Slashdot Mirror
New Security-Enhanced Linux Release
James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."
I'm wondering who put their research to good use.
Anyone?
I have to say, it really is nice to see the NSA contributing to an open source project in such a positive manner. Being "open" isn't exactly one of their usual activities. From the changelog it looks like they are really digging into the depths of the kernel too -- not just superficial changes. Is anyone running this in a production environment?
As many as it takes to catch all the mass-murdering and linux-using terrorists.
i would not go near anything, that was touched by nsa fbi or what ever. Hey they demand crypto-backdoors, why should they keep the publicly available version of their os free of backdoors. They can allways say it was just typos...
and this distribution seems to be quite strong in security, I think this will defeat the legislation to block terrorists from using strong encryption... Is NSA helping terrorists in this case to secure their communication channels?
¦ ©® ±
as soon as it is mandatory for encryption to have a gov't controlled back door, fork the distribution and start developement outside of the USA, much like OpenBSD.
The NSA is doing a bang up job, but their work will be seriously compromised if the USA Gov't is successful in legislating mandatory back doors in all encryption products.....
Feed the need: Digitaladdiction.net
could this be the closest thing? wonder if there are kernel enhanced security backdoors - but the real question, can we infect it with nimsa etc ;)
This is looking very nice. They're putting hooks into lots of places in the kernel. If the hooks themselves are accepted into the core kernel, then many of the different Linux security projects (like LIDS) will be able to work with little (or even no) kernel patching. It also has clean seperation between it's various components, so that anyone can plug in their own implentation of any of the sub-systems; thus, just like in Perl, ther'll be More Than One Way To Do It.
Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
Mark this as a troll... I don't care (I have Karma to spare)
But, I'm sure it's not just me that would have to think twice or three times about installing an operating system produced by the governement agency responsible for spying on us...
Yeah I know that they more that anyone would probably be able to produce a pretty secure OS (for what's that statements worth) but, comon...
I'd have a to wait a few months on that for a good independent third party review of the entire code and daemons before I really trusted it with any of my senstive data...
Just my 2 cents...
Guys... come on. So far (at 1:26 am pst) Almost every post to this article is talking about encryption. Having an educated opinion is worth a lot more than an uneducated one. Do a little more research please :)
This is NOT encryption. What SELinux provides is stronger access control mechanisms. This means that users and programs only have access they need in order to get their job done.
This is a totally different thing from encryption. Encryption is one thing this is actually NOT touching. Encryption on most systems is useless if someone can break in and obtain the key needed to decript whatever you are trying to keep secret.
In a environment with better access control, it makes it a LOT harder for someone to actually gain that type of access. If someone breaks into your mail daemon or your http daemon, they only gain the rights that program had, nothing more.
I do agree however, that it is nice to see the government helping community (opensource/free speech) software. I think this is something we could use a lot more of.
Luke
Good to hear that they're still actively working on this open source project, in light of the recent events. It seems at least some people at the NSA don't believe that banning security measures is the answer to all problems.
The NSA is responsible for national security... as the name implies.
;)
They desire (and probably have) access (however limited) to anything they want - private computer systems are a major hurdle in their mission to have complete access. What better way to change that than to release their OWN operating system, in the form of a Linux distro?
They can't exactly introduce a brand new thing to compete with Windows or the MacOS; so join the Linux crowd. Perfect.
Anyone who uses this is simply helping the NSA spin their web; and its getting bigger as always. Protect privacy... stick to YDL
Just wondering.
-Patrick
How can you tell that when it isn't even sure yet who did it?
I'm as shocked and disgusted at the attack as you or anyone else.
:rolleyes:
I actually had people I knew in that building.
What do you want us to do? Pine over it forever? The fact that we are ABLE to discuss something else shows how unsuccessful that terrorist attack really was despite the massive loss of life.
Don't label me as insensitive but getting over it is what needs to be done.
Burbonator: Thats what I'm talking about; the reason for this release is so the NSA has access. Do you really think they'd release something they couldn't break? Oh come on...
They'd love for terrorists to use this. Its probably got a seive built right into it!
Do you really think they'd release something they couldn't break? Oh come on...
