses trust in them
Microsoft Cancelling Another Datacentre is a Sign of Financial Trouble and Lack of Growth
The debt continues to grow
Gemini Links 11/10/2025: An Evening at the Fair and Fast Fourier Friday
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, October 10, 2025
IRC logs for Friday, October 10, 2025