Slashdot Mirror
NSA Releases Updated SELinux
darthcamaro writes "Looks like our federal tax dollars are hard at work - improving security on Linux! The NSA - you know the folks that are shadowy figures on X-files - have released the latest updates to SELinux (security enhanced). Internetnews.com has got a piece on it
where they talk to Gentoo and Red Hat about the release's significance."
I wonder how it compares to Tin Foil Hat Linux?
Anyone can provide contrast/comparisons?
What kinds of changes in SELinux would be NOT welcome in mainstream Linux distros?
I have been pwned because my
We have government spending money on OS now?
I think like car-building, airlines and railway, the operating systems should be left to private commercial markets.
ScullyEnhanced Linux?
I'm in. Where do i get it?
mattdev@server$ touch
cannot touch `/dev/genitals': Permission denied
...backdoors!
Treehugger? Treehugger... Treehugger!
This comes right on the heels of a report by a security firm that Linux was the most vulnerable server OS...
On the other hand, I think this is a great example of why open source software is a good thing - anyone, the government included, can improve the software. I'm sure they feel much better about using an OS that they've personally inspected and tested than something else.
Whoooo nelly... It kind of makes you wonder what kind of "enhanced security" those boys loaded that thing up with?
I am guessing it will either somehow steal every bit of information, including your fingerprints
or be totally sweet
Seeing as any changes the NSA make are presumably only used internally by the agency, they are under no obligation to release the source. So this is quite a community spirited move on their part.
:-)
Unless of course they are trying to sneak some NSA backdoors into Linux kernels
Homme petit d'homme petit, s'attend, n'avale
Shadowy? Since when are the NSA guys "Shadowy"? I have an uncle who used to work for them (he's retired), and he's a great guy.
Although, that may describe why he always has those blind marks across his face.
When life gives you crap, Make Crapade.
Sluggy Freelance.
Does the security enhancements developed by the NSA slow down the kernel? Does it make it harder to set up services such as email or apache? How much more secure is it than a standard vanilla kernel?
I have not had the opportunity to play with SELinux but am interested in how it works, how difficult it is to set up properly and all that fun stuff
Can we expect that NSA will also do EAL5 for Linux for free?
I find extremely disheartening that our tax dollars go into products, ideas and research that is then turned around and used for the benefeit of ONE company (see big drug companies, defense contractors, and certain university proffesors). That just seems plain "un-american". Here we have a rare exception, our tax dollar going to improve something for ALL americans (and the world too).
Sadly Microsoft is lobbying to shut down the NSA's involvement in free software, claiming that the government is essentially "competing" with them. Somehow our tax dollar going to work securing windows isn't communist according to MS. Just if it also helps someone that ISN'T MS. Lets hope they fail.
In the end, this can only be a good thing for ALL OS designers. It helps them look at how the people that stay awake at night worrying a lot think about security in an operating system.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I guess NSA didn't get the memo -- or the lobbyists -- from SCO telling them that open source software was a security risk and that terrorists could use it to make their own supercomputer.
I distinctly remember reading that NSA stopped deveolpment on this project , under pressure from US govt. which was under pressure from Microsoft..So what happend now ? /. , so the authenticity of it is highly questionable.
But then again I read that on
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
I just want to toss out the notion that the general complaint that slashdot readers don't read the article, and the slashdot effect are mutually exclusive. There were only 8 replies to this thread when I clicked the main article link, and although it wasn't completely slashdotted, it was incredibly slow coming up.
My second comment is really a question: How do we weigh this up against Mr. McBride's letters to congressmen? It seems like they would probably lean on the NSA for advice on what's secure and what's not, rather than the seemed ravings of a madman.
I would also throw out a little pointer that probably one of the major reasons that the NSA is working on the Linux Kernel is simply because they can. I'm almost certain that if they had the ability to tweak security in MS, they would do so.
Kutos to the NSA for sharing it all with us.
