Slashdot Mirror
New Security-Enhanced Linux Release
James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."
I have to say, it really is nice to see the NSA contributing to an open source project in such a positive manner. Being "open" isn't exactly one of their usual activities. From the changelog it looks like they are really digging into the depths of the kernel too -- not just superficial changes. Is anyone running this in a production environment?
This is looking very nice. They're putting hooks into lots of places in the kernel. If the hooks themselves are accepted into the core kernel, then many of the different Linux security projects (like LIDS) will be able to work with little (or even no) kernel patching. It also has clean seperation between it's various components, so that anyone can plug in their own implentation of any of the sub-systems; thus, just like in Perl, ther'll be More Than One Way To Do It.
Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
Guys... come on. So far (at 1:26 am pst) Almost every post to this article is talking about encryption. Having an educated opinion is worth a lot more than an uneducated one. Do a little more research please :)
This is NOT encryption. What SELinux provides is stronger access control mechanisms. This means that users and programs only have access they need in order to get their job done.
This is a totally different thing from encryption. Encryption is one thing this is actually NOT touching. Encryption on most systems is useless if someone can break in and obtain the key needed to decript whatever you are trying to keep secret.
In a environment with better access control, it makes it a LOT harder for someone to actually gain that type of access. If someone breaks into your mail daemon or your http daemon, they only gain the rights that program had, nothing more.
I do agree however, that it is nice to see the government helping community (opensource/free speech) software. I think this is something we could use a lot more of.
Luke
If the NSA really wanted to put out a piece of software they could use as a back door, they would do it discreetly. There is no advantage for them to introduce a back door into an open piece of software.
:)
This is not some new scheme to control the population... No doubt the people working on this are just geeks, whom are much like many of us here on slashdot.
I think we should applicate and WELCOME the fact that the government is spending our tax dollars on something that makes our community better. I personally would like to see a lot MORE involvement from the government on community (free speech/Open Source) projects. The government (not just U.S., but many of the governments world wide) has a lot of really talented people. People like this could do a lot of good for the community. (Although yes I admit, they could also do a lot of harm.)
I think this is a good step in the right direction and I hope to see a lot more of this in the future.
(And no, I do not work for the government.
Luke
Well, enough people have said "read the source yourself", so I won't go into that.
:)
Here's the other way to look at it... as in "why would they do this?". If you consider the security of the servers used by american businesses as a national concern (and remember that the US Govt has a LONG history of getting involved JUST to help businesses), then helping make a stronger, more secure Linux kernel *IS* a national security issue.
I'd go on in more detail but it's 3:20 AM and my wife is complaining.