:rolleyes:
They'd love for terrorists to use this. Its probably got a seive built right into it!
"Security Enhanced" maybe - but when you've got the key, the size of the door matters not... no?
There was Government one day, Who coded whilst hidden away. Then Linus Torvalds, Backed by the crowds, Surrendered the code and his sway.
Go buy a clue.
What offends *me* is your ignorance, gross generalizations, and knee-jerk reactions. By your logic I assume we should also outlaw writing. After all, they did find a letter with instructions for the terrorists. It's antiquated, hand-written messages like that that are the *real* danger to this country. Only through illiteracy can we be truly safe.
As for me, I'm off to bed. No, really. I have to get some sleep before I go to work tomorrow.
Jeez... I really hope this was just a sarcastic post that went over my head b/c I was sleepy... "Communist open source tools"? Yeah, it's gotta be a joke. No one could say that with a straight face and mean it.
like a knight in shining armor/from a long time ago
Just when I thought it was safe to run Linux on my home PC there comes this news. I'm still trying to figure out what that mysterious NSA registry key in Windows does...yes, such a key really exists in Windows - do a search here on Slashdot or Google for more info.
Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
I am a Linux user for many years, and I have to admit that I do not put much emphasis on the security matter.
In light of the NSA's seLinux, I want know if there are OTHER secure (and/or ultra-secure) version of Linux distros out there?
Is there a portal somewhere dedicated to give users a taste of what is available out there?
Any comments will be very much appreciated.
Thank you.
Muchas Gracias, Señor Edward Snowden !
On second thoughts... while I would trust this less than a tylenol I found on the street, think about this...
:\
;)) fixing the backdoor and creating a new one.
Would you rather have the NSA, or some 1337 punk h4x0r break into your system?
I've got nothing to hide from the NSA; and while in PRINCIPAL I still intensely dislike the whole thing, security wise this may be a wiser option.
It may well leave the back door open to the NSA - but nobody else. If it can keep out "other" intruders better than any other distro... would you use it despite the ramifications of having the NSA being able to waltz right in?
But then, there is always the possibility of the backdoor being found, or leaking; but in that situation a patch would be released immediately (its already prepared...
Oh well. Random thoughts.
[I usually don't answer cut'n paste trolls...]
> What offends me (not to mention the 6000+ innocent dead and their grieving families) most
> about this story is, the terrorists made use of these kinds of communist open source tools to
> plan, communicate, and carry out their attack.
And they used "Microsoft Flight Simulator" for training.
It really offends me that millions of people are still using Microsoft products after this tragedy.
There is nothing in these patches that has to do with crypto. Stop whining about back doors, and at least read the FAQ!
They are trying to move toward a structure of access controls, to limit the scope of exploits. I think this is a worthwhile effort, and their approach (ie., explaining that this is -a- way of doing this vs. -the- way of doing this) is laudable.
Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
The NSA has published several research papers on on SE Linux as well as the OSes leading up to it (Flask, DTOS, DTMach) and it is hard to find malice in what they suggest should be how OSes should be improved security-wise.
If you are so suspicious of SE Linux then don't install it or even better use the benefits of Open Source and actually read through source to see if the code matches what they claim in their research papers. Heck, diff the major source files against a stock distro and see what has changed and why. Open Source is of no benefit if people treat it like closed source and want everything handed to them on a platter.
These are the ones I know about:
Trustix Secure Linux
Engarde Linux
Immunix (seem to ship a secured Red Hat)
Kaladix Linux
Can't say if they are any good, I'm afraid. I'm too happy running Debian!
-- shaka
:wq!
First of all, this in not about encryption.
:) Oh yeah, and it has to support single login.
Linux already has security at the group and user level. But that is not good enough security for the real world.
What security like this does is allow you very fine control over everything that a user or process is allowed to do or to access, right down to system calls.
So, your web server is running and only has read access to it's config files, and write access to its logs and can only call the system calls that it needs to do it's job.
Let's say that there is a buffer overflow in the web server and someone tried to exploit it. Geeze, they can't start a shell, because they don't have any access to a shell, the web server didn't need that access. So, even though there is a buffer overflow, they can't get a shell from it.