Isn't this one of the best things to have happened to linux in the past year? How many operating systems can boast about having ***NSA***-quality security? Whether that's the whole story is another issue: this is marketing pure gold! That line in and of itself would be enough to catch the interest of most managers, I think. This may really kick open the door for Linux moving into the corporate space.
I'll know they're really shadowy figures when they take that 'released' Microsoft code and clean it up and re-release it. :-)
A feeling of having made the same mistake before: Deja Foobar
Isn't this the same NSA that melted down their 3-million-processor crypto computer by fiddling with a "mutations strings" virus?
February 24, 2004
Linux Gets Security Boost from NSA
By Sean Michael Kerner
Most stories about government deployments of Linux involve a distributor helping various federal and municipal agencies install the open source operating system. But in this case, a federal agency is helping Linux.
The U.S. National Security Agency (NSA), also known as the codemakers and codebreakers cryptologic division within the Department of Defense, has helped to harden Linux with newly-released Security Enhanced Linux (SELinux) kernel modifications.
The latest release, which updates the base kernel to 2.6.3 and 2.4.24, contains numerous significant improvements to security in the open source operating system. The SELinux improvements mark a major breakthrough for Linux. Because of the NSA's contributions to the kernel, the new security features will now show up in mainstream distributions of Linux.
"Conditional policies are significant and also networking hooks were added, which makes SElinux all that much more powerful," Joshua Brindle, hardened Gentoo Linux Project Leader and the NSA's SELinux contributor, told internetnews.com.
"They also exported AVC (define) controls to userland to facilitate strong X-based access control and privilege separation," he added.
SELinux was released by the NSA under the GNU GPL open source license. SELinux is essentially a Linux Kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls.
"SELinux is important because mandatory access controls are essential to limiting access to daemons and users to only what they need. It also solves the age-old almighty powerful superuser problem in Linux," Gentoo's Brindle told internetnews.com.
"We stress however that it isn't an end-all solution, that it must be combined with additional layers of protection."
Debian, Gentoo and Red Hat Fedora's latest test release of Fedora Core 2 all currently make some use of SELinux. Red Hat also plans to incorporate SELinux into its next Red Hat Enterprise Linux release
This "marks an important milestone in what enterprises globally feel is an important issue," Red Hat spokesperson Leigh Day said of the SELinux update. "One of the first issues we hear from our customers when talking with them about solution requirements is security," she told internetnews.com. "Were pleased to be working with the NSA to bring SELinux to our distribution. We will incorporate SELinux fully in our next release of RHEL 4."
The Security-enhanced Linux kernel enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs.
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
http://www.nsa.gov/selinux/
Treehugger? Treehugger... Treehugger!
As grande as nachos!
You can say whatever you like about backdoors and the like, but you can be goddamned sure i want some of the brightest minds in this country looking at the code i use as opposed to the dumbfucks that i graduate with that go to work for regular companies. As for the brightest minds? Just take a look at the requirements to work for the NSA vs. Microsoft (and NO, i'm not talking about security requirements).
If the NSA pored over the Windows code and made it secure, well, then you would have big government.
"It required a work force of 384 slaves, 34 slave drivers, 12 engineers, 2 turtle doves, and a partridge in a pear tree. The work was managed by a command team composed of 2345 bureaucrats, 2347 secretaries (at least two of whom could type), 12,256 paper shufflers, 52,469 rubber stampers, 245,193 red tape processors, and nearly one million dead trees."
A feeling of having made the same mistake before: Deja Foobar
The backdoor thing is quite interesting. If you were a terrorist in foreign country X, what version of OS would you like: the vanilla linux from whatever company ooooorrrrr the linux that one of the most elite, secret organizations from the most powerful country in the world uses? (that is not a US-horn-toot...it is making the case for the quality of the code)
Then if you were the NSA, who do you think would want this code the most? You got it.
I don't think the US. govt. is allowed to use GPL. Of course, they must honor the gpl for the rest of the linux kernel, however.
Vote for Pedro
i'm sure it can't hold a candle to BarbieOS !!
seeing as even federal government agencies already believe in the GPL.
