Slashdot Mirror
NSA Linux In Depth
deran9ed writes "Folks over at IBM have an article explaining the intricacies regarding the NSA's SE Linux distribution. Included in the article, are the inner workings of the operating system. its features, design architecture. Definitely a nice article for Linux users (especially SE Linux users). Full The review is in IBM DeveloperWorks."
An alternative view:
... why the fuck are they even *WORKING* at the NSA?
The NSA don't give a crap.
NSA's Linux distro is just a result of some enterprising hackers on the periphery of the organization who are bored and happen to have some free time on their hands.
It's a joke, more than anything else, for people of their ilk - I mean come on
A continuation of the altering theme:
There are far *worse* ways for them to know what's going on in your head than by monitoring electronics in the form of computers.
(Views are infinite.)
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
I'm as wary as the next guy of the NSA's actions, and their secretive behaviors don't seem to jive with the spirit of the GPL. But since they're going to use an operating system and not release all their modifications (though so far, they've supposedly done so with SE Linux), they might as well do it with Linux.
If they find some fundamental flaws with Linux generally, they'll still release fixes, albeit anonymously. Anyone remember how they fixed DES against an exploit not publicly known until many years after the fix? Same thing.
And while we might not like the NSA, we can't pretend we'd rather they be open to all the exploits that plague other operating systems. Attack them at the Congressional level, but don't compromise our national integrity by attacking them at the client level.
If you check copyright law, government isn't bound by it. NSA is a government organisation
So, your theory is that government offices just buy zillions of copies of MS Office to support the economy? The idea that Bill could press charges for piracy is irrelevant?
SHHHH, it's one of those clever NSA hacks hiding in plain view.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Well, the NSA is made up of a lot of people, and I'm sure that many of them feel that they shouldn't have done this, while others felt that they should have.
As for me, It's an overture to the Open Source movement, and I appreciate it.
The government always had a weak argument with the four horsemen stuff (terrorists, drug dealers, child pornographers, and some other threat I can't remember). The problem is that Bin Laudin would have strong crypto no matter what. RSA was published in Scientific American back in the late 70's, it's not a big secret. People with resources and incentives to use strong crypto can get the job done on their own.
Releasing this software isn't going to give any terrorists any fundamental capabilities they didn't have already, and not releasing it wouldn't have made the NSA's deteriorating situation with respect to surveillance any better. And who knows, maybe this will give us safer ecommerce systems.
So let's give them credit for choosing rationality over political hype, rather than rubbing their noses in that same old hype.
Also, I'm not sure how you're comparing Linux SE with OpenBSD. They're different animals. Linux SE is a kernel with added functionality that makes it possible to implement certain kinds of access controls. OpenBSD is an audited BSD in a small BSD with integrated crypto tools. I don't think it can do what Linux SE was designed to do, and I know that Linux SE doesn't claim to have the audit against buffer overflows. In the article they quoted the NSA guys talking about why they felt an encrypted FS was beyond the scope of their project.
For the last 10 years I've been reading NSA flames on the net. They did something good here. I think it's great, and I hope they continue to move in this direction.
One option: hide the vulnerability in gcc. That could create massive problems in all *kinds* of operating systems.
ObJectBridge (GPL'd Java ODMG) needs volunteers.
Finding God in a Dog
That's actually easy - just read Reflections on trusting trust by Ken Thompson. This paper is absolutely recommended reading, and was groundbreaking when first published in August 1984. It's also one of /.'s top ten hacks of all time... Of course it would only work if your NSA Linux code was compiled on a system running NSA Linux from binaries, but that would probably apply a fair amount of the time.
If you think about it, it really doesn't matter who has seen the source for a truly secure kernel. If I'm using a secure OS, I won't care who knows how it works because I'm confident they won't get in. The fact that they released the source speaks very well for the NSA's confidence in their OS. They think people will read the source and still be unable to get in.
I briefly scanned the article and they said their goal was not to help out with any of that. But with access control mechanisms in the kernel.
Basically what they are doing is ACL improvements.
Nothing to do with encrypting communications.
Okay, so you're saying derivitive works by the gummint lose whatever copyright they originally had? Are you sure that's what you mean?
I thought works produced by Government Agencies were not permitted to have a copyright. Thus, any work that the NSA does on Linux falls into the Public Domain. Can work in the Public Domain co-exist with code under the GPL? Or does that not apply in this case?