Let's say that somehow they got a shell from this activity, all that the shell would have access to would be the web server content, config files, and log files and they could execute cgi scripts. And nothing else. And the cgi scripts would be locked down even tighter than the web server was. They couldn't even see anything that wasn't web related.
The really nice thing about this level of security is that the concept of an all powerful root becomes almost meaningless. Any user can be granted specific rights to run certain programs.
This means that administrators for each subsystem can have the rights they need to do their job.
Where we do need encryption is a good directory service for Linux servers that would allow this level of security access controls at the enterprise level across 10's, 100's or even 10,000's of servers.
Imagine being able to add a new person to a single database and instantly give them the rights that they need to do their job across a network that spans the globe.
Or is that just me? *L*
The problem is that do you really think the terrorists (for example) are going to decide to use SeLinux, made in America by those kind folks at the NSA?
I won't, they sure as hell won't either...
This distro's sole purpose is to gain the NSA a foothold in the Linux market; where their software will be incorporated into other distro's.
In the grand scheme of things, they're gaining a foothold in the operating system area...
Certainly doesn't follow slashthink!
okay maybe not a system wide backdoor , but atleast a secure uncryption data backdoor.
Does anyone else worry about the NSA making the Linux kernel easy to modify? All I could think about while reading the above comment was "what else are they planning to put in?"
The NSA creates a system where you can plug in the security architecture that you want and you complain? Would you rather that they hardcoded it so only NSA provided security features could be used?
I guess it just goes to show that you can't please everyone.
..you find that the changes are not about encryption, but preventing programs already on your system from doing something they shouldn't do. As the changes offer increased security from the basic kernel, the NSA won't be able to do anything with this that they can't do with your current system.
:-) ]
As the NSA have released the source code for these changes I hardly see any reason why one should not run such a kernel. I may hesitate to run a binary from these guys, but if these changes get incorporated into the mainstream kernel I'll still run Linux.
On another point, maybe it is worthwhile seeing what is required to get an increased security classification for Linux; the FAQ raises some interesting issues in the form of documentation and auditing. Maybe the first could be performed under the auspices of the LDP (Linux Documentation Project) and some of the other secure Linux distributors would be interested in coordinating the latter.
If Linux was approved as a secure OS, then takeup by goverments would be much more enthusiastic, and as civil service employment would require at least Linux desktop knowledge, that would lead to a need for it to be taught in schools, which is where hopefully the next generation fo kids won't grow up to by Windows lusers. [bit like a reverse of the fear leads to anger...to the Dark Side argument, isn't it?
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
I wonder if they have installed some hard
to find backdoors so that they can get into
the "secure" systems
Remember the mysterious NSA_KEY they found in the
Windows code ?
Is if someone takes the good ideas from the nsa distribution , analyzes them carefully, and reimplements them with subtle differences in a different distribution.
Unless you don't mind handing root to the NSA.
Up next: the FBI's "Carnivux"
So, this may be what they are counting on. Make the source actually be secure with no back doors- and count on the difficulty of actually compiling your entire os from source to deter people from actually *using* the secure version. Oh, and make a big fat server available from which you can download the binaries- source is available on papyrus if you send a S.A.S.E., thank you.
microsoftword.mp3 - it doesn't care that they're not words...
I mean, the USA != the world. If the NSA does something, or decides something, why should I find that a good thing? The NSA is an agency of a country where I don't live in, which has another system in place that spies on our economy (Echelon). Why on earth should I trust the NSA?
ps: no, I'm not happy about the NSA approved keys in windows either, allthough these are not usable to enter a system.
Never underestimate the relief of true separation of Religion and State.
Who needs this anyway? Who really needs to controll each and every file's access?
Unix is meant to be a basic system.
My small business has half a dozen Linux boxes that maintain year uptimes. The large company that I work for (100+ billion dollars in sales last year) has hundreds of Linux boxes that stay up indefinitely.
I'm sorry this is off-topic, but this sort of FUD has to be countered.
The couple of dozen Linux boxes that I directly administrate don't require administration. They just run without any tweaking or attention at all. I get to focus on the software that I want them to run. And they hang around 10-13 load, all the time, said load generated by hundreds of absolutely reliable processes.
