Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Security-Enhanced Linux Release

Posted by timothy on from the tightening-up dept.

James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."

13 of 179 comments (clear)

  1. Good to hear by Anonymous Coward · · Score: 2, Insightful

    Good to hear that they're still actively working on this open source project, in light of the recent events. It seems at least some people at the NSA don't believe that banning security measures is the answer to all problems.

  2. Re:In times like these... by Anonymous Coward · · Score: 2, Insightful

    Backlash from the tragedy? Unless the tragedy you're referring to is the development of public key encryption, no. The leadership of the NSA (and related government entities such as the FBI) has been consistently demanding backdoors and key escrow for decades. The people in charge certainly have a homogeneous opinion, and the low level workers will not be making decisions about whether or not to add backdoors to anything.

  3. ...as far as I could throw 'em. by Cipher13 · · Score: 1, Insightful

    The NSA is responsible for national security... as the name implies.

    They desire (and probably have) access (however limited) to anything they want - private computer systems are a major hurdle in their mission to have complete access. What better way to change that than to release their OWN operating system, in the form of a Linux distro?

    They can't exactly introduce a brand new thing to compete with Windows or the MacOS; so join the Linux crowd. Perfect.

    Anyone who uses this is simply helping the NSA spin their web; and its getting bigger as always. Protect privacy... stick to YDL ;)

    1. Re:...as far as I could throw 'em. by RollingThunder · · Score: 5, Insightful

      Well, enough people have said "read the source yourself", so I won't go into that.

      Here's the other way to look at it... as in "why would they do this?". If you consider the security of the servers used by american businesses as a national concern (and remember that the US Govt has a LONG history of getting involved JUST to help businesses), then helping make a stronger, more secure Linux kernel *IS* a national security issue.

      I'd go on in more detail but it's 3:20 AM and my wife is complaining. :)

    2. Re:...as far as I could throw 'em. by leviramsey · · Score: 3, Insightful

      The NSA has two tasks charged to it: 1) obtaining elint in non-US nations and 2) preventing other nations from gaining elint in the US.

      Part of the second task is securing US government systems. Many US gov't installations can only use Solaris, HPUX, and a few related Unices because they are the only ones that meet the NSA's standards for security. I imagine that the NSA realizes that if Linux were to be an option, they could actually save some money (which, instead of being spent elsewhere in the gov't could be spent at NSA...).

  4. Here's a quarter... by FuShanks · · Score: 2, Insightful

    Go buy a clue.

    What offends *me* is your ignorance, gross generalizations, and knee-jerk reactions. By your logic I assume we should also outlaw writing. After all, they did find a letter with instructions for the terrorists. It's antiquated, hand-written messages like that that are the *real* danger to this country. Only through illiteracy can we be truly safe.

    As for me, I'm off to bed. No, really. I have to get some sleep before I go to work tomorrow.

    Jeez... I really hope this was just a sarcastic post that went over my head b/c I was sleepy... "Communist open source tools"? Yeah, it's gotta be a joke. No one could say that with a straight face and mean it.

    --
    like a knight in shining armor/from a long time ago
  5. Read the source... by Carnage4Life · · Score: 4, Insightful

    Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.

    Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.

    The NSA has published several research papers on on SE Linux as well as the OSes leading up to it (Flask, DTOS, DTMach) and it is hard to find malice in what they suggest should be how OSes should be improved security-wise.

    If you are so suspicious of SE Linux then don't install it or even better use the benefits of Open Source and actually read through source to see if the code matches what they claim in their research papers. Heck, diff the major source files against a stock distro and see what has changed and why. Open Source is of no benefit if people treat it like closed source and want everything handed to them on a platter.

  6. Re:Already Running a NSA Enhanced OS...Windows! by chabotc · · Score: 3, Insightful

    Sure the NSA deserves a good look to when they submit source to the community. However this over zealous style of responding is a bit weird.

    I mean, of all the companies contributing crypto and security work, who do you know you can -absolutely- trust?

    I would think the NSA has the most to gain if this worked well (less work for them defending the information of this country), and the most to loose of they were cought doing a conspiricy (in open source plain sight no less).

    Double check any submission that claims to enhance security? sure, sounds healthy to me, however singling out the NSA will only make out state of security worse.

  7. Irrational Paranoia by Carnage4Life · · Score: 4, Insightful

    Does anyone else worry about the NSA making the Linux kernel easy to modify? All I could think about while reading the above comment was "what else are they planning to put in?"

    The NSA creates a system where you can plug in the security architecture that you want and you complain? Would you rather that they hardcoded it so only NSA provided security features could be used?

    I guess it just goes to show that you can't please everyone.

  8. If you read the FAQ.. by maroberts · · Score: 4, Insightful

    ..you find that the changes are not about encryption, but preventing programs already on your system from doing something they shouldn't do. As the changes offer increased security from the basic kernel, the NSA won't be able to do anything with this that they can't do with your current system.

    As the NSA have released the source code for these changes I hardly see any reason why one should not run such a kernel. I may hesitate to run a binary from these guys, but if these changes get incorporated into the mainstream kernel I'll still run Linux.

    On another point, maybe it is worthwhile seeing what is required to get an increased security classification for Linux; the FAQ raises some interesting issues in the form of documentation and auditing. Maybe the first could be performed under the auspices of the LDP (Linux Documentation Project) and some of the other secure Linux distributors would be interested in coordinating the latter.

    If Linux was approved as a secure OS, then takeup by goverments would be much more enthusiastic, and as civil service employment would require at least Linux desktop knowledge, that would lead to a need for it to be taught in schools, which is where hopefully the next generation fo kids won't grow up to by Windows lusers. [bit like a reverse of the fear leads to anger...to the Dark Side argument, isn't it? :-) ]

    --

    Donte Alistair Anderson Roberts - hi son!
    Karma: Chameleon

  9. Re:Nice to see NSA contributing by Sunda666 · · Score: 2, Insightful

    Linux kernels are not *EXPORTED* from the U.S. , AFAIK

    --


    ``If a program can't rewrite its own code, what good is it?'' - Mel
  10. There's Open, and then There's Open by fm6 · · Score: 3, Insightful
    I don't think the NSA is particularly interested in "contributing" to anything. Their primary interest in security, and open source is just a means to that end.

    Not everybody who does Open Source is into the whole "community development" ideology. Some, such as the NSA and cryptography developers, are simply interested in the security advantages. Personally, I consider the main strength of Open Source to be its ability to create standards without falling into the design-by-committe trap. To see what I mean, compare KDE with CDE.

  11. Wow. by mindstrm · · Score: 3, Insightful

    Everyone is talking about either remote exploits, or encryption, or NSA backdoors...

    SElinux has NOTHING to do with any of those...
    IT's about intenral access controls for applications so they only have access to the resources they need to get the job done.

    So, in the future, say, a large, huge server can run *securely* where differnet internal users are safer from each other.