New Release Of NSA SELinux

rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.

Secure Linux?

[SpanishInquisition]

What's their mascot? Penguin in Bondage?

Re:Secure Linux?

[cyberdonny]

> So they'd even get a theme song along with their mascot.

Unfortunately, the RIAA would probably object to such a blatant act of thievery!

Grsecurity

[chrysalis]

Actually, I'm very satistied with Grsecurity, a nice kernel patch to enhance the security of a linux kernel.
What would be the benefit of switching to NSA (but more complexity to admin) ?

Re:Grsecurity

NSA's patch gives linux the permissions/ user tracking that allow linux to exist in military environments.

It doesn't actually make anything more secure.

Re:Grsecurity

[benedict]

On FreeBSD, the process-hiding feature is available by default, all you have to do is:

# sysctl kern.ps_showallprocs=0

Re:Grsecurity

[BeBoxer]

The main difference is that they address totally different security needs. Grsecurity is focused on preventing various common buffer overflows, race conditions, port scans, etc. It doesn't really do anything to make the basic Unix permissions any more fine grained than the currently are.

On the other hand, the SELinux is focused on exactly this. It allows you to specify much more finely grained permissions for users and processes. This actually complements the grsecurity work. SELinux is focused on minimizing or containing the damage that can be done with a given application. This can both minimize the things that a buffer overflow can do, and minimize the evil tricks that a user might be able to get away with using installed software. For example, a user could restrict what directories netscape is allowed to read and write to. Or an admin could restrict 'top' to opening the kernel read-only so that a buffer overflow wouldn't enable root access. Or preventing even 'root' from changing important system-level libraries and binaries.

All sorts of really neat things are possible. The downside of course, as you mentioned, is more complexity to administer. But it doesn't make sense to compare Grsecurity and SELinux. They address different security shortcoming of Linux.

Re:Grsecurity

[virion]

this release of SELinux is very significant because it based on LSM. Linux Security Module will be kernel included system that will allow one to load security modules. SElinux has ability to be built based on old way or new way that is recommanded by Linus. As i am aware it is first working system, others will fallow same suit. Kernel will be able to handle any security model once can desire and it is all pluggable. LSM is needed because current kernel module not allows to do certain things that are neede for security! LSM is the way, when it will be included in next kernel we will not have to recopile anymore just load a module

Re:Grsecurity

[rgmoore]

To say that it doesn't make the system more secure is incorrect. It doesn't involve the same kind of security audits that have been carried out with other projects, so the individual components aren't any more secure. The new security mechanisms can improve matters, though, because they make it easier to implement least privilege. You should be able to give programs only the privileges they need to do their jobs, so that a single buffer overflow or trojaned binary won't leave the whole system open to attack. It's an approach that's orthogonal and complementary to code auditing.

Re:Grsecurity

[chrysalis]

> "It doesn't really do anything to make the basic Unix permissions any more fine grained than the currently are."
Grsecurity includes LIDS that does exactly this.

What about debian?

[niekze]

Can i apt-get install Carnivore?
or do i have to use their rpm? :)

Bonus feature: 100% DMCA compliant

[swagr]

3 years without cdparanoia working in the default install.

Finally we can get NSA/Linux

[zulux]

I was getting tired of NSA/Windows for all my backdoor crypto needs.

Search google for NSAKey if you don't know what I'm yammering about

Dumb question

Aside from the NSA, has anyone taken the time to audit the code?

Re:Dumb question

[ajs]

Most of the follow-ups have missed your point, I think. Correct me if I'm wrong, but you were asking if anyone had looked at the NSA's code to determine if it had... problems?

I've taken a quick look (very quick) and am convinced that it's exactly how I'd build a set of Linux patches if I wanted to be sure that a hidden flaw (either now or later) would be hard to detect. Basically, you have a set of "security operations" handlers which are dynamically assigned by modules. The question is, of course, when are these handlers set, and how good is the security around setting them.

I've not reviewed the second half (majority?) of their code, which is the modules themselves. We should really get a gorup together and discuss the internals of this thing. If it's really good, and we find no fault with the implementation, perhaps it should be come mainstream. However, for now I think paranoia is wise.

Wouldn't a...

[Ron+Harwood]

Spying penguin (binoculars and trench coat) be more appropriate?

I can't get the patch to work.

[Picass0]

My compile keeps hanging on NSABackdoor.h

Re:I can't get the patch to work.

[Col.+Panic]

Most likely they'd have hacked gcc to target login as Brian Kernigan described.

I think you meant Ken Thompson.

Re:Linux mainstream?

[baptiste]

I'm guessing both - the gov't is talking about some serious deployment of Linux on teh desktop and in sensitive areas, I'd epxect they'd use a distro blessed by teh gov't security folks (ie NSA LInux)

nah, install from source..