Apparently, you don't understand the difference between a "page impression" and a "read". Now, here's what the normal slashdot user does:
1)clicks on link
2)looks for colorful photos
3)Presses Ctrl-F, then types "screeshots", then Enter
4)Clicks on any links he finds in that context.
5)If he finds nothing, clicks "Back", clicks "Reply", and makes an uninformed comment
Very little reading usually goes on; just viewage of pretty pictures. And, of course, this just makes the slashdot effect worse; text doesn't really hurt webservers as bad as big JPGs. That's why two hours after the posting on slashdot, the site admins are always back online with a text-only version of their site saying something like "I've never seen so much web activity in my life".
There were some selinux related posts on slashdot, consider checking www.rsbac.org too.
RBAC, MAC, ACL, extensible, malware-scan (virus protection on kernel ('access') level), network protection, other methods (FF,...) and whatever you wish
It's not financed by NSA, and not programmed in the US., can you be happier?
Anyhow, don't tell me SeLinux is better because.. it would cause a flame-thread only...
... is the NSA web site running on IIS?
(Yes, yes, I know that the web site will be totally physically separated from the spooks' computers...)
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
security -> tends to zero as Sum(Idiots) -> tends to infinity.
the combination of linux being open source plus the legal requirement that all US government employees must release code they develop as public domain results in SElinux.
in other cases it results in a very good statistical test suite being dumped into the public domain.
http://csrc.nist.gov/rng/
.....Microsoft.
Let them continue to believe they can defeat FOSS
Alot of my Gentoo specific comments were taken out of the article so I'll provide them below:
MAC's are only the enforcement part, auditing is also very important and sadly something lacking in LSM. We are looking into different auditing schemes to compliment SELinux.
Recently we have completely integrated PaX memory protections into the SELinux policy. Unfortunatly Redhat's Ingo wrote execsheild, which he admits provides less protection so most of the SELinux camp is not interested in the work we are doing in this area.
We also provide much tighter policies by default whereas Redhat/Fedora has chosen to make the user domains much less restrictive and 'user-friendly'. This isn't in line with the goals we've cited on out page http://hardened.gentoo.org . While user friendliness is important taking restrictions away from domains inevitably loosens security.
I just wish they included instructions for the manufacture of a proper tin foil hat..
Fuck,
Paranoid++
one of the coolest gov agncies. Think really smart geeks working in secret for the greater good :)
The war with islam is a war on the beast
The war on terror is a war for peace
Anyone know much much of SELinux MITRE contributed?
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I'd rather pay taxes to support the stability of Linux, than to pay taxes to keep a piece of vulnerable software running any day.
"Instant gratification takes too long." - Carrie Fisher
This is a great thing to add to Linux, but is it secure enough to keep even the FBI out of your sensitive information?
PLZ REPOST ENTIRE SERIES WITH INDEXES LIKE [7/42]
THX
Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.
Summary of Changes for SELinux
[classified@classified]
[classified@classified] fix broken (classified) in (classified).c
[classified@classified] changed (classified), added (classified)'s patch to (classified)
[classified@classified] (classified) (classified) with (classified)
Afraid to install SELinux but interested in what it does? The Hardened Gentoo project maintains a SELinux Demo Machine that allows you to ssh in as root. More information here: http://selinux.dev.gentoo.org/
When convenience nears zero, the machine has been dismounted into its smallest components and each component is mantained in a separate safe room at a different geographic location. In the limit, security is infinite when the machine being secured does not exist anymore and cannot be re-assembled - ie, it has been reduced to its original atoms and those were scattered in different places.
Ken Thompson's compiler hack
KFG
Come on, out of all the contributions to the Linux kernel, don't you think that the ones that the NSA contribute are of the MOST audited??
I know it's a joke, but come on. That's like saying "Oh, here's the blueprints to my house, with 200% more SECRET PASSAGEWAYS to my nuclear reactor!"
It is pitch black. You are likely to be eaten by a grue.