I'm not going to comment on your inflamatory filesystem diatribe. I'll just say that Reiser has never let me down.
Is that they can download the source themselves, and then compile their own binaries. There's no need to "trust" the program not to screw you over - if you have enough knowledge, you can examine the source yourself.
I'm the stranger...posting to
If you're working on some worthy enhancements to the brave gnu world of open/honest communications/commerce, you may want to investigate acquiring this definitive set of URLs, from us.
Last chance (thank God) to see these guys, (now featuring face scans of the REAL .commIEs), before they get GNUked.
fud is dead/insecure/ill eagle.
Do you administrate the boxes of your boss as bad as you administrate your website? I certainly hope for your employer you do not.
Wasn't aware that M$ Flight Simulator ran on Linux. According to Intel, they did some practicing using FS. Of course, it is about time that we started to use the NSA key in M$ to stop these ppl. Heck, we used it to spy on the mafia, we should use it to spy on everybody
I trust that everybody has seen this exact file posted on many other fine slashdot articles. this is simply another M$ troll just like that kkk guy running around. perhaps the same person.
If people would bother to click on the link in the story, you would be able to remove the tin hats and stop whining about encryption backdoors and black helicopters.
This is the text of the abstract of the NSA project. You can find it here http://www.nsa.gov/selinux/policy_abstract.html
The security architecture of the system is general enough to support many security policy abstractions. The access controls in the implemention currently support a combination of two, type enforcement and role-based access control. This combination was chosen because togther they provide powerful tools to construct useful security policies. The specific policy that is enforced by the kernel is dictated by security policy configuration files which include type enforcement and role-based access control components.
The type enforcement component defines an extensible set of domains and types. Each process has an associated domain, and each object has an associated type. The configuration files specify how domains are allowed to access types and to interact with other domains. They specify what types (when applied to programs) can be used to enter each domain and the allowable transitions between domains. They also specify automatic transitions between domains when programs of certain types are executed. Such transitions ensure that system processes and certain programs are placed into their own separate domains automatically when executed.
The role-based access control component defines an extensible set of roles. Each process has an associated role. This ensures that system processes and those used for system administration can be separated from those of ordinary users. The configuration files specify the set of domains that may be entered by each role. Each user role has an initial domain that is associated with the user's login shell. As users execute programs, transitions to other domains may, according to the policy configuration, automatically occur to support changes in privilege.
Conformity is the jailer of freedom and enemy of growth. -JFK
Every once and a while, you just have to step back from the paranoia and look at things whith a differnt light. NSA's got TWO jobs. One, the get all the fun information we can on other countries. Note that thats other countries, because they are by law fordbiden from spying on us citizens, and by an executive order since 1978 from having any other country do spying on us citizens for them. Yes, and i still belive echlon doesn't do what everybody thinks it does. The second mission of NSA, however, is INFOSEC, or information security. This role of NSA is to create defensive information operations to achive information assurance (nice bit of buzz words there). Basically, this means NSA wants american goverments and critical commercial utilities (like phone companies and such) to use more secure systems. For them having more secure version on Linux on theese systems, or any more secure os, would be a good thing.
Mod point free since 2001
> What offends me (not to mention the 6000+ innocent dead and their grieving families) most
> about this story is, the terrorists made use of these kinds of communist open source tools to
> plan, communicate, and carry out their attack.
And of course, library computers running Windows and hotmail are all open source commie tools.
It seems NSA needs a "security enhanced" OS for its own website. If you look at the statistic of their website on netcraft , it seems that they have to reboot their solaris servers every 3 days !
" backdoors will they put here?"
As has been said before ad nauseum, if there's a backdoor, it will be trivial to spot because it's open source. Distrust of the government only works if you're logical about it.
I don't know if I would trust a version of linux produced by NSA. We all saw what happened with the clipper chip, and other things that they have done. Although if they have open sourced it, then someone could anaylize the code. I am not that good. In the mean time, has anyone seen Enguard Linux (http://www.enguard.org)? It is supposedly very secure. If that is so, then what do we need the NSA version for?