[Jose]

grab it here http://www.robertgraham.com/altivore/

Re:These 'Security Enhanced' versions are everywhe

[Rimbo]

"I just got back from the book store to pick up 'Linux Journal' and it was funny how 'Linux Magazine' and LJ have almost identical Security Special Editions."

Those are two different magazines?

Security Built In

[twitter]

The NSA says, "We feel much more secure when you use SE Linux."

Why are you people always moaning when some big company supports GNU/Linux ?

That's what *you* want, ne c'est pas ?

Nope, I could care less. I want people to be free to use their computers as they see fit. I'm not happy to see people surrender those freedoms to another big company, much less the Federal Government, using some basterdized version of a free OS. The NSA has a history of recomending weak secruity, backdoors and nice stuff like Carnivore.

You're not doing the stuff yourself, so be happy.

Backdoors are not a do it yourself job.

BSD?

[Kozz]

(I'll probably get modded down as flamebait for this, but screw it.) I'm a Linux user. However, I've long thought about installing/using one of the *BSD variants, simply because they are often touted as being even more secure than linux. Why might the NSA not create "SE-BSD"? Wouldn't that likely be even more beneficial?

Re:BSD?

[benedict]

I believe the NSA has provided some funding for TrustedBSD.

Re:Why is the NSA in this?

[wumingzi]

The sole purpose of the NSA is to spy on you, now why are they trying to make your system more secure?

Incorrect. Read the NSA's charter.

Pay attention to section 1, Article 5, Section 3 et. al. The NSA also is charged with creating standards for the security of information held in DoD computers (specifically), other govt. computers (generally), and promulgating those standards for use in other systems. Here is a nice link to the NSA's computer security guidelines if you haven't seen them.

Yes, the NSA spies on people. No this isn't nice. Yes, the government of the USA does some awfully screwy things, like the DMCA. Tarring the whole government with the same brush is simple-minded.

Besides, the code is available for your perusal. If you think the uberspooks have put in a back door, get to work and find it!

Just a question...

[mystery_bowler]

Is the NSA responsible for figuring out the best ways to lock down whatever OS's the various government agencies of the U.S. use? Reason I'm asking is because seems like recently (or kinda-recently) there was an article here on /. with a link to the NSA's guidelines for securing Win2k. I'm sure the NSA has reasons that I don't even want to know about for running both their own build of Linux and a tightened-up install of Win2k, but I'm just curious as to the extent of their influence on other agencies' software choices.

Do other agencies just follow along with the guidelines the NSA sets forth, try to get independent advice or go it alone? Financially, at least, it would seem like going with the NSA's guidelines would be the way, since the information is more or less public (at least it is in these two instances) and there wouldn't be any time or money spent on third-party tripe (bids, negotiations, etc) or independent research.

Re:Just a question...

[FooGoo]

Yes... Executive Order 12333 of 4 December 1981 describes in more detail the responsibilities of the National Security Agency. The resources of NSA/CSS are organized for the accomplishment of two national missions:

The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.

The foreign signals intelligence or SIGINT mission allows for an effective, unified organization and control of all the foreign signals collection and processing activities of the United States. NSA is authorized to produce SIGINT in accordance with objectives, requirements and priorities established by the Director of Central Intelligence with the advice of the National Foreign Intelligence Board.

Re:Just a question...

[DickBreath]

Umm... can they also SIGKILL from time to time?

Sorry. That would be the CIA.

From the FAQ

[Col.+Panic]

13. Is it secure?

(blah blah blah)...Security-enhanced Linux is ... very unlikely to meet any interesting definition of secure system.

Open Development Model

[vbprgrmr]

It was more that Linux was open and they could actually write testable code into the OS. If you noticed in the main NSA security page, they also provided a series of recommendations for security on Windows 2000. Since they couldn't tamper with Windows code, that was all they could do.

Also, for those people all paranoid about all this, remember it was because of the national security issues that resulted from systems and web servers attacked by Denial of Service, hackers and the Chinese, that caused Congress and NSA to study the problem.

Let's lose the FUD, people

[Tassach]

The rampant, grossly uninformed FUD that's flying around here is making me ill.

First try and wrap your brain around this concept: The NSA has TWO distinct missions -- to spy on foreign nations on behalf of the US government, and to keep foreign nations from spying on US govt. and businesses. People tend to forget about that second part. Knowing government beaurocracy, it's not at all unlikely that the spy-on-other-folks department and the keep-other-folks-from-spying-on-us department are involved in a turf war, or are working at cross-purposes.

Second: the NSA secure linux is a patch to the standard Linux kernal. If you are paranoid about them trying to do somthing neferious, download the source and diff it against the baseline code. It's pretty hard (but not impossible) to hide a backdoor in source. Paranoid types, make sure you trust your compiler [as well as any other binary that touchs the code as it's being transformed from source to executable] If the NSA wanted to hack your box, they have a lot of better ways to do it than releasing a GPL'ed trojan. Give them some credit -- they are not that stupid.