The problem with this is that it requires one to distribute binaries. There has to be a compromised binary compiler for this to work. The NSA isn't shipping any binaries; it's all source code.
Unless gcc was compromised a long time ago, this isn't likely to become a widespread problem.
We don't need the NSA government helping out on this.
People don't exist to serve systems, systems exist to serve people.
Absolutely. My part in this thread began with a joke.
KFG
And i guess that the NSA has no motives of their own in probing linux security and getting the assistance of contributing coders given that a number of foreign governments (china, etc) are moving towards adopting linux in secure environments. Anyone have any thoughts about the ethical issues of contributing code to a government agency like the NSA? Putting on my tin-foil-hat Paco
Only... The US government did NOT develop SELinux. A company named Secure Computing was contracted by the NSA to add aspects of their SecureOS (which runs their Sidewinder firewalls) to Linux.
SELinux has been going on for four years now. Moreover, the NSA doesn't certify this as some sort of bulletproof linux, it mostly just adds access controls (I'm guessing aka ACLs). Since nobody's been dumb enough to run around marketing the NSA's involvement and SELinux it really hasn't caught on much. Bandying about that the NSA has somehow "approved" of this kernel would likely result in a very pissed off NSA. Nobody, not even marketing, dicks with the NSA.
I Browse at +4 Flamebait
Open Source Sysadmin
NSA is a great organization. Could be worse. You could be in the USAF where you have to consume mass quantities of MS Windows stuff, for almost everything. Some days I think MS owns part of USAF.
Some services are harder to set up, because the permission issues get in the way, especially if they expect to have an all-powerful root doing the work for them, or if the application does lots of work to secure themselves (chroot jails, etc.), but most applications aren't affected much. Anything that does much with Setuid() can expect a radically different environment underneath.
The big security win is that you can define different security compartments, including one or more for the operating system itself, and applications can only read from lower-security-level compartments, not write to them. This means that even if somebody finds an egregious buffer overflow bug in your email client, and uses it to mail your precious files to kgbvax.dhs.gov, they still can't use that to r00t your machine, and it's very hard for them to accomplish much by leaving Trojan Horse files around in your home directory because root usually isn't allowed to read them without you explicitly authorizing them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Man, to think Mr. Gates has to spend company money to secure his OS, whereas Linux users (in the U.S.) just need to pay their taxes to get an extra secure system.
And at least for me, knowing that the NSA is using Fedora Core 2 as a development platform makes me more likely to use it than other distros (although admittedly I already had a liking for Fedora Core for the get go). Perhaps it's stupid to let a thing like that sway me, but it definitely adds to a conversation...
Friend: Linux? Huh?
Me: Ya, it's an OS that even has the NSA making security patches for it too.
Friend: Nice. But does it play my games?
Me: Doh!
There was some lobbying thing and managers
getting nervous. The web site got pulled even.
Then, after a bit of review and realizing that
the government uses Linux all over, the SELinux
team was allowed to keep going.
Many shadowy, extralegal groups such as the NSA, CIA, FBI, RNC, etc., have a strong need (at least they feel they do) to view any part of your hard drive's contents and read your communications, regardless of any encryption system you may have used.
I think we must assume that western governments have that capability already. How do you think they would have accomplished it? At the hardware level? How do any of us really know what's inside those chips?
Not trying to be a dittohead, just trying to underscore a well-constructed point.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
...are among other research projects paid for by government money. Don't tell me that those things would be better developed by private industry.
That's like saying we would be better off with 5 different (and incompatible) digital TV standards.
Am I the only person who finds it surprising that no one tried to register "Adolph Hitler" until the 700,000's in user id's?
most people go on slashdot for one of two purposes... to read an interesting article, or to look for a place to dispense their opinion.
Only a small minority of slashdotters do both tasks (and necessarily in that order!)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
SCO vs. NSA
Day 1: Darl announces SCO will be suing the NSA
Day 2: Darl is missing and the SCO headquarters has mysteriously been hit by a US nuke.
