Slashdot Mirror
New Security-Enhanced Linux Release
James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."
I have to say, it really is nice to see the NSA contributing to an open source project in such a positive manner. Being "open" isn't exactly one of their usual activities. From the changelog it looks like they are really digging into the depths of the kernel too -- not just superficial changes. Is anyone running this in a production environment?
This is looking very nice. They're putting hooks into lots of places in the kernel. If the hooks themselves are accepted into the core kernel, then many of the different Linux security projects (like LIDS) will be able to work with little (or even no) kernel patching. It also has clean seperation between it's various components, so that anyone can plug in their own implentation of any of the sub-systems; thus, just like in Perl, ther'll be More Than One Way To Do It.
Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
Guys... come on. So far (at 1:26 am pst) Almost every post to this article is talking about encryption. Having an educated opinion is worth a lot more than an uneducated one. Do a little more research please :)
This is NOT encryption. What SELinux provides is stronger access control mechanisms. This means that users and programs only have access they need in order to get their job done.
This is a totally different thing from encryption. Encryption is one thing this is actually NOT touching. Encryption on most systems is useless if someone can break in and obtain the key needed to decript whatever you are trying to keep secret.
In a environment with better access control, it makes it a LOT harder for someone to actually gain that type of access. If someone breaks into your mail daemon or your http daemon, they only gain the rights that program had, nothing more.
I do agree however, that it is nice to see the government helping community (opensource/free speech) software. I think this is something we could use a lot more of.
Luke
Normally this might be cause for concern, but it has the strength of being open source, so the patches can be scrutinised by the OS community and if there's something dodgy about it, you can bet your hard disk that word would get out.
And if you're worried about the government slipping you dodgy binaries... compile from source!
Just when I thought it was safe to run Linux on my home PC there comes this news. I'm still trying to figure out what that mysterious NSA registry key in Windows does...yes, such a key really exists in Windows - do a search here on Slashdot or Google for more info.
Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
[I usually don't answer cut'n paste trolls...]
> What offends me (not to mention the 6000+ innocent dead and their grieving families) most
> about this story is, the terrorists made use of these kinds of communist open source tools to
> plan, communicate, and carry out their attack.
And they used "Microsoft Flight Simulator" for training.
It really offends me that millions of people are still using Microsoft products after this tragedy.
If the NSA really wanted to put out a piece of software they could use as a back door, they would do it discreetly. There is no advantage for them to introduce a back door into an open piece of software.
:)
This is not some new scheme to control the population... No doubt the people working on this are just geeks, whom are much like many of us here on slashdot.
I think we should applicate and WELCOME the fact that the government is spending our tax dollars on something that makes our community better. I personally would like to see a lot MORE involvement from the government on community (free speech/Open Source) projects. The government (not just U.S., but many of the governments world wide) has a lot of really talented people. People like this could do a lot of good for the community. (Although yes I admit, they could also do a lot of harm.)
I think this is a good step in the right direction and I hope to see a lot more of this in the future.
(And no, I do not work for the government.
Luke
Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
The NSA has published several research papers on on SE Linux as well as the OSes leading up to it (Flask, DTOS, DTMach) and it is hard to find malice in what they suggest should be how OSes should be improved security-wise.
If you are so suspicious of SE Linux then don't install it or even better use the benefits of Open Source and actually read through source to see if the code matches what they claim in their research papers. Heck, diff the major source files against a stock distro and see what has changed and why. Open Source is of no benefit if people treat it like closed source and want everything handed to them on a platter.
Well, enough people have said "read the source yourself", so I won't go into that.
:)
Here's the other way to look at it... as in "why would they do this?". If you consider the security of the servers used by american businesses as a national concern (and remember that the US Govt has a LONG history of getting involved JUST to help businesses), then helping make a stronger, more secure Linux kernel *IS* a national security issue.
I'd go on in more detail but it's 3:20 AM and my wife is complaining.
These are the ones I know about:
Trustix Secure Linux
Engarde Linux
Immunix (seem to ship a secured Red Hat)
Kaladix Linux
Can't say if they are any good, I'm afraid. I'm too happy running Debian!
-- shaka
:wq!
First of all, this in not about encryption.
:) Oh yeah, and it has to support single login.
Linux already has security at the group and user level. But that is not good enough security for the real world.
What security like this does is allow you very fine control over everything that a user or process is allowed to do or to access, right down to system calls.
So, your web server is running and only has read access to it's config files, and write access to its logs and can only call the system calls that it needs to do it's job.
Let's say that there is a buffer overflow in the web server and someone tried to exploit it. Geeze, they can't start a shell, because they don't have any access to a shell, the web server didn't need that access. So, even though there is a buffer overflow, they can't get a shell from it.
Let's say that somehow they got a shell from this activity, all that the shell would have access to would be the web server content, config files, and log files and they could execute cgi scripts. And nothing else. And the cgi scripts would be locked down even tighter than the web server was. They couldn't even see anything that wasn't web related.
