Slashdot Mirror
NSA Releases Updated SELinux
darthcamaro writes "Looks like our federal tax dollars are hard at work - improving security on Linux! The NSA - you know the folks that are shadowy figures on X-files - have released the latest updates to SELinux (security enhanced). Internetnews.com has got a piece on it
where they talk to Gentoo and Red Hat about the release's significance."
I wonder how it compares to Tin Foil Hat Linux?
Anyone can provide contrast/comparisons?
What kinds of changes in SELinux would be NOT welcome in mainstream Linux distros?
I have been pwned because my
ScullyEnhanced Linux?
I'm in. Where do i get it?
mattdev@server$ touch
cannot touch `/dev/genitals': Permission denied
This comes right on the heels of a report by a security firm that Linux was the most vulnerable server OS...
On the other hand, I think this is a great example of why open source software is a good thing - anyone, the government included, can improve the software. I'm sure they feel much better about using an OS that they've personally inspected and tested than something else.
Seeing as any changes the NSA make are presumably only used internally by the agency, they are under no obligation to release the source. So this is quite a community spirited move on their part.
:-)
Unless of course they are trying to sneak some NSA backdoors into Linux kernels
Homme petit d'homme petit, s'attend, n'avale
Does the security enhancements developed by the NSA slow down the kernel? Does it make it harder to set up services such as email or apache? How much more secure is it than a standard vanilla kernel?
I have not had the opportunity to play with SELinux but am interested in how it works, how difficult it is to set up properly and all that fun stuff
I find extremely disheartening that our tax dollars go into products, ideas and research that is then turned around and used for the benefeit of ONE company (see big drug companies, defense contractors, and certain university proffesors). That just seems plain "un-american". Here we have a rare exception, our tax dollar going to improve something for ALL americans (and the world too).
Sadly Microsoft is lobbying to shut down the NSA's involvement in free software, claiming that the government is essentially "competing" with them. Somehow our tax dollar going to work securing windows isn't communist according to MS. Just if it also helps someone that ISN'T MS. Lets hope they fail.
In the end, this can only be a good thing for ALL OS designers. It helps them look at how the people that stay awake at night worrying a lot think about security in an operating system.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I just want to toss out the notion that the general complaint that slashdot readers don't read the article, and the slashdot effect are mutually exclusive. There were only 8 replies to this thread when I clicked the main article link, and although it wasn't completely slashdotted, it was incredibly slow coming up.
My second comment is really a question: How do we weigh this up against Mr. McBride's letters to congressmen? It seems like they would probably lean on the NSA for advice on what's secure and what's not, rather than the seemed ravings of a madman.
I would also throw out a little pointer that probably one of the major reasons that the NSA is working on the Linux Kernel is simply because they can. I'm almost certain that if they had the ability to tweak security in MS, they would do so.
Kutos to the NSA for sharing it all with us.
Isn't this one of the best things to have happened to linux in the past year? How many operating systems can boast about having ***NSA***-quality security? Whether that's the whole story is another issue: this is marketing pure gold! That line in and of itself would be enough to catch the interest of most managers, I think. This may really kick open the door for Linux moving into the corporate space.
February 24, 2004
Linux Gets Security Boost from NSA
By Sean Michael Kerner
Most stories about government deployments of Linux involve a distributor helping various federal and municipal agencies install the open source operating system. But in this case, a federal agency is helping Linux.
The U.S. National Security Agency (NSA), also known as the codemakers and codebreakers cryptologic division within the Department of Defense, has helped to harden Linux with newly-released Security Enhanced Linux (SELinux) kernel modifications.
The latest release, which updates the base kernel to 2.6.3 and 2.4.24, contains numerous significant improvements to security in the open source operating system. The SELinux improvements mark a major breakthrough for Linux. Because of the NSA's contributions to the kernel, the new security features will now show up in mainstream distributions of Linux.