I'm getting sick of all the paranoid types here going on and on about how it's antithetical of the NSA to make a truly secure product for the masses, you can't trust them, blah blah blah...
Secure encryption is a matter of national security. It's a matter of an American company being able to keep its secrets secure from foreign competition (amongst other things). It's about AMD being able to make a new innovation, for instance, without having to worry about Hitachi "coincidentally" and suddenly patenting that same innovation before AMD gets to the patent office.
If you're going to have to rely on such a program for the validity of the economy (et al), there is no logical reason to shoot yourself in the foot by installing back doors in all such software. That secret back door cannot stay a secret forever. All it requires is one act of treason for that "secret" back door to be just about anything but (possibly even public domain).
Yes, I know the FBI wants escrow encryption, but even then that's only giving the Feds the ability to get to the keys to decrypt it (with a court order), not some magic key of their own. Because again, that magic key is one act of treason away from the public domain.
And here comes the flame...
It disturbs me how many posts on here all say the same thing: "It says 'NSA,' so therefore it must be bad." And yet, surprisingly enough, nobody has yet to find any such super secret NSA log-in account in the open source code. This gut reaction reminds me too much of the people who were saying as early as the evening of September 11th that it was all an ATF plot. Can't you people think differently for once, especially when there's no logical reason not to? I pity you for not being able to change gears every once in a while. If Congress passed a resolution delcaring the sky was blue, where would that leave you?
Blind distrust of the government is just as bad as blind trust, if not moreso. At least with blind trust it demonstrates the ability to trust something, and you can go out of the house every once in a while without putting your aluminum foil suit on...
This is sure to get modded down. If you are truly concened about security, you should not be running Linux.
Try this: www.openbsd.org
Why would the NSA have any interest in making it harder for them to access what's stored on your computer?
Why is it that many people who claim to support standards have such atrocious spelling and grammar?
...but it just worries me that there is yet antoher possible weakness in the kernel and that the NSA is the one putting it there.
You are not being reasonable. They are providing peer-reviewed well-architected security enhancements that fix almost all the hugest problems in operational security that Unix has ALWAYS had. Eventually, we will all use some version of these new ideas, because as you may have noticed, dividing processes into root/user just leads to root exploit after root exploit.
This is all GPL'd and not terribly obfuscated. I really think that you need to get these anxious feelings under control.
Marc
With this new kernel interface you'll be able to set your system up to taste, with configurations running all the way from basic Unix security like we have now to the exotic super-security system flavor of the week.
Life's a bitch but somebody's gotta do it.
As has been said before ad nauseum, if there's a backdoor, it will be trivial to spot because it's open source.
Prior to 1492, it was said ad nauseum that the Earth was flat. Didn't make it so.
It is very possible to hide backdoors in code that are almost impossible to find, even in Open Source code. Read this article by Ken Thompson:
http://www.acm.org/classics/sep95
"Prior to 1492, it was said ad nauseum that the Earth was flat. Didn't make it so."
A name for you to look up: Eratosthenes
Besides, I'm failing to see how sailing off into the unknown and looking at a text file are analogous. One involves hidden dangers and doubts about food supplies, while the other involves a text editor.
"It is very possible to hide backdoors in code that are almost impossible to find, even in Open Source code. Read this article by Ken Thompson:"
Already read it. There is an infinity of difference (literally) between "impossible" and "almost impossible."
I really don't want to troll, but am I mistaken or is that addressed to me? I mean, I posted a link to a comic strip. Do I need to bracket it in rows of smiley faces? Meet me halfway, here.
Once someone says "it has nothing to do with encryption" aren't all future messages to the same effect redundant? Just because other people keep going on about encryption doesn't mean you have to keep upmoderating anybody who repeats that.
On a more serious note, if they really are just like us geeks on slashdot, why do they work at the NSA? Are geeks who work at the NSA happy with their jobs? I wouldn't want to solicit anything classified (since I post with my e-mail address :)) but do we know who at the NSA arranged this? It's a nice piece of work and I'm wondering how friendly an environment the NSA really is for people who want to do open source work. Is this the brainchild of one particular linux-friendly higher-up or are we going to see a lot of open source stuff coming out of the NSA?