OK, Darl says that Linux is a threat to National Security, but the NSA who is responsible for National Security contributes to Linux.... Therefore logic says that Linux is good for National Security. But Microsoft says that they are more secure than Linux. Who's on first, what's on second...
Yeeow! Nothing like a paradigm shift without using the clutch!
For about a year, NSA stopped talking about SELinux. Then one day there was an announcement in the Linux kernel mailing list that SELinux had been updated to the current kernel version and was becoming part of the mainstream kernel.
Now it's mainstream.
I'll leave all the assumptions of motive to those who will pretend they know, but won't this be a sticking point to adoption in countries who are looking for security and may not be trusting of our government or our NSA? While the changes are GPL'd and therefore must disclose source code, read back up the page if you don't think the NSA has something close to mythical stature in many eyes. Tin foil hats aside, appearances matter, especially to bureaucracies where (wonder of wonders) there may be a chance of someone making high-level decisions without reviewing millions of lines of source code first. Before flaming, note that my hymnal comes from your church. This is merely a discussion point.
If my memory serves me correctly, didn't they stop developing their Linux tree a year or two ago? Because of some stupid ruling at political level, IIRC?
Please correct me if I'm wrong, as I can't remember. I'm happy to see them continue, as it now seems.
I have had numerous occasions to work with folks from NSA, NIMA (now GIA), DSS and others on projects. Despite the Hollywood induced perception that the GP has of them, they are normal guys like you and I that are: 1.) Just REALLY good at what they do, and 2.) Will do it for less money than they could in the private sector because they feel a patriotic duty to do so. Back doors...? Give me a break guys, it's Open Source for Pete's sake. You don't think the guys maintaining the kernel have a looksee?
Adolf_Hitler is 199999
Hitler is 149274
The SE Linux mailing list is a good place to ask questions about it, see http://www.nsa.gov/selinux/ for the details.
Also see #selinux on irc.freenode.net.
Then you can discuss it with the people who are involved in SE Linux development.
SE Linux has been going for a long time, I've been working on it for almost three years, and I wasn't involved at the start.
The NSA gets some significant benefits from releasing the code under the GPL. See the list of non-NSA contributors for a list of the work that was done for free by the community instead of having to be paid for by the NSA.
Russell Coker
I know that you're joking, but I think that that only exists in Windows (Google 'NSAKey' ...)
Not only would they never get away with it in open source, but they DO work to uphold US interests/communications even as they work to intercept foreign communication... (read up about the hardened S-Boxes in DES, long before we knew of differential cryptanalysis...)
No wonder she dumped that dork ken.
If you're an engineer, then yes, Windows has infinite convenience. Otherwise if you're a mathematician, windows has "Undefined" Convenience. Which is better?
"So for standalone home desktops, it's mostly not nescesary, but for Banks, the military, and others than need a major paper trail for everything it's worthwhile."
I disagree. Why? Because it makes the "As Linux becomes more popular. It will be attacked and exploited more...like Windows" argument harder to make.
Shouldn't they work on a BSD licensed OS and release any changes under the BSD license? It is tax payers money and that has traditionally meant that everyone should be able to benefit from it once it is made public. A gpl license prevents companies like Microsoft from using it for their products. I know most gpl freaks love that, but that is not how it should work. Besides, if they released under bsd license on one of the *BSDs, then the linux community would have to copy the code and claim it under GPL. Isn't that all they are good for anyway? I guess they chose linux because the BSD community is well on their way on implementing MAC into their systems.
You are right about that. I think that's generally what people complain about too; there are those who wish the groups intersected more. Prefferably, people would like to read and write, in that order.
However, even of those people who you claim would like to "read an interesting article," I still contend that the first four steps are usually followed. Of those people who don't post, the majority are still looking for pretty pictures. That's why sites like kde-look.org are so popular. That's also why almost any OSS software nowadays includes a screenshots section in their website.
*Meep* Wrong!