This is a Good Thing. Having a respected government agency endorse Linux gives it huge amounts of credibility. [OK, geeks may not trust/respect the NSA, but you can be sure that CEOs and PHBs do.] Believe it or not, occasionally the US gvt does manage to Do The Right Thing, even if it's unintentional.

Re:Why is the NSA in this?

Yes, the NSA spies on people. No this isn't nice.

Why do some many people see the NSA as evil? Yes, the NSA listens to overseas communications. That just might avoid a war, or reduce the scope of one.

For all you US citizens out there, and citizens of our allies, they are the good guys! When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."

Paranoia Strikes Deep

[vbprgrmr]

After reading many of the comments on NSA research of security on Linux and Windows 2000, it amazed me the level of paranoia of many of the posters. Let's get real folks! All this research has come about because of the hacks and DoS attacks of commercial and institional computers and servers. The reason NSA chose Linux to test their codes was because it was open. If you notice they also supplied a series of recommendations for security on Windows 2000 systems. Since they couldn't alter Windows source, that was all they could do.

I would guess for the all-out hacker geek, this NSA compile on their system, probably would cause paranoia (like some invisible eye looking back at you !! ha! ha!) But probably wouldn't have any other power you imagine it has. As for anyone else, it wouldn't hurt to at least study their implementations.

"Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
You step out of line, the man come
and take you away"

-- Stephen Stills, "For What It's Worth"

NSA?

[room101]

So, what is this NSA thing?

I keep asking around, and all I get is that there is "No Such Agency".

Re:NSA only sticks to Red Hat?

[Isaac-Lew]

Maybe because the most common distros (at least commercially) are rpm-based, & a lot of US government organizations (including the one I contract for) use Red Hat?

I would think that the kernel patches & source code would be able to build on *any* distro, not just RH...or you could use alien and/or rpm2tgz.

How come?

[angst_ridden_hipster]

When I install, my formerly encrypted partitions show up as being mounted on /dev/squeamish_ossifrage
???

Not all that Dumb a Question

[fm6]

Auditing would seem to be the whole point. If the NSA were just going to hack Linux for their own purposes, they wouldn't bother to make their distro available for external use. Obviously, somebody at the NSA is rebelling against the conventional notion that you hiding the source code makes a system more secure.

Dueling Penguins

[fm6]

A more appropriate symbol would be a penguin using the NSA Key to bash in the head of the commie penguin who symbolizes Red Flag Linux.

Re:Why is the NSA in this?

[ClipDude]

Why do some many people see the NSA as evil? Yes, the NSA listens to overseas communications. [...] For all you US citizens out there, and citizens of our allies, they are the good guys!

Forgive us for having a healthy skepticism about the government. Most Americans probably wouldn't mind if the NSA only worked to listen to overseas communications. However, through Echelon, the NSA and its friends have the power to listen to our conversations as well, which we reguard is a violation of our privacy.

When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."

Also, just because my government does something (even to foreigners) does not mean I have to like it. Being part of a democracy means evaluating your government's policies, domestic and foreign. That doesn't mean being super-negative and unwilling to admit that the government ever makes good decisions, but it doesn't mean you sheepishly go along with all the government's decisions either. What kind of patriot are you if, when you see the government doing something overseas you feel is unwise, wrong, or possibly both, you don't speak up? The many men and women who have died serving our country--including those in the Air Force--didn't die so you and I could mindlessly go along with whomever happens to be in power at the moment.

This is a usability test

[Animats]

This system is designed to answer the question "can a secure system be built that people will use?" The object of this project, as NSA makes clear, is to find out if people can use a system that has mandatory security features.

Previous NSA secure OS projects (I worked on one, 20 years ago) concentrated on security at the expense of usability. This resulted in systems that didn't get used much. This time, they're trying to fix the usability problem first.
If mandatory security in Linux goes mainstream, this would be a major step forward. Once we see important applications like Apache modified to work under mandatory security, we'll have real progress.

Re:NSA vs. Deus Ex

[WolfWithoutAClause]

Oh yeah. The Illuminati are really your friends. I don't think so. ;-)

Re:Government using GPL?

[WolfWithoutAClause]

Absolutely. When are you going to be making the same claims for other tax payer funded items?

Consider the White House... Everyone should get to sit in the big chair? Stealth Bomber? You want a go?

Don't think so. Just because you pay for it doesn't mean you personally or you corporately benefit from it. In this case you can use it; even modify it. Be happy. But you can't modify it and distribute it without everyone else seeing how you've hacked it. That's much fairer than the stealth bomber.

Government using MS?

[BeBoxer]

I agree completely. All government funded software should be public domain. I'm sick and tired of my tax dollars going to fund development of commercial software. This is nothing more than welfare for rich (and in the case of M$, criminal) organizations.