Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Security-Enhanced Linux Release

Posted by timothy on from the tightening-up dept.

James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."

3 of 179 comments (clear)

  1. Very flexible, lots of hooks by khym · · Score: 5, Informative

    This is looking very nice. They're putting hooks into lots of places in the kernel. If the hooks themselves are accepted into the core kernel, then many of the different Linux security projects (like LIDS) will be able to work with little (or even no) kernel patching. It also has clean seperation between it's various components, so that anyone can plug in their own implentation of any of the sub-systems; thus, just like in Perl, ther'll be More Than One Way To Do It.

    --
    Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
  2. Re:Just the standard question.... by Captain+Bonzo · · Score: 4, Informative
    But, I'm sure it's not just me that would have to think twice or three times about installing an operating system produced by the governement agency responsible for spying on us...

    Normally this might be cause for concern, but it has the strength of being open source, so the patches can be scrutinised by the OS community and if there's something dodgy about it, you can bet your hard disk that word would get out.

    And if you're worried about the government slipping you dodgy binaries... compile from source!

  3. Re:I am hoping that security like this goes into 2 by SurfsUp · · Score: 3, Informative
    At the San Jose kernel summit earlier this year Linus blessed the concept of a pluggable/configurable kernel security system for Linux. The exact form of this interface is still being hashed out, but it is going to happen, in the 2.5 timeframe.

    With this new kernel interface you'll be able to set your system up to taste, with configurations running all the way from basic Unix security like we have now to the exotic super-security system flavor of the week.

    --
    Life's a bitch but somebody's gotta do it.