Red Hat Seeks to Deliver Most Secure Linux

Jack writes "ITO is running a story on Red Hat's plan to become the most secure Linux platform. From the article: "Red Hat officially joined The National Information Assurance Partnership to bring an improved level of security and assurance to Linux. This means that the next version of Red Hat Enterprise Linux will contain kernel and Security Enhanced Linux policy enhancements, developed by IBM, Red Hat, TCS, NSA and the community.""

RedHat poised to become the next Microsoft

[kianu7]

The book Animal Farm was about animals on a farm that resented being under the control of humans. Their motto was something to the effect of "4 legs good, 2 legs bad" meaning that everyone with 2 legs was bad. Over the course of the book, the pigs started to take over the leadership role, championing the causes of the other animals and ultimately displacing the humans. For a period of time all was well, but by the end of the book the pigs had started walking on 2 legs and were no better than the original, human leadership team.

As sections of the Linux community, such as RedHat, start merging with big businesses, such as IBM, we have to wonder how long it will be before the Red Hat team starts walking on 2 legs...RedHat could be well on it's way to becoming the next Microsoft.

Re:RedHat poised to become the next Microsoft

[99BottlesOfBeerInMyF]

RedHat could be well on it's way to becoming the next Microsoft.

I think you are mistaken. It is entirely probable that RedHat the company will partner up with lots of big businesses. Big businesses, however, want a commodity OS, competitive advantages, and for that matter, open source at this point. Having been burned by MS for so long, many companies at the heart of the Linux community are unlikely to swiftly move to closed formats, APIs, code, etc. Even assuming RedHat did exactly that, introducing formats and closed source code as much as possible, they are still working on a base that is GPL and that they cannot close and still sell. That means there is nothing stopping others from modifying that code or even redistributing it. RedHat would basically have to write their own OS from scratch or based upon BSD licensed code in order to get us close to the situation we have with MS. Even were they to do that, we'd still be several steps ahead for compatibility and security from where we are now with Windows.

To summarize, sure RedHat can become "evil" but that does not stop Linux, and RedHat has no way to "take over" Linux since they don't own it. I'm just not too worried, they have a long hard road ahead to become MS, and they will need a new OS to do it.

Re:RedHat poised to become the next Microsoft

[An+Onerous+Coward]

I don't understand why people keep trying to make that comparison.

If you want to argue that RedHat has turned its back on the community, or jumped in bed with big business, or whatever, go right ahead. But it simply isn't possible for any Linux distributor to "become Microsoft", because unlike Microsoft, anybody who can obtain a copy of Distro X can legally rebrand, recompile, and sell it as Distro Y. Somebody running Distro Z can go through Distro X, figure out any new features, and bring those features to Distro Z.

RedHat can't do a thing to stop RH-based distros like CentOS and White Box. The GPL ensures that, while one distro might dominate the Linux landscape, nobody will ever have a lock on Linux itself. Linux World Domination would mean that nobody can dominate.

So please, elaborate your reasoning. What is RedHat doing that scares you?

Re:RedHat poised to become the next Microsoft

[LnxAddct]

Umm... Red Hat has been the best thing the community has going for it. Red Hat is the only reason the kernel is of enterprise quality. Red Hat is the only reason the kernel has any kind of serious testing going on behind the scense. Red Hat has some defensive patents, but they come attached with an unrevokable allowance of OSS projects to use them in any way. Red Hat contributes more code to the kernel than anyone else, they also supply most of the security upates for it. They bought and gave us Cygwin, Fedora Directory Server, GFS (Global File System) and many other things. They maintain GCC and libc. They created GCJ so we can run java applications natively (its still under heavy development but compiles Eclipse and OpenOffice fine). They have done many other things for the community as well, but I won't go on as I've already done that in another post in this thread. Everything they release is GPLed, I could only hope that Red Hat eventually knocks Microsoft out of its position. Its not like they can get to that point and then undo their GPLed code... and by that time they will have invested billions in that GPL code, they aren't just going to turn their backs on it. They are currently a mulitbillion dollar company (I believe their market cap is around 3 billion) and they have yet to turn on the community. I can only hope that companies like Red Hat and Google dominate the future, it'd be in our best interest.
Regards,
Steve

Re:RedHat poised to become the next Microsoft

[nine-times]

But it simply isn't possible for any Linux distributor to "become Microsoft", because unlike Microsoft, anybody who can obtain a copy of Distro X can legally rebrand, recompile, and sell it as Distro Y. Somebody running Distro Z can go through Distro X, figure out any new features, and bring those features to Distro Z.

And this is very important because it means that, in order to keep my business, Distro X must continue to represent a good choice. They must offer reliability, trustworthiness, and good service. Why do people continue to buy Redhat even as CentOS is released? Because they trust Redhat and like Redhat's support.

Open source vendors simply won't make any money unless their customers are happy.

Why not OpenBSD.

[RLiegh]

Major corporations (such as oracle) target Linux; specifically RedHat. With RedHat, you gain all of the applications that already work with Linux plus security enhancements. With OpenBSD, even though they have a decent amount of applications, they have nowhere near the variety that Linux has, so that gives Redhat an edge.

Re:Why not OpenBSD.

[linguae]

With OpenBSD, even though they have a decent amount of applications, they have nowhere near the variety that Linux has, so that gives Redhat an edge.

Wrong!

OpenBSD can run all FOSS software avaliable for Linux (as long as the source doesn't use too many Linuxisms; e.g., code that extensively uses the Linux kernel won't compile). As long as the source uses standard Unix libraries, standard X libraries, standard QT/GTK toolkits, then it should run fine on OpenBSD.

OpenBSD also has a Linux binary compatibility layer, too, meaning that it can run Linux-only closed-source binary software such as the Java JDK, Oracle, Mathematica, StarOffice, etc. OpenBSD can also run FreeBSD applications and even SCO Unix applications.

So, OpenBSD has just the same variety in applications that Linux does. Try again, troll.

Re:Missed a link :)

[TheRaven64]

Maybe this was intended as a joke, but it's a valid point. SELinux does not make anything more secure. Why? Because it's sufficiently complicated that most people are just going to turn it off. OpenBSD has a policy that security must be on by default, must not create a significant performance hit, and must be simple enough that people actually use it. This is the reason people trust it.

Re:Missed a link :)

Except 'most people' and 'sufficiently large government organizations and corporations' are not interchangeable. The NSA or FBI doesn't look at the complexity of SELinux and say decide they are gonna turn it off for that reason. I don't need SELinux on my notebook or my desktop and I don't need it in my 20 man organization, so I turn it off. SELinux isn't designed for me or my organization or my desktop or a good majority of computers out there. But for what it is designed for it does it well.

History

[eno2001]

Titanic... couldn't be sunk
Windows 2000... unhackable
RedHat Server 2007... uncrackable

Don't think so...

That is all.

Re:Missed a link :)

[andyross]

SELinux does not make anything more secure. [...] OpenBSD has a policy that security must be on by default, must not create a significant performance hit, and must be simple enough that people actually use it.

Um, the SE linux configuration shipped with Fedora is on by default, does not create a significant performance hit, and is simple enough that most users (those who aren't making fundamental changes to the installed daemon processes, basically) don't even know it's turned on.

This is mostly a defensive flame. SELinux clearly is useful as a security tool. It provides MAC features that you simply can't get with traditional unix security model. Now, clearly, this kind of change in worldview brings complexity. And lots of installations, even secure ones, don't necessarily need it or want it. And early Fedora (FC2 prereleases, I think) implementations were far too restrictive, and cause much confusion and flamage. I have it