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
You know, with all due respect, I think a lot of slashdotters have watched too many reruns of the X-Files. The NSA is an agency charged with defending the United States *against* threats to national security. As recent events (not WTC, but rather the slew of worms and virii) have demonstrated, one of the greatest threats to our electronic infrastructure is having a few gazillion easily hackable machines on the Internet. It's part of their mission to prevent that. After all, it's not like they haven't done it before.
Yes, the NSA has acted to help Americans protect our secrets before. Why? Because it helps our country for banks, companies, and people to be able to do their work without fear of their private data being stolen. For those of us who follow encryption, recall that NSA helped IBM optimize DES against differential cryptanalysis, long before differential cryptanalysis was a public technique (yes, they also limited keylength, but presumably that was to set things up so that they could break in, but only in emergencies with a *lot* of effort -- it still takes 24-odd hours for modern specially designed machines to break DES, do you think the NSA could have done better in the late 70s?).
Even when they were trying to foist Clipper off on us, the people over at NSA always acknowledged that helping Americans (and the global economy) maintain secure systems is a good thing. As lots of people have pointed out, SeLinux is about access controls, not encryption. The NSA has every reason to help develop secure products so that large groups of Internet servers are not easily hacked, and no reason to install a backdoor which anybody could discover (and, if unethical, exploit) simply by perusing the source code.
That said, if you're qualified, feel free to browse the code -- being careful is good, but being paranoid and reflexively hostile to people who devote their lives to public service is bad.
"Prior to 1492, it was said ad nauseum that the Earth was flat. Didn't make it so."
A name for you to look up: Eratosthenes
Besides, I'm failing to see how sailing off into the unknown and looking at a text file are analogous. One involves hidden dangers and doubts about food supplies, while the other involves a text editor.
The point is that repeating a meme does not make a falsehood true. I know all about Eratosthenes. He is irrelavent to the discussion, as most of the Western world believed otherwise. Again, the point is that repeating a meme does not manufacture a fact.
There is an infinity of difference (literally) between "impossible" and "almost impossible."
From a security standpoint, there is not. There have been bugs in the open that have not been found for years (BIND anyone?). A well hidden backdoor such as the hypothetical one here will take decades to find, but the intentional security hole will still be there.
OK so linux and windows are really just tools; I see the NSA has bs for windows and linus saftey as all users need to watch their hands around the saws and wear safety glasses. What's the bottom line? Do we all just need to spank these stupid hacker kids? Why waste time hacking linux and windows when you could hack the human brain. (You get more fucking credit than taking down a computer. We'll think your smarter....)
Make me some fucking cool math tools to mine math from the sky oh thousand time copied mp3 muse of binary. Not some linuspecker viri. Try neuroscience or cognitive science. Sure the system sucks. Don't fight the power. Chant with me now. I can feel you.. Don't fight the power. DFTP!!!
I noticed my virus scanner protects me from over 50,000 viri. But my viri software sucks because I know tons of shots get pulled from my screen. I choose low band to chill out these invasions. A stupid resort as it changes my web behavior. Hacker kids have gone commercilized like raves. And just like the EXCTASY that rots my peers brains you fake computer invaders rot your intelligence. not everyone can think. Let's be smart. We don't need another virus. Chill out linuspeckers!
... but a whole boatload of steps to go before a few government agencies can use it.
I should know: I'm stuck in the middle of it. I'm in an acquisitions job for the government (DoD) at the moment. I'm trying like the dickens to get Linux or *BSD used as the OS for the systems that I'm procuring but I keep running into these brick walls. DII COE compliance. GOTS software. Government-Acronym-of-the-Day compliance.
Most of the trouble is with the paradigm of systems procurement. The current (and legacy) method is that a particular vendor who wants to get their hardware (and software) fielded in a particular system would "sponsor" their system to be pushed through the bureaucratic hurtles. Once through, they would sign off on a "warantee" of the system agreeing to maintain said system in the face of security faults and the like. Once they've done this, they're on the gravy train: they are they sole provider of an approved system, so it is the first choice when it comes to designing your new widget on top of it. (By the by... you get approval for a particular revision of a kernel with certain modifications. This is why so many DoD systems are running on SunOS 4.blah.blah.)
