Slashdot Mirror
New Security-Enhanced Linux Release
James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."
Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
The NSA has published several research papers on on SE Linux as well as the OSes leading up to it (Flask, DTOS, DTMach) and it is hard to find malice in what they suggest should be how OSes should be improved security-wise.
If you are so suspicious of SE Linux then don't install it or even better use the benefits of Open Source and actually read through source to see if the code matches what they claim in their research papers. Heck, diff the major source files against a stock distro and see what has changed and why. Open Source is of no benefit if people treat it like closed source and want everything handed to them on a platter.
Well, enough people have said "read the source yourself", so I won't go into that.
:)
Here's the other way to look at it... as in "why would they do this?". If you consider the security of the servers used by american businesses as a national concern (and remember that the US Govt has a LONG history of getting involved JUST to help businesses), then helping make a stronger, more secure Linux kernel *IS* a national security issue.
I'd go on in more detail but it's 3:20 AM and my wife is complaining.
Does anyone else worry about the NSA making the Linux kernel easy to modify? All I could think about while reading the above comment was "what else are they planning to put in?"
The NSA creates a system where you can plug in the security architecture that you want and you complain? Would you rather that they hardcoded it so only NSA provided security features could be used?
I guess it just goes to show that you can't please everyone.
..you find that the changes are not about encryption, but preventing programs already on your system from doing something they shouldn't do. As the changes offer increased security from the basic kernel, the NSA won't be able to do anything with this that they can't do with your current system.
:-) ]
As the NSA have released the source code for these changes I hardly see any reason why one should not run such a kernel. I may hesitate to run a binary from these guys, but if these changes get incorporated into the mainstream kernel I'll still run Linux.
On another point, maybe it is worthwhile seeing what is required to get an increased security classification for Linux; the FAQ raises some interesting issues in the form of documentation and auditing. Maybe the first could be performed under the auspices of the LDP (Linux Documentation Project) and some of the other secure Linux distributors would be interested in coordinating the latter.
If Linux was approved as a secure OS, then takeup by goverments would be much more enthusiastic, and as civil service employment would require at least Linux desktop knowledge, that would lead to a need for it to be taught in schools, which is where hopefully the next generation fo kids won't grow up to by Windows lusers. [bit like a reverse of the fear leads to anger...to the Dark Side argument, isn't it?
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon