Slashdot Mirror
NSA Releases Updated SELinux
darthcamaro writes "Looks like our federal tax dollars are hard at work - improving security on Linux! The NSA - you know the folks that are shadowy figures on X-files - have released the latest updates to SELinux (security enhanced). Internetnews.com has got a piece on it
where they talk to Gentoo and Red Hat about the release's significance."
I wonder how it compares to Tin Foil Hat Linux?
Anyone can provide contrast/comparisons?
What kinds of changes in SELinux would be NOT welcome in mainstream Linux distros?
I have been pwned because my
ScullyEnhanced Linux?
I'm in. Where do i get it?
mattdev@server$ touch
cannot touch `/dev/genitals': Permission denied
...backdoors!
Treehugger? Treehugger... Treehugger!
This comes right on the heels of a report by a security firm that Linux was the most vulnerable server OS...
On the other hand, I think this is a great example of why open source software is a good thing - anyone, the government included, can improve the software. I'm sure they feel much better about using an OS that they've personally inspected and tested than something else.
Whoooo nelly... It kind of makes you wonder what kind of "enhanced security" those boys loaded that thing up with?
I am guessing it will either somehow steal every bit of information, including your fingerprints
or be totally sweet
Seeing as any changes the NSA make are presumably only used internally by the agency, they are under no obligation to release the source. So this is quite a community spirited move on their part.
:-)
Unless of course they are trying to sneak some NSA backdoors into Linux kernels
Homme petit d'homme petit, s'attend, n'avale
Shadowy? Since when are the NSA guys "Shadowy"? I have an uncle who used to work for them (he's retired), and he's a great guy.
Although, that may describe why he always has those blind marks across his face.
When life gives you crap, Make Crapade.
Sluggy Freelance.
Does the security enhancements developed by the NSA slow down the kernel? Does it make it harder to set up services such as email or apache? How much more secure is it than a standard vanilla kernel?
I have not had the opportunity to play with SELinux but am interested in how it works, how difficult it is to set up properly and all that fun stuff
Can we expect that NSA will also do EAL5 for Linux for free?
I find extremely disheartening that our tax dollars go into products, ideas and research that is then turned around and used for the benefeit of ONE company (see big drug companies, defense contractors, and certain university proffesors). That just seems plain "un-american". Here we have a rare exception, our tax dollar going to improve something for ALL americans (and the world too).
Sadly Microsoft is lobbying to shut down the NSA's involvement in free software, claiming that the government is essentially "competing" with them. Somehow our tax dollar going to work securing windows isn't communist according to MS. Just if it also helps someone that ISN'T MS. Lets hope they fail.
In the end, this can only be a good thing for ALL OS designers. It helps them look at how the people that stay awake at night worrying a lot think about security in an operating system.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I guess NSA didn't get the memo -- or the lobbyists -- from SCO telling them that open source software was a security risk and that terrorists could use it to make their own supercomputer.
I distinctly remember reading that NSA stopped deveolpment on this project , under pressure from US govt. which was under pressure from Microsoft..So what happend now ? /. , so the authenticity of it is highly questionable.
But then again I read that on
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
I just want to toss out the notion that the general complaint that slashdot readers don't read the article, and the slashdot effect are mutually exclusive. There were only 8 replies to this thread when I clicked the main article link, and although it wasn't completely slashdotted, it was incredibly slow coming up.
My second comment is really a question: How do we weigh this up against Mr. McBride's letters to congressmen? It seems like they would probably lean on the NSA for advice on what's secure and what's not, rather than the seemed ravings of a madman.
I would also throw out a little pointer that probably one of the major reasons that the NSA is working on the Linux Kernel is simply because they can. I'm almost certain that if they had the ability to tweak security in MS, they would do so.
Kutos to the NSA for sharing it all with us.
Isn't this one of the best things to have happened to linux in the past year? How many operating systems can boast about having ***NSA***-quality security? Whether that's the whole story is another issue: this is marketing pure gold! That line in and of itself would be enough to catch the interest of most managers, I think. This may really kick open the door for Linux moving into the corporate space.
February 24, 2004
Linux Gets Security Boost from NSA
By Sean Michael Kerner
Most stories about government deployments of Linux involve a distributor helping various federal and municipal agencies install the open source operating system. But in this case, a federal agency is helping Linux.
The U.S. National Security Agency (NSA), also known as the codemakers and codebreakers cryptologic division within the Department of Defense, has helped to harden Linux with newly-released Security Enhanced Linux (SELinux) kernel modifications.
