New Security-Enhanced Linux Release

← Back to Stories (view on slashdot.org)

New Security-Enhanced Linux Release

Posted by timothy on Sunday September 30, 2001 @07:53PM from the tightening-up dept.

James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."

3 of 179 comments (clear)

Min score:

Reason:

Sort:

Nice to see NSA contributing by lightray · 2001-09-30 19:58 · Score: 5, Interesting

I have to say, it really is nice to see the NSA contributing to an open source project in such a positive manner. Being "open" isn't exactly one of their usual activities. From the changelog it looks like they are really digging into the depths of the kernel too -- not just superficial changes. Is anyone running this in a production environment?
This is NOT Encription by |_uke · 2001-09-30 20:36 · Score: 5, Interesting

Guys... come on. So far (at 1:26 am pst) Almost every post to this article is talking about encryption. Having an educated opinion is worth a lot more than an uneducated one. Do a little more research please :)

This is NOT encryption. What SELinux provides is stronger access control mechanisms. This means that users and programs only have access they need in order to get their job done.

This is a totally different thing from encryption. Encryption is one thing this is actually NOT touching. Encryption on most systems is useless if someone can break in and obtain the key needed to decript whatever you are trying to keep secret.

In a environment with better access control, it makes it a LOT harder for someone to actually gain that type of access. If someone breaks into your mail daemon or your http daemon, they only gain the rights that program had, nothing more.

I do agree however, that it is nice to see the government helping community (opensource/free speech) software. I think this is something we could use a lot more of.

--
Luke
Re:Just the standard question.... by |_uke · 2001-09-30 21:37 · Score: 5, Interesting

If the NSA really wanted to put out a piece of software they could use as a back door, they would do it discreetly. There is no advantage for them to introduce a back door into an open piece of software.

This is not some new scheme to control the population... No doubt the people working on this are just geeks, whom are much like many of us here on slashdot.

I think we should applicate and WELCOME the fact that the government is spending our tax dollars on something that makes our community better. I personally would like to see a lot MORE involvement from the government on community (free speech/Open Source) projects. The government (not just U.S., but many of the governments world wide) has a lot of really talented people. People like this could do a lot of good for the community. (Although yes I admit, they could also do a lot of harm.)

I think this is a good step in the right direction and I hope to see a lot more of this in the future.
(And no, I do not work for the government. :)

--
Luke