We've talked with Red Hat, and a few others. No dice. Know why? If they push the kernel modifications through for Linux X.Y, they have to re-release it to the world. (And fork the kernel with technically unsupportable modifations, too. It's a fer-sure dead kernel if it weren't for the government rubber-stamp.) Then ANYONE could put together a system based upon the kernel that, say, Red Hat got approved at the expense of umpity-ump million dollars. Does this make business sense? Of course not! Who can afford to drop a couple million dollars and a bundle man-months in the process of making a compliance kernel? Sun, SGI and %$#*%#&*$^ Microsoft! Why do you think there are so many damned MS server systems in the DoD? Because they're the best solution? HA! It's because they're APPROVED and relatively CHEAP. Can you see my blood pressure rising?!?
So here I am. Wanting an open source system to base by acquisitions program on, can't get one without bankrupting my entire procurements branch, and posting anonymously so I don't get in big trouble.
Simple, The NSA is not only responsible for foreign signals intelligence, but is also responsible for PROTECTION of US communications from being exploited. Obviously it is in the best interest of United States for there to be an agency (in this case the NSA) providing a secure OS for use of the military, government and industrial complex.
I'm as paranoid as they come, but really - this is over the top unless you honestly believe that the "X-Files" is based on true stories.
Given the paranoid, cynical, untrusting nature of most Linux folk when it comes to the government I'm sure thousands of eyeballs will be poring over that code looking for anything suspicious. And I'm sure the NSA knows this as well and realizes that this is NOT the time to do something really stupid, in open source, that any persistent hacker with an editor can find.
It's not like a backdoor is especially difficult to locate when you can see all the code. Your only hope is obfuscation; the NSA changes aren't large enough for such a tactic to work. You don't have to check the whole kernel, mind you, just what's modified after the patches. Not a hard thing to do. Divvy up the work among 50 people and even without a search algorithm to reduce the text involve the search becomes trivial.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
including the bonus undocumented Ashcroft server!
"i was saying gnu-rd"
Doesn't E-directory NOvell provide this?
Imagine a Beowolf CLuster of THESE!!!
What to do with it?
1) come up with a mandatory security policy that makes sense in a web server environment, and
2) modify Apache to live within that security policy. At that point, you have a secure web server that stays secure even if the web server has holes. That's what this is all about.
Mandatory security actually works; it's just hard to live with. It means things like "administrator programs can't read lower-level data." That prevents them from becoming contaminated with viruses, but it's a pain to live with.
The key to all this is that the amount of trusted software becomes much smaller. Everything that ever runs as "root" under UNIX is trusted. In a mandatory security environment, only a few programs have strong privileges. Typically, these are dumb little programs that do one job (like installing user accounts or copying files for backup) and nothing else. You never trust something big like EMACS.
Two things:
1) Read the Thompson article. The link is elsewhere in this thread.
2) Re-read my last post. You will find the word "hypothetical." No paranoia here.
give "Trustix" Linux a try !?
Not everybody who does Open Source is into the whole "community development" ideology. Some, such as the NSA and cryptography developers, are simply interested in the security advantages. Personally, I consider the main strength of Open Source to be its ability to create standards without falling into the design-by-committe trap. To see what I mean, compare KDE with CDE.
Everyone is talking about either remote exploits, or encryption, or NSA backdoors...
SElinux has NOTHING to do with any of those...
IT's about intenral access controls for applications so they only have access to the resources they need to get the job done.
So, in the future, say, a large, huge server can run *securely* where differnet internal users are safer from each other.
Don't forget... a number of the terrorists booked their tickets on Expedia from a MS Windows computer at Kinkos (according to the NY Times)
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
What we learn from the discussion here is that any code released by the NSA is less trusted and inspected more suspiciously. I assume that the NSA knows this. So if it's about spreading backdoors, they would make it look like an ordinary open source project, unrelated to the NSA. The NSA may well participate under cover in some other security related open source projects. So there is no reason to mistrust SELinux more than any other code.