The latest release, which updates the base kernel to 2.6.3 and 2.4.24, contains numerous significant improvements to security in the open source operating system. The SELinux improvements mark a major breakthrough for Linux. Because of the NSA's contributions to the kernel, the new security features will now show up in mainstream distributions of Linux.
"Conditional policies are significant and also networking hooks were added, which makes SElinux all that much more powerful," Joshua Brindle, hardened Gentoo Linux Project Leader and the NSA's SELinux contributor, told internetnews.com.
"They also exported AVC (define) controls to userland to facilitate strong X-based access control and privilege separation," he added.
SELinux was released by the NSA under the GNU GPL open source license. SELinux is essentially a Linux Kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls.
"SELinux is important because mandatory access controls are essential to limiting access to daemons and users to only what they need. It also solves the age-old almighty powerful superuser problem in Linux," Gentoo's Brindle told internetnews.com.
"We stress however that it isn't an end-all solution, that it must be combined with additional layers of protection."
Debian, Gentoo and Red Hat Fedora's latest test release of Fedora Core 2 all currently make some use of SELinux. Red Hat also plans to incorporate SELinux into its next Red Hat Enterprise Linux release
This "marks an important milestone in what enterprises globally feel is an important issue," Red Hat spokesperson Leigh Day said of the SELinux update. "One of the first issues we hear from our customers when talking with them about solution requirements is security," she told internetnews.com. "Were pleased to be working with the NSA to bring SELinux to our distribution. We will incorporate SELinux fully in our next release of RHEL 4."
The Security-enhanced Linux kernel enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs.
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
http://www.nsa.gov/selinux/
Treehugger? Treehugger... Treehugger!
You can say whatever you like about backdoors and the like, but you can be goddamned sure i want some of the brightest minds in this country looking at the code i use as opposed to the dumbfucks that i graduate with that go to work for regular companies. As for the brightest minds? Just take a look at the requirements to work for the NSA vs. Microsoft (and NO, i'm not talking about security requirements).
If the NSA pored over the Windows code and made it secure, well, then you would have big government.
"It required a work force of 384 slaves, 34 slave drivers, 12 engineers, 2 turtle doves, and a partridge in a pear tree. The work was managed by a command team composed of 2345 bureaucrats, 2347 secretaries (at least two of whom could type), 12,256 paper shufflers, 52,469 rubber stampers, 245,193 red tape processors, and nearly one million dead trees."
A feeling of having made the same mistake before: Deja Foobar
" We have government spending money on OS now? I think like car-building, airlines and railway, the operating systems should be left to private commercial markets."
The govt. can spend money on product development if it is necessary for govt. functions. In this case, the NSA is extremely motivated to have a secure OS to store their secrets. Rereleasing their mods to the public seems like a way to get more bang out of your tax dollar by letting you use their improvements.
Vote for Pedro
Outsourcing spooks. Yeah, that'll work just spiffy.
KFG
I don't think the US. govt. is allowed to use GPL. Of course, they must honor the gpl for the rest of the linux kernel, however.
Vote for Pedro
i'm sure it can't hold a candle to BarbieOS !!
seeing as even federal government agencies already believe in the GPL.
Apparently, you don't understand the difference between a "page impression" and a "read". Now, here's what the normal slashdot user does:
1)clicks on link
2)looks for colorful photos
3)Presses Ctrl-F, then types "screeshots", then Enter
4)Clicks on any links he finds in that context.
5)If he finds nothing, clicks "Back", clicks "Reply", and makes an uninformed comment
Very little reading usually goes on; just viewage of pretty pictures. And, of course, this just makes the slashdot effect worse; text doesn't really hurt webservers as bad as big JPGs. That's why two hours after the posting on slashdot, the site admins are always back online with a text-only version of their site saying something like "I've never seen so much web activity in my life".
There were some selinux related posts on slashdot, consider checking www.rsbac.org too.
RBAC, MAC, ACL, extensible, malware-scan (virus protection on kernel ('access') level), network protection, other methods (FF,...) and whatever you wish
It's not financed by NSA, and not programmed in the US., can you be happier?
Anyhow, don't tell me SeLinux is better because.. it would cause a flame-thread only...
... is the NSA web site running on IIS?
(Yes, yes, I know that the web site will be totally physically separated from the spooks' computers...)
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
security -> tends to zero as Sum(Idiots) -> tends to infinity.
