Re: A modern hero
@Yet Another Anonymous coward
The difference is the SELinux isn't encryption. It's MAC (Mandatory Access Control). There is no complex math involved. Other than the policy itself, it's relatively simple "does x have permission to do y?" And if you don't trust the US Govt sponsored encryption, try looking at some of the alternatives that have been put forward. e.g. the submissions put forward for examination in the SHA-3 contest, such as the Skein hash proposed by Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas and Jesse Walker. You don't have to rely on govt. sponsored encryption. And even then, if you know what you're doing it's probably not as bad as you think. The md5 password hash designed by PHK took a fast hash function (md5) and made it more secure for use as a password hash by putting it through the hash function a number of times with a bit of math between each turn through the hash function. This increases the computational power it needs to generate the hash and the time it takes to brute force it. It may still end up being mathematically week, but the more complexity you add into the hash generation the longer it takes researchers to develop the attacks. Ever increasing CPU power is likely the biggest threat as it becomes more reasonable to brute force crack the passwords.
And if you don't trust SELinux, look at TrustedBSD or the new Capsicum framework being worked on for FreeBSD.
You're right, FOSS isn't automatically safe. The number of vulnerabilities found on FOSS web applications proves that, and is rather depressing that we're still getting it wrong fairly frequently. However it does mean that when problems are found, they can be fixed without waiting <N> months for a vendor to bother to acknowledge the problem and then release the patch. If the maintainers don't release a patch in a timely fashion, someone else will.