Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Security-Enhanced Linux Release

Posted by timothy on from the tightening-up dept.

James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."

8 of 179 comments (clear)

  1. Suggestion by Jailbrekr · · Score: 2, Informative

    as soon as it is mandatory for encryption to have a gov't controlled back door, fork the distribution and start developement outside of the USA, much like OpenBSD.

    The NSA is doing a bang up job, but their work will be seriously compromised if the USA Gov't is successful in legislating mandatory back doors in all encryption products.....

    --
    Feed the need: Digitaladdiction.net
  2. Very flexible, lots of hooks by khym · · Score: 5, Informative

    This is looking very nice. They're putting hooks into lots of places in the kernel. If the hooks themselves are accepted into the core kernel, then many of the different Linux security projects (like LIDS) will be able to work with little (or even no) kernel patching. It also has clean seperation between it's various components, so that anyone can plug in their own implentation of any of the sub-systems; thus, just like in Perl, ther'll be More Than One Way To Do It.

    --
    Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
  3. Re:Just the standard question.... by Captain+Bonzo · · Score: 4, Informative
    But, I'm sure it's not just me that would have to think twice or three times about installing an operating system produced by the governement agency responsible for spying on us...

    Normally this might be cause for concern, but it has the strength of being open source, so the patches can be scrutinised by the OS community and if there's something dodgy about it, you can bet your hard disk that word would get out.

    And if you're worried about the government slipping you dodgy binaries... compile from source!

  4. It's not about Crypto - It's about access control! by Anonymous Coward · · Score: 1, Informative

    There is nothing in these patches that has to do with crypto. Stop whining about back doors, and at least read the FAQ!

    They are trying to move toward a structure of access controls, to limit the scope of exploits. I think this is a worthwhile effort, and their approach (ie., explaining that this is -a- way of doing this vs. -the- way of doing this) is laudable.

  5. Re:Nice to see NSA contributing by willie150 · · Score: 2, Informative

    You're looking at it from the wrong way. Sure, crypto export limitations have been overturned (i think), but the lack of crypto in the kernel is because not everywhere else in the rest of the world is ok with it. Crypto is still illegal in some counties, and linux aims to be as usable by as many people as possible.

    --
    Better to stay silent, and let people think you're an idiot than to open your mouth and remove all doubt
  6. Re:I am hoping that security like this goes into 2 by SurfsUp · · Score: 3, Informative
    At the San Jose kernel summit earlier this year Linus blessed the concept of a pluggable/configurable kernel security system for Linux. The exact form of this interface is still being hashed out, but it is going to happen, in the 2.5 timeframe.

    With this new kernel interface you'll be able to set your system up to taste, with configurations running all the way from basic Unix security like we have now to the exotic super-security system flavor of the week.

    --
    Life's a bitch but somebody's gotta do it.
  7. Our National Security by Ray+Yang · · Score: 2, Informative

    You know, with all due respect, I think a lot of slashdotters have watched too many reruns of the X-Files. The NSA is an agency charged with defending the United States *against* threats to national security. As recent events (not WTC, but rather the slew of worms and virii) have demonstrated, one of the greatest threats to our electronic infrastructure is having a few gazillion easily hackable machines on the Internet. It's part of their mission to prevent that. After all, it's not like they haven't done it before.

    Yes, the NSA has acted to help Americans protect our secrets before. Why? Because it helps our country for banks, companies, and people to be able to do their work without fear of their private data being stolen. For those of us who follow encryption, recall that NSA helped IBM optimize DES against differential cryptanalysis, long before differential cryptanalysis was a public technique (yes, they also limited keylength, but presumably that was to set things up so that they could break in, but only in emergencies with a *lot* of effort -- it still takes 24-odd hours for modern specially designed machines to break DES, do you think the NSA could have done better in the late 70s?).

    Even when they were trying to foist Clipper off on us, the people over at NSA always acknowledged that helping Americans (and the global economy) maintain secure systems is a good thing. As lots of people have pointed out, SeLinux is about access controls, not encryption. The NSA has every reason to help develop secure products so that large groups of Internet servers are not easily hacked, and no reason to install a backdoor which anybody could discover (and, if unethical, exploit) simply by perusing the source code.

    That said, if you're qualified, feel free to browse the code -- being careful is good, but being paranoid and reflexively hostile to people who devote their lives to public service is bad.

  8. Simple by Anonymous Coward · · Score: 1, Informative

    Simple, The NSA is not only responsible for foreign signals intelligence, but is also responsible for PROTECTION of US communications from being exploited. Obviously it is in the best interest of United States for there to be an agency (in this case the NSA) providing a secure OS for use of the military, government and industrial complex.