I'm also wondering about the legal status (under Copyright) of advancements made by NASA for Linux.
The spooks knows that alot of people assumes that this release contains hidden backdoors and will look for it. The spooks also expects that if anyone finds the backdoor they will cry Wolf on the Internet and get credited for revealing the nasty backdoor.
Surpise, there are no intentional backdoors in this code. The spooks now gets a very cheap audit from the Worlds top security experts. This is probably what they want since they probably are using some equivalent code in very sensitive systems running the World.
If someone finds the non existent 'backdoor' the spooks will just correct the real world system in a heartbeat and be thankful for the audit. The guy finding the 'backdoor' might even get a good job offer.
//Pingo
--- Linux or FreeBSD, it's like blondes or brunettes. I like both. ---
Isn't this akin to the same kind of thing that happened to all the DSS hackers/crackers not too long ago? I mean, they could see the bits of code that Hughes was sending out to thier cards - it wasn't until the final piece got inserted did they find out the "surprise".
Who says the same sort of thing hasn't happened with the kernel changes? Perhaps they are all, or nearly all in place, waiting for that last bit to open it up? Or maybe they will be delivered as patches, until the right moment. I'll admit that it should be very hard to do such a thing in an open source system, but that doesn't make it unlikely.
Worldcom - Generation Duh!
Reason is the Path to God - Anon
Pretty damn easily actually. Just look for a bit of code like:
for (i = 0; i < BUF_LEN; i++) {
do lots of junk
}
and add the code:
for (i = 0; i < BUF_LEN; i++) {
do lots of stuff
if (buf[i] == '\n') {
buf[++i]=0;
break;
}
do lots of stuff
}
it looks like it belongs, but if the \n is at the end of the buffer it will result in a one byte overflow. If the one byte it overflows is the frame pointer (which you can rearrange the declarations to make it so) you can perform a one byte overflow and execute arbitary code.
How we know is more important than what we know.
it would be good. Sorry, I cant find the name of the person I'm quoting. He is a professor doing research into the neurological function of art apprication. He is indian (I think) and focuses a lot of his research on hindu art. I wish I could remember his name.
How we know is more important than what we know.
*shrug*
Only if they wanted to distribute the distribution outside their organization. They could have kept everything internal, instead.
Only the dead have seen the end of war.
I find it funny that everyone is so suprised that the NSA has released the source code. Under GPL, don't they have to release the source code?
The author of the article states : If you haven't been following the cryptography area lately, let me assure you that this action by the NSA was the crypto equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers.
Ah, but what makes you think the compiler is intrinsically compromised? Sure you might compile X program but then lets say the compiler doesn't see the Y string of code in it so it puts it in. You go to rewrite that compiler but the compiler you're compiling the compiler with is tainted; it'll just redo that new compiler as well forcing you go to back to the very beginning. I think it was Bill Joy who wrote something like that.
The reason why the NSA did this is for many reasons.
So all in all this can be seen as a good thing. If the NSA is really trying to make it so their are backdoors in every Linux installation they have a LOT of eyes to get through to slip it past.
----
Just remove the spaces and do the intelligent thing to email me.
I liked this quote:
I'm glad the NSA wasn't fooled by Netscape's pretty exterior.
Reflections on Trusting Trust by Ken Thompson.
:)
Just a thought.
The next step is getting applications to live with a strong security model. When "running as root" isn't an option, you have to think carefully about how multiuser services like web servers, mail servers, and such should actually handle security. This is the hard part both conceptually and politically. This is where you find out what security models are liveable. It forces a tough rethink of how security works.
Once you have the services working under a tough security model, then you can go back and really beat on the kernel and the hardware to look for holes in the enforcement of the model. But you have a lot less code to look at than you did when way too much stuff was running as root. And the Linux kernel functionality doesn't change much over time. So there's real hope of getting a secure system this way.
The word buzzword springs to mind for some reason.
Although I suspect it should be possible to intergrate the SEL functionality into the BSD kernel.
The rest of the changes are a number of patches to various user space apps. The SEL bundle, for want of a better words is bassed on a vanilla RedHat 6.2 install. Which I assume is because RedHat is (at least pervieved) the distribution of choice for commercial purposes
I think I strayed nicely from the point there...
--
Yeah, I had a sig once; I got bored of it.