The really nice thing about this level of security is that the concept of an all powerful root becomes almost meaningless. Any user can be granted specific rights to run certain programs.
This means that administrators for each subsystem can have the rights they need to do their job.
Where we do need encryption is a good directory service for Linux servers that would allow this level of security access controls at the enterprise level across 10's, 100's or even 10,000's of servers.
Imagine being able to add a new person to a single database and instantly give them the rights that they need to do their job across a network that spans the globe.
Or is that just me? *L*
Does anyone else worry about the NSA making the Linux kernel easy to modify? All I could think about while reading the above comment was "what else are they planning to put in?"
The NSA creates a system where you can plug in the security architecture that you want and you complain? Would you rather that they hardcoded it so only NSA provided security features could be used?
I guess it just goes to show that you can't please everyone.
..you find that the changes are not about encryption, but preventing programs already on your system from doing something they shouldn't do. As the changes offer increased security from the basic kernel, the NSA won't be able to do anything with this that they can't do with your current system.
:-) ]
As the NSA have released the source code for these changes I hardly see any reason why one should not run such a kernel. I may hesitate to run a binary from these guys, but if these changes get incorporated into the mainstream kernel I'll still run Linux.
On another point, maybe it is worthwhile seeing what is required to get an increased security classification for Linux; the FAQ raises some interesting issues in the form of documentation and auditing. Maybe the first could be performed under the auspices of the LDP (Linux Documentation Project) and some of the other secure Linux distributors would be interested in coordinating the latter.
If Linux was approved as a secure OS, then takeup by goverments would be much more enthusiastic, and as civil service employment would require at least Linux desktop knowledge, that would lead to a need for it to be taught in schools, which is where hopefully the next generation fo kids won't grow up to by Windows lusers. [bit like a reverse of the fear leads to anger...to the Dark Side argument, isn't it?
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
True enough. We can always ask why they put in the constant b4ckd00r and set it to binlLadenhasnoSkI11z.
I don't want knowledge. I want certainty. - Law, David Bowie
" backdoors will they put here?"
As has been said before ad nauseum, if there's a backdoor, it will be trivial to spot because it's open source. Distrust of the government only works if you're logical about it.
The NSA has two tasks charged to it: 1) obtaining elint in non-US nations and 2) preventing other nations from gaining elint in the US.
Part of the second task is securing US government systems. Many US gov't installations can only use Solaris, HPUX, and a few related Unices because they are the only ones that meet the NSA's standards for security. I imagine that the NSA realizes that if Linux were to be an option, they could actually save some money (which, instead of being spent elsewhere in the gov't could be spent at NSA...).
I'm getting sick of all the paranoid types here going on and on about how it's antithetical of the NSA to make a truly secure product for the masses, you can't trust them, blah blah blah...
Secure encryption is a matter of national security. It's a matter of an American company being able to keep its secrets secure from foreign competition (amongst other things). It's about AMD being able to make a new innovation, for instance, without having to worry about Hitachi "coincidentally" and suddenly patenting that same innovation before AMD gets to the patent office.
If you're going to have to rely on such a program for the validity of the economy (et al), there is no logical reason to shoot yourself in the foot by installing back doors in all such software. That secret back door cannot stay a secret forever. All it requires is one act of treason for that "secret" back door to be just about anything but (possibly even public domain).
Yes, I know the FBI wants escrow encryption, but even then that's only giving the Feds the ability to get to the keys to decrypt it (with a court order), not some magic key of their own. Because again, that magic key is one act of treason away from the public domain.
And here comes the flame...
It disturbs me how many posts on here all say the same thing: "It says 'NSA,' so therefore it must be bad." And yet, surprisingly enough, nobody has yet to find any such super secret NSA log-in account in the open source code. This gut reaction reminds me too much of the people who were saying as early as the evening of September 11th that it was all an ATF plot. Can't you people think differently for once, especially when there's no logical reason not to? I pity you for not being able to change gears every once in a while. If Congress passed a resolution delcaring the sky was blue, where would that leave you?
Blind distrust of the government is just as bad as blind trust, if not moreso. At least with blind trust it demonstrates the ability to trust something, and you can go out of the house every once in a while without putting your aluminum foil suit on...
With this new kernel interface you'll be able to set your system up to taste, with configurations running all the way from basic Unix security like we have now to the exotic super-security system flavor of the week.
Life's a bitch but somebody's gotta do it.
Not everybody who does Open Source is into the whole "community development" ideology. Some, such as the NSA and cryptography developers, are simply interested in the security advantages. Personally, I consider the main strength of Open Source to be its ability to create standards without falling into the design-by-committe trap. To see what I mean, compare KDE with CDE.
Everyone is talking about either remote exploits, or encryption, or NSA backdoors...
SElinux has NOTHING to do with any of those...
IT's about intenral access controls for applications so they only have access to the resources they need to get the job done.
So, in the future, say, a large, huge server can run *securely* where differnet internal users are safer from each other.