"Conditional policies are significant and also networking hooks were added, which makes SElinux all that much more powerful," Joshua Brindle, hardened Gentoo Linux Project Leader and the NSA's SELinux contributor, told internetnews.com.
"They also exported AVC (define) controls to userland to facilitate strong X-based access control and privilege separation," he added.
SELinux was released by the NSA under the GNU GPL open source license. SELinux is essentially a Linux Kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls.
"SELinux is important because mandatory access controls are essential to limiting access to daemons and users to only what they need. It also solves the age-old almighty powerful superuser problem in Linux," Gentoo's Brindle told internetnews.com.
"We stress however that it isn't an end-all solution, that it must be combined with additional layers of protection."
Debian, Gentoo and Red Hat Fedora's latest test release of Fedora Core 2 all currently make some use of SELinux. Red Hat also plans to incorporate SELinux into its next Red Hat Enterprise Linux release
This "marks an important milestone in what enterprises globally feel is an important issue," Red Hat spokesperson Leigh Day said of the SELinux update. "One of the first issues we hear from our customers when talking with them about solution requirements is security," she told internetnews.com. "Were pleased to be working with the NSA to bring SELinux to our distribution. We will incorporate SELinux fully in our next release of RHEL 4."
The Security-enhanced Linux kernel enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs.
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
http://www.nsa.gov/selinux/
Treehugger? Treehugger... Treehugger!
You can say whatever you like about backdoors and the like, but you can be goddamned sure i want some of the brightest minds in this country looking at the code i use as opposed to the dumbfucks that i graduate with that go to work for regular companies. As for the brightest minds? Just take a look at the requirements to work for the NSA vs. Microsoft (and NO, i'm not talking about security requirements).
Well, those who are able should be going over the source closely anyways. The adversaries are!
Remember, NSA has two mandates:
1) Help Americans secure their boxen, and
2) Be able to 0wnz0r any non-American's boxen.
Just because #2 gets all the press on Slashdot doesn't invalidate #1. The net effect of "more machines on the network are secure, even though some of those machines are used by non-Americans, and even if that fact makes some things a little more difficult for the other half of NSA" is still an increase in security for Americans.
SELinux is consistent with NSA's goals in providing a secure information infrastructure for US Citizens. Given that NSA knows that the code will be closely examined by both NSA-friendly and NSA-hostile folk alike, I'd expect SELinux code to be safe, and would treat such code with a policy of "trust, but verify." (More precisely: "Verify, but trust.")
So does the NSA :)
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
i'm sure it can't hold a candle to BarbieOS !!
Apparently, you don't understand the difference between a "page impression" and a "read". Now, here's what the normal slashdot user does:
1)clicks on link
2)looks for colorful photos
3)Presses Ctrl-F, then types "screeshots", then Enter
4)Clicks on any links he finds in that context.
5)If he finds nothing, clicks "Back", clicks "Reply", and makes an uninformed comment
Very little reading usually goes on; just viewage of pretty pictures. And, of course, this just makes the slashdot effect worse; text doesn't really hurt webservers as bad as big JPGs. That's why two hours after the posting on slashdot, the site admins are always back online with a text-only version of their site saying something like "I've never seen so much web activity in my life".
They spend money on it because they need to use it. I am sure the computer security required by the NSA is not met by most vanilla versions of OSes out there.
the combination of linux being open source plus the legal requirement that all US government employees must release code they develop as public domain results in SElinux.
in other cases it results in a very good statistical test suite being dumped into the public domain.
http://csrc.nist.gov/rng/
Alot of my Gentoo specific comments were taken out of the article so I'll provide them below:
MAC's are only the enforcement part, auditing is also very important and sadly something lacking in LSM. We are looking into different auditing schemes to compliment SELinux.
Recently we have completely integrated PaX memory protections into the SELinux policy. Unfortunatly Redhat's Ingo wrote execsheild, which he admits provides less protection so most of the SELinux camp is not interested in the work we are doing in this area.