They spend money on it because they need to use it. I am sure the computer security required by the NSA is not met by most vanilla versions of OSes out there.
the combination of linux being open source plus the legal requirement that all US government employees must release code they develop as public domain results in SElinux.
in other cases it results in a very good statistical test suite being dumped into the public domain.
http://csrc.nist.gov/rng/
Alot of my Gentoo specific comments were taken out of the article so I'll provide them below:
MAC's are only the enforcement part, auditing is also very important and sadly something lacking in LSM. We are looking into different auditing schemes to compliment SELinux.
Recently we have completely integrated PaX memory protections into the SELinux policy. Unfortunatly Redhat's Ingo wrote execsheild, which he admits provides less protection so most of the SELinux camp is not interested in the work we are doing in this area.
We also provide much tighter policies by default whereas Redhat/Fedora has chosen to make the user domains much less restrictive and 'user-friendly'. This isn't in line with the goals we've cited on out page http://hardened.gentoo.org . While user friendliness is important taking restrictions away from domains inevitably loosens security.
one of the coolest gov agncies. Think really smart geeks working in secret for the greater good :)
The war with islam is a war on the beast
The war on terror is a war for peace
I'd rather pay taxes to support the stability of Linux, than to pay taxes to keep a piece of vulnerable software running any day.
"Instant gratification takes too long." - Carrie Fisher
Summary of Changes for SELinux
[classified@classified]
[classified@classified] fix broken (classified) in (classified).c
[classified@classified] changed (classified), added (classified)'s patch to (classified)
[classified@classified] (classified) (classified) with (classified)
Afraid to install SELinux but interested in what it does? The Hardened Gentoo project maintains a SELinux Demo Machine that allows you to ssh in as root. More information here: http://selinux.dev.gentoo.org/
When convenience nears zero, the machine has been dismounted into its smallest components and each component is mantained in a separate safe room at a different geographic location. In the limit, security is infinite when the machine being secured does not exist anymore and cannot be re-assembled - ie, it has been reduced to its original atoms and those were scattered in different places.
Ken Thompson's compiler hack
KFG
Just what 100% commercial private railway did you have in mind?
Almost all railways are national interests, including passenger service in the United States. Only _very_ recently has privatization become fashionable for railservice and it is usually marked by miserable failure. Take Britain where it was suggested that they basically dump British rail north of Manchester because there's no profit in servicing BFE. That's the point of state-owned services. The state will not dump a region simply because it isn't making a buck and the service is more important than profit.
The vast majority of airlines are state-sponsored (outside the U.S., that is) and vary from states as majority stakeholders to 100% state-ownership. American carriers being privately held is more the exception to the rule.
If not for massive government investment, international travel would still resemble an Indiana Jones plot line.
The government had always spent money in infrastructure, either directly or indirectly. The examples you choose illustrate this point.
Cars-building would not be so lucrative if there were not good roads. The government pays for these. In addition, most factories are now subsidized by tax incentives. We would probably have almost no cars built in this country if local and federal authorities did not pay the manufacturers to locate here.
In the early days airlines made their profits delivering mail. It was a while before they were independent. Also, airports are generally built and heavily subsidized by local and federal money.
It is my understanding that the railroads were given land. They wanted to own the rails so they built them, with immigrant labor, externalizing a number of costs related to said labor. Lately the rail lines have been complaining that they have to pay for maintain of the rails with the government pays for the airports. The difference is that the rail didn't want to share. Of course, the government spend huge amounts of money subsidizing the rail lines. Which is good because for many thing rail is more efficient than road or air. The rail people later used their exclusive use of the right-of-way to develop long distance telephone service, another thing that would not exist with heavy government support.
Operating systems are infrastructure. It is proper that the government helps to make sure that this important business tool is suitable. The government has always subsidized the development of these technologies through research grants, not to mention the computer time that gates and co original took from university computers. On a higher level, some analysts think much of the profit MS generates is due to specific tax breaks they have been given.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Only... The US government did NOT develop SELinux. A company named Secure Computing was contracted by the NSA to add aspects of their SecureOS (which runs their Sidewinder firewalls) to Linux.
SELinux has been going on for four years now. Moreover, the NSA doesn't certify this as some sort of bulletproof linux, it mostly just adds access controls (I'm guessing aka ACLs). Since nobody's been dumb enough to run around marketing the NSA's involvement and SELinux it really hasn't caught on much. Bandying about that the NSA has somehow "approved" of this kernel would likely result in a very pissed off NSA. Nobody, not even marketing, dicks with the NSA.
I Browse at +4 Flamebait
Open Source Sysadmin
Some services are harder to set up, because the permission issues get in the way, especially if they expect to have an all-powerful root doing the work for them, or if the application does lots of work to secure themselves (chroot jails, etc.), but most applications aren't affected much. Anything that does much with Setuid() can expect a radically different environment underneath.