Now some speculations: Probably they are so much ahead in the game of finding backdoors to Linux that there is no need to implement them actively. To the contrary they may be swamped with backdoors and built SELinux to reduce the involved code base and be able to get their own systems secure (SELinux is about separation, as far as I have understood). I believe that they actually want to raise suspicion by publishing SELinux under their own name and thus get the best code review available.
SELinux 'is not intended as a complete security solution for Linux' and they won't give us the complete solution once they have it.
If we want to secure us against the NSA, the only possibility is a full formal evaluation of all security related Linux code, something along the lines of the orange book or common criteria EAL 7. I don't know if this is achievable, but SELinux may be helpful (as it helps them with probably the same task).
Now the major distros can fork off a SELinux product. Just think about "NSA Secured Linux" or some such...IBM is probably gonna be all over this. Between the security enhancemnts and new file systems...i may finally have to live on the bleeding edge when the 2.5 serries comes out....
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
Somebody else already soundly debunked the Thompson article, which is unsupported,egotistical tripe any way you read it.
And if you're so convinced why don't you try going through the changes yourself? This isn't rocket science, you know.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Argh... why did I miss this thread until it was pushed into the sidebar.
.DLL can be exploited for full root) how many other departments will we see switch in the next few years?
I'm surprised no one mentioned this: does this mean that the U.S. goverment is going to do as some Slashdotters have suggested? They have, after all, found Microsoft guilty of breaking certain anti-trust laws. Perhaps this is the first move in divesting the government from being a customer of a convicted corporation.
Before Linux is ready for the U.S. government's sensitive information, time for a security overhaul. What better group to give that job to than the NSA? And they will play by the book and release the source, as they of all groups know the value of security through obscurity (none.) They might even get a few tips from Linux kernel hax0rs on possible 'sploits they disregarded, as they also know where the know-how (and the willingness to help out) is.
Now that one U.S. government agency will have a certified secure OS that they were able to review and alter the source code of, which doesn't have any backdoors and has true modular security (none of which can be said of closed-source Windows, where there is not six but one degree of separation and a bug in a minor support
-- Insert witty one-liner here. --
Well, actually none. The point of adding semi-sort-of B1 level security to Linux is to ensure that the various military-industrial companies have something more secure to use internally.
It's for the "vendors", and any backdoor would be illogical.
Security by obscurity is NOT an accepted tenet at NSA.
Though I'm glad the NSA has been so helpful; do you really think they would release a version that they didn't have a back door for?
Two more things:
1) Nobody debunked anything.
2) I am not particularly interested in Linux.
I'm sure you have to do more than that in order to live with that disgusting creature you call your wife.
Sounds much like Lotus Domino. Now there's a security architecture that would work well at the OS level.
You're confusing two different usages of "security" here. (And you forgot Bastille Linux, Blue Linux, Castle, & Openwall GNU/Linux as well.) And be very careful about using words like "ultra-secure". There isn't an ultra-secure Linux distribution.
These distros are "hardened" to resist exploits and intrustions, mostly by closing holes in configuration and patching vulnerabilities.
SELinux is =completely= different, even though the end result (especially to a potential intruder) is very similar.
SELinux changes how data is passed around inside the kernel and between components.
The debunking is self-evident to anyone who has any idea of what he's talking about. Thompson could create his mythical situation because he had complete control over both the input and output (compiler, code, and result).
THIS ISN'T POSSIBLE IN LINUX.
Please, if you don't know what you're yammering about, stop making noise.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Well, actually I just answered the previous poster's question - he wanted to know if there are any secure Linux distros. I gave him links to the ones that I knew of.
So, no, I didn't confuse different usages of security.
:wq!
There are two areas (at least) that are worth some concern:
Security is a function of the system, including hardware, software, firmware and operational procedures (backup and password policies, etc). It's foolish to wish for "security" from any single (uncertified) piece of the puzzle.
But - I WOULD like to be able to use SELinux as the basis for my own firewalls, web and DNS servers, smtp relays, etc. Not life threatening stuff, but things I need to make "more secure" from l10n style attacks. To do that, we need a rich library of pre-defined security policies for common services (bind 9.1, smtp 8.x, apache, etc) and to be sure the POLICIES are peer reviewed by the community.