We also provide much tighter policies by default whereas Redhat/Fedora has chosen to make the user domains much less restrictive and 'user-friendly'. This isn't in line with the goals we've cited on out page http://hardened.gentoo.org . While user friendliness is important taking restrictions away from domains inevitably loosens security.
I'd rather pay taxes to support the stability of Linux, than to pay taxes to keep a piece of vulnerable software running any day.
"Instant gratification takes too long." - Carrie Fisher
Summary of Changes for SELinux
[classified@classified]
[classified@classified] fix broken (classified) in (classified).c
[classified@classified] changed (classified), added (classified)'s patch to (classified)
[classified@classified] (classified) (classified) with (classified)
Afraid to install SELinux but interested in what it does? The Hardened Gentoo project maintains a SELinux Demo Machine that allows you to ssh in as root. More information here: http://selinux.dev.gentoo.org/
Just what 100% commercial private railway did you have in mind?
Almost all railways are national interests, including passenger service in the United States. Only _very_ recently has privatization become fashionable for railservice and it is usually marked by miserable failure. Take Britain where it was suggested that they basically dump British rail north of Manchester because there's no profit in servicing BFE. That's the point of state-owned services. The state will not dump a region simply because it isn't making a buck and the service is more important than profit.
The vast majority of airlines are state-sponsored (outside the U.S., that is) and vary from states as majority stakeholders to 100% state-ownership. American carriers being privately held is more the exception to the rule.
If not for massive government investment, international travel would still resemble an Indiana Jones plot line.
The government had always spent money in infrastructure, either directly or indirectly. The examples you choose illustrate this point.
Cars-building would not be so lucrative if there were not good roads. The government pays for these. In addition, most factories are now subsidized by tax incentives. We would probably have almost no cars built in this country if local and federal authorities did not pay the manufacturers to locate here.
In the early days airlines made their profits delivering mail. It was a while before they were independent. Also, airports are generally built and heavily subsidized by local and federal money.
It is my understanding that the railroads were given land. They wanted to own the rails so they built them, with immigrant labor, externalizing a number of costs related to said labor. Lately the rail lines have been complaining that they have to pay for maintain of the rails with the government pays for the airports. The difference is that the rail didn't want to share. Of course, the government spend huge amounts of money subsidizing the rail lines. Which is good because for many thing rail is more efficient than road or air. The rail people later used their exclusive use of the right-of-way to develop long distance telephone service, another thing that would not exist with heavy government support.
Operating systems are infrastructure. It is proper that the government helps to make sure that this important business tool is suitable. The government has always subsidized the development of these technologies through research grants, not to mention the computer time that gates and co original took from university computers. On a higher level, some analysts think much of the profit MS generates is due to specific tax breaks they have been given.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Some services are harder to set up, because the permission issues get in the way, especially if they expect to have an all-powerful root doing the work for them, or if the application does lots of work to secure themselves (chroot jails, etc.), but most applications aren't affected much. Anything that does much with Setuid() can expect a radically different environment underneath.
The big security win is that you can define different security compartments, including one or more for the operating system itself, and applications can only read from lower-security-level compartments, not write to them. This means that even if somebody finds an egregious buffer overflow bug in your email client, and uses it to mail your precious files to kgbvax.dhs.gov, they still can't use that to r00t your machine, and it's very hard for them to accomplish much by leaving Trojan Horse files around in your home directory because root usually isn't allowed to read them without you explicitly authorizing them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
OK, Darl says that Linux is a threat to National Security, but the NSA who is responsible for National Security contributes to Linux.... Therefore logic says that Linux is good for National Security. But Microsoft says that they are more secure than Linux. Who's on first, what's on second...
Yeeow! Nothing like a paradigm shift without using the clutch!
For about a year, NSA stopped talking about SELinux. Then one day there was an announcement in the Linux kernel mailing list that SELinux had been updated to the current kernel version and was becoming part of the mainstream kernel.
Now it's mainstream.