The big security win is that you can define different security compartments, including one or more for the operating system itself, and applications can only read from lower-security-level compartments, not write to them. This means that even if somebody finds an egregious buffer overflow bug in your email client, and uses it to mail your precious files to kgbvax.dhs.gov, they still can't use that to r00t your machine, and it's very hard for them to accomplish much by leaving Trojan Horse files around in your home directory because root usually isn't allowed to read them without you explicitly authorizing them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
one motive other than kindness might be the endless stream of attacks on the nation's communication and commerce infrastructure due to poorly secured internet-attached servers (not just windows - there's been plenty of linux based root jobs too). perhaps the NSA takes it's role in protecting our nation a bit more seriously than you would think?
...are among other research projects paid for by government money. Don't tell me that those things would be better developed by private industry.
That's like saying we would be better off with 5 different (and incompatible) digital TV standards.
SCO vs. NSA
Day 1: Darl announces SCO will be suing the NSA
Day 2: Darl is missing and the SCO headquarters has mysteriously been hit by a US nuke.
OK, Darl says that Linux is a threat to National Security, but the NSA who is responsible for National Security contributes to Linux.... Therefore logic says that Linux is good for National Security. But Microsoft says that they are more secure than Linux. Who's on first, what's on second...
Yeeow! Nothing like a paradigm shift without using the clutch!
For about a year, NSA stopped talking about SELinux. Then one day there was an announcement in the Linux kernel mailing list that SELinux had been updated to the current kernel version and was becoming part of the mainstream kernel.
Now it's mainstream.
If my memory serves me correctly, didn't they stop developing their Linux tree a year or two ago? Because of some stupid ruling at political level, IIRC?
Please correct me if I'm wrong, as I can't remember. I'm happy to see them continue, as it now seems.
The SE Linux mailing list is a good place to ask questions about it, see http://www.nsa.gov/selinux/ for the details.
Also see #selinux on irc.freenode.net.
Then you can discuss it with the people who are involved in SE Linux development.
SE Linux has been going for a long time, I've been working on it for almost three years, and I wasn't involved at the start.
The NSA gets some significant benefits from releasing the code under the GPL. See the list of non-NSA contributors for a list of the work that was done for free by the community instead of having to be paid for by the NSA.
Russell Coker
As a former Airman who was a Systems Administrator, I definitely saw this first hand. Granted I got out 3 years ago, but that's definitely where it was headed. We were replacing rock-solid *nix boxes with buggy NT4 servers because "they ran windows." It certainly made some aspects of my job much more PITA. I'm sure you can imagine the wonderful experience of upgrading base-wide email servers to a central MS Exchange server. The one nice side to all the equipment "upgrading" is that before I left, I had a stack of Sun SparcStations, a few spare racks, some RAID arrays and a two high speed switiches, and some time on my hands. A few late nights, and voila! The best server on base thanks to Linux and clustering software. I even put OpenBSD on another one to act as a firewall. My commanders were impressed, but it would never go on the live network because the OSes weren't "certified." We also had 18 new Sun boxes sitting there ready to go with a custom USAF application loaded that we never used because a new "faster, better, cheaper" solution, that was slower, crashed all the time, & feature-lacking, was coming for the the new NT4 servers. Oh well...typical gov't spending...
Amigori
"The quality of life is determined by its activites."--Aristotle
*Meep* Wrong!
There are several ways to implement a backdoor, and many of them are practically invisible. There is no need at all to open a port and handle incoming traffic (wich would be very obvious). Instead if you want to implement a backdoor you could just leave some input-parameters of a service unchecked so it can be exploited by a buffer overflow. If anyone notices this flaw later you can still say "Ooops... but hey, everyone makes mistakes. I'll just fix it..."
I know that buffer-overflows are not a good example since they are not easily exploitable in SE-Linux anymore (iirc). But the basic concept remains still applicable.
Maybe thast's the reason a big Company like MS takes so long to correct some very simple bugs, like the one about BMP-files in IE (http://xforce.iss.net/xforce/xfdb/15210). As soon as they fixed all their bugs they would be forced to release a new Windows-Version with new backdoors^d^d^d^d^d^dvulnerabilities.
Who guarantees that MS really didn't know about some of the bugs initially and they didn't just provide a list to NSA?
regards,
q.kontinuum
Trolling is a art!
Personally, I would love to see SCO demanding money from the NSA for a linux license =) This should get rid of the SCO problem really fast ;-))