Slashdot Mirror
NSA Linux In Depth
deran9ed writes "Folks over at IBM have an article explaining the intricacies regarding the NSA's SE Linux distribution. Included in the article, are the inner workings of the operating system. its features, design architecture. Definitely a nice article for Linux users (especially SE Linux users). Full The review is in IBM DeveloperWorks."
/* All your secrets are belong to us */
It seems to me that this would be double-damned hard in an open source system.
[...]
How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read?
Ken Thompson's discussion of how he did this is available at http://www.acm.org/classics/sep95/. To summarize, I've blindly copied from Ignatius' post in an earlier Slashdot discussion below:
--
"200 Quatloos on the newcomer!" "300 Quatloos against!"
Well, that just shows that there's more to security than you realize. OpenBSD may be more secure than other typical Unix-type systems because of its code auditing, it still has all of the architectural problems that Unix suffers from in general- basically that a single broken SUID program compromises the whole system. OpenBSD has had fewer exploits turn up over the years, but when one is discovered the system is just as open to crackers as other Unices.
The goal of SE Linux is to add on mandatory access controls. Mandatory access controls are very powerful, but tend to add a lot of complexity. They add a whole different layer of compartmentalization, so that users and programs simply aren't allowed to do many operations, even if they somehow get root privileges. That's the route to true security, becuase it means that you can maintain substantial system security even if some of your programs are broken or contain Trojan Horses. Try reading some of the documentation about why the NSA sees this as important, and you might learn a bit out making really secure systems.
There's no point in questioning authority if you aren't going to listen to the answers.
Next time you telnet to a nuclear site computer, try
/usr/local/bin/launch --longitude +60 \
--latitude +55 --number_of_warheads 4
and see if you can destroy my hometown
Wroot
One of the things concerning the NSA's release of SE Linux is, in some instances, they complain that terrorists, and criminals are hindering their (the US Government) efforts to investigate, and or monitor crimes, and they go and release this distribution of Linux.
Think about that for a quick second with an open mind if you will, and look at exactly what was said in this article If things are so bad for NSA officials to keep tabs on terrorists and the way they commit digital crimes in association with their acts, then why would they release an OS that could further help these terrorists hide/secure their data. Sure you can look at this post and claim its a conspiracy of some sort to point out these findings, but lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to have them somewhere down the line be combined in order for the NSA to open a backdoor of some sort.
We all know about the OpenSource arguements and whether or not OpenSource solidifies security, the fact remains, no one has gone line for line on the NSA's code for SE Linux to determine whether or not they've done something shady to hide their underlying actions for creating this OS.
Now back to the OS in general, I would like to see a comparison between say SE Linux vs. OpenBSD, or SE Linux vs. TrustedBSD. Personally I would option for OpenBSD, as Trusted is an overlay for FreeBSD.
Again, one should wonder about the facts, the NSA claims people like Usama bin Laden and Fidel Castro are giving them headaches with technology, and yet they release something which could help them? Typical politics wouldn't you say. Hey, here's some thoughts to consider for NSA naming conventions this millenium.
Newer Stealth Arrangements
Never See Anything
Next Superpower Agency
New Snooping Applications
Nothing's Secret Anymore
/[a-z]['")]*[.!?]+['")]*\s/g) {
while($information =~
$conspiracy++;
}
print "Your $information is filled with $conspiracy theories\n";
Where in the world is SpeedyGrl
360 degrees of Karma
I would think that the best way to hide an "Easter Egg" in openly available code would be not to attempt to hide it at all.
Just because the source is available, doesn't mean that people will examine it, nor does it mean that the people who do examine it are competent to do so. A good example of this is the OpenBSD team. Many people trust that OpenBSD has been audited. Can anyone here give one good reason why this auditing should be trusted, or what qualifies the OpenBSD team to audit the code? Even with the auditing, security compromises have been found in the audited OpenBSD code, as recently as late last year.
This is even more true the larger the system gets. For example, how many people in the world understand, line by line, exactly how the entire linux kernel operates? Even Linus himself doesn't; he delegates code he doesn't find interesting (or doesn't have the time or ability to work on) to other people.
Besides, there are far, far more effective ways to compromise information than a direct technology attack. Sideband attacks, social engineering, tempest readings, bribery, etc. I am of the opinion that the reason the NSA are not as up in arms as they used to be about encryption is that they have other means of obtaining that same information.
I think some here are missing the point. The NSA's mission is to stop terrorists/druglords etc.
They also charged with stoping computer terrorism.
Instead of just trying to intercept the information trail, they are stoping the problem at its source: bad security. By encouraging corperations and govt agenceys to have better security they are saving themselves the headache of tracking down the bad guys that exploit security holes.
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
You're missing two points. The simpler one is that NSA SE Linux is not really about encryption at all; it's about adding mandatory access controls to the system. IOW it's about making the box more secure to attempts to crack it, but has nothing to do with the security of data that's transmitted from the box to the rest of the world. That means that so long as NSA can gather and decrypt the other guys' transmissions, it doesn't matter how resistant their boxen are to being cracked.
The other thing to consider is that NSA really has two missions. One is the one that everyone pays attention to- signals intelligence. The other mission is to help American institutions develop more secure computing systems so that our data is protected, and that's the group that's involved in SE Linux. The two pieces may be nominally part of the same organization, but their structures and goals are very different. The SIGINT branch is very secretive and wishes that nobody knew that they exist. The secure computing part by definition has to evangelize and make its developments as widespread as possible in order to make sure that everyone who's supposed to be protected is protected. With an organization that schizophrenic, you shouldn't be surprised to see something like this occasionally.
There's no point in questioning authority if you aren't going to listen to the answers.
How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read? (Let's call the function an Easter Egg, rather than a back door, because I don't want to encourage anything evil. ;-)
I started down a couple of thought paths, and stopped because they both sounded lame to me. I keep coming up against the problem of getting the source to encode something fishy, without having it smell! Obfuscation is problemmatic, because in my mind it would raise red flags, especially in NSA code.
"Rub her feet." -- L.L.