There are several ways to implement a backdoor, and many of them are practically invisible. There is no need at all to open a port and handle incoming traffic (wich would be very obvious). Instead if you want to implement a backdoor you could just leave some input-parameters of a service unchecked so it can be exploited by a buffer overflow. If anyone notices this flaw later you can still say "Ooops... but hey, everyone makes mistakes. I'll just fix it..."
I know that buffer-overflows are not a good example since they are not easily exploitable in SE-Linux anymore (iirc). But the basic concept remains still applicable.
Maybe thast's the reason a big Company like MS takes so long to correct some very simple bugs, like the one about BMP-files in IE (http://xforce.iss.net/xforce/xfdb/15210). As soon as they fixed all their bugs they would be forced to release a new Windows-Version with new backdoors^d^d^d^d^d^dvulnerabilities.
Who guarantees that MS really didn't know about some of the bugs initially and they didn't just provide a list to NSA?
regards,
q.kontinuum
Trolling is a art!
F*ck! The tinfoilhat-tags around "Maybe thats's" and "NSA?" are not shown. Should have used the preview...
Trolling is a art!
Personally, I would love to see SCO demanding money from the NSA for a linux license =) This should get rid of the SCO problem really fast ;-))
Just curious why No Such Agency suddenly got interested in making everyones computer more secure.
They are the guys who has set limits on encryption strenght because they enjoy to know the most about most people.
Watch "Enemy Of the State" (I know, it's blown up a "bit"), but I find this hard to believe. Rumours have it, that NSA has specially crafted backdoors in Windows and OS X, but since Linux is open-source this may need to get a different wrapping?
I just have to leave an Echelon trigger: "Allah is great, Allah is strong". - I'm not a muslim.
NSA kids page, kewl,
http://www.nsa.gov/kids/intro.htm
Everyone's saying how easy it is to put back doors in and keep them invisible. That's not really the point. MS always talked about security through obfuscation, one of the supposed advantages of keeping source code to themselves. But the real truth is, it places the power to corrupt in the hands of a few, and that is a problem. It's a problem because what if people did build back doors into Windows source? How would anyone know, regardless of how obvious they were? What if the source gets out (as it recently did)?
But the real issue is: what if someone finds a security hole that looks a lot more like an intentional back door than a mistake? With Windows, what are the chances anyone'd be able to prove that without the source? There'd always be doubters no matter how tight the case. On the other hand, with the code the NSA just released, if anyone were to find an obvious back door--even what looked like an intentionally sloppy hole--how do you suppose that would play for the most secretive, shadowy government organization?
The right answer is: not too well. The good thing about open source is that it invites you to try this kind of subterfuge, but it forces you to stake your credibility on that gamble. With all the propeller heads and tinfoil hats floating around the linux community, that's a pretty bad bet. And you know what, I'm allowed to say this only because there's such a large contingent of linux people that will read this argument and not believe it's enough to keep linux secure. There's a lot that will say, sure that's a fine and dandy argument, but I prefer to check it out for myself. And it's exactly this disagreement, this marketplace of conflicting ideas, that makes my statement above true...because these are exactly the same people that would expose these back doors.
It's like -1 trying to make itself more negative by multiplying itself by another -1. Wait a minute...it's not like that at all.
sev
but have you considered the following argument: shut up.
Is this the primary difference?
Is this why all the extra policies?
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Anybody care to comment on SElinux vs. the capability based systems vs. IBM's RACF (Resource Access Computer Facility?) stuff?
heh.
/tmp/nice_work
/tmp is interesting.
Go on, ls
You know you have to.
ls -la
When you go to the bakery, do you whine because they don't sell auto parts?
Can anyone comment on how well (or poorly) Medusa DS9 Security System compares with SELinux?
Would that be anything that's NOT part of the government? Or maybe anything that's not part of the NSA like the FBI or the CIA?
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.
Would many people here trust anything any department of the US government come up with?
When I want security I want security that works, not something that is likely full of NSA backdoors.
"In Theo we trust."
Do they offer indemnification against rabid companies? No?
Ooooh, they must be insecure about their release.