While I do use GNU/Linux on my workstation, I think OpenBSD is by far the most secure OS on the planet and don't see why people insist on using Linux on servers. I'm glad security is on people's minds but why spend oh so many hours locking down a linux box when it takes 10 minutes to completely secure an OpenBSD system. OpenBSD performs just as well as linux, the only drawback is it's use on multiprocessor systems, of which there ally aren't many at all... be
ides, OpenBSD's SMP is in development.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
However, it does not qualify as "hiding an Easter Egg in open source" because it depends on compiling the source with a compromised compiler. The source for the NSA kernel can be compiled with compilers not supplied by the NSA. Unless of course the NSA has been hacking all our compilers for years... *chucka* *chucka* (That is the sound of black helicopters for all you that are conspiracy impaired.)
"Rub her feet." -- L.L.
Not.
I'm saying that the new NSA code isn't GPLd.
I don't beleive that the NSA have decopyrighted Linux. (OTOH the GPL has never been tested in court so you never know.)
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"No. My theory is that works BY the government can't be legally copyrighted, and hence can't use the GPL as protection.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Remember, OpenBSD is about fixing such things as buffer overflows and configuration problems in a stock Unix configuration. SE Linux and Trusted BSD go i a different direction by modifying and augmenting the security model for trust and permissions designed to allow for finer grained, strictly enforced security policies.
No offense to OpenBSD (I use OpenBSD), but the projects are very different. For my use as a development box and workstation, all this ACL and Flask stuff would just be a PITA. On a multi-user system with important information in play, this makes a lot of sense, but will probably take some cluefull admining to implement correctly.
I wonder if, e.g., any web hosting companies will look into this (protect users from each other and the system itself; protect the system from the internet at large) and be able to actually grok it. My webhost are pretty good (hacked parts of the FreeBSD VM system into Linux 2.2, e.g.), but this is security policy stuff can get pretty hairy--getting everyhing to work just right without breaking everything (think about getting a firewall right).
---
In a hundred-mile march,
In the bad old days, people would have said, IBM and NSA in the same article? must be bad news!
But the IBM developerworks zones are hosted and edited by IBM, but provide content composed by non-IBMers for non-IBMers.
Yes, it's a strange thing seeing the NSA release anything, but then, why not? Perhaps they've become more enlightened in Virginny than they used to be. Certainly more enlightened than when Cliff Stoll wrote the Cuckoo's Egg.
A host is a host from coast to coast, but no one uses a host that's close
The rest of that...
"...in fact, we plan to kill you just for asking about it."
Kudos to the NSA!
Nah, I usually only go after anonymous cowards and people with names Bess would block. /. before, Open Source does NOT mean Open Security.
Other than using an older kernel as the base, though, I don't see how this is out of date. If anything, all you're missing are the nifty applications the NSA uses. I believe, but don't quote me on it, that it was "60 minutes" that recently got to take a look at many nifty security tools and devices at NSA HQ. Among them were all your favourites, retinal scanners, hand prints, voice patterns and the ever increasing in popularity, physical recognition scanner.
Besides, as I've argued several times in
"Welcome to level fifteen, Mr. Bond. Please submit to a genetic scan."
I prefer my replies to be shaken...not stirred.
"Yeah...it was the numbers that were irrational, not the murderous cult of vegetarians...." -- Hippasus of Metapontum
NSA Linux: "We could tell you about it, but then we'd have to kill you."
:)
Um... I'm not clicking on that link. Anyone want to cache the page and live to tell about it first?
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
People who think the NSA are up to something shady with this release are being way over paranoid. Come on folks- the source is available to everyone. It would be so embarassing for them to get caught with a backdoor that they would never try it.
:) .
The idea that the NSA is comprised of ONE mind with sinister intentions is just nuts. The NSA is mostly comprised of ordinary people trying to make government systems more secure. Sure some of them are trying to crack codes and working on monitoring equipement but even they think of thier job as "working to catch bad guys".
I would examine the NSA's code because it probably holds some really neat ideas and concepts. I am sure some X-Files fan will probably check it for the back doors anyway
I miss the Karma Whores.
/* All your secrets are belong to us */
It seems to me that this would be double-damned hard in an open source system.
[...]
How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read?
Ken Thompson's discussion of how he did this is available at http://www.acm.org/classics/sep95/. To summarize, I've blindly copied from Ignatius' post in an earlier Slashdot discussion below:
--
"200 Quatloos on the newcomer!" "300 Quatloos against!"
Next time you telnet to a nuclear site computer, try
/usr/local/bin/launch --longitude +60 \
--latitude +55 --number_of_warheads 4
and see if you can destroy my hometown
Wroot
One of the things concerning the NSA's release of SE Linux is, in some instances, they complain that terrorists, and criminals are hindering their (the US Government) efforts to investigate, and or monitor crimes, and they go and release this distribution of Linux.
Think about that for a quick second with an open mind if you will, and look at exactly what was said in this article If things are so bad for NSA officials to keep tabs on terrorists and the way they commit digital crimes in association with their acts, then why would they release an OS that could further help these terrorists hide/secure their data. Sure you can look at this post and claim its a conspiracy of some sort to point out these findings, but lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to have them somewhere down the line be combined in order for the NSA to open a backdoor of some sort.
We all know about the OpenSource arguements and whether or not OpenSource solidifies security, the fact remains, no one has gone line for line on the NSA's code for SE Linux to determine whether or not they've done something shady to hide their underlying actions for creating this OS.
Now back to the OS in general, I would like to see a comparison between say SE Linux vs. OpenBSD, or SE Linux vs. TrustedBSD. Personally I would option for OpenBSD, as Trusted is an overlay for FreeBSD.
Again, one should wonder about the facts, the NSA claims people like Usama bin Laden and Fidel Castro are giving them headaches with technology, and yet they release something which could help them? Typical politics wouldn't you say. Hey, here's some thoughts to consider for NSA naming conventions this millenium.
Newer Stealth Arrangements
Never See Anything
Next Superpower Agency
New Snooping Applications
Nothing's Secret Anymore
/[a-z]['")]*[.!?]+['")]*\s/g) {
while($information =~
$conspiracy++;
}
print "Your $information is filled with $conspiracy theories\n";
Where in the world is SpeedyGrl
360 degrees of Karma
I would think that the best way to hide an "Easter Egg" in openly available code would be not to attempt to hide it at all.
Just because the source is available, doesn't mean that people will examine it, nor does it mean that the people who do examine it are competent to do so. A good example of this is the OpenBSD team. Many people trust that OpenBSD has been audited. Can anyone here give one good reason why this auditing should be trusted, or what qualifies the OpenBSD team to audit the code? Even with the auditing, security compromises have been found in the audited OpenBSD code, as recently as late last year.
This is even more true the larger the system gets. For example, how many people in the world understand, line by line, exactly how the entire linux kernel operates? Even Linus himself doesn't; he delegates code he doesn't find interesting (or doesn't have the time or ability to work on) to other people.
Besides, there are far, far more effective ways to compromise information than a direct technology attack. Sideband attacks, social engineering, tempest readings, bribery, etc. I am of the opinion that the reason the NSA are not as up in arms as they used to be about encryption is that they have other means of obtaining that same information.
I think some here are missing the point. The NSA's mission is to stop terrorists/druglords etc.
They also charged with stoping computer terrorism.
Instead of just trying to intercept the information trail, they are stoping the problem at its source: bad security. By encouraging corperations and govt agenceys to have better security they are saving themselves the headache of tracking down the bad guys that exploit security holes.
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
You're missing two points. The simpler one is that NSA SE Linux is not really about encryption at all; it's about adding mandatory access controls to the system. IOW it's about making the box more secure to attempts to crack it, but has nothing to do with the security of data that's transmitted from the box to the rest of the world. That means that so long as NSA can gather and decrypt the other guys' transmissions, it doesn't matter how resistant their boxen are to being cracked.
The other thing to consider is that NSA really has two missions. One is the one that everyone pays attention to- signals intelligence. The other mission is to help American institutions develop more secure computing systems so that our data is protected, and that's the group that's involved in SE Linux. The two pieces may be nominally part of the same organization, but their structures and goals are very different. The SIGINT branch is very secretive and wishes that nobody knew that they exist. The secure computing part by definition has to evangelize and make its developments as widespread as possible in order to make sure that everyone who's supposed to be protected is protected. With an organization that schizophrenic, you shouldn't be surprised to see something like this occasionally.
There's no point in questioning authority if you aren't going to listen to the answers.
How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read? (Let's call the function an Easter Egg, rather than a back door, because I don't want to encourage anything evil. ;-)
I started down a couple of thought paths, and stopped because they both sounded lame to me. I keep coming up against the problem of getting the source to encode something fishy, without having it smell! Obfuscation is problemmatic, because in my mind it would raise red flags, especially in NSA code.
"Rub her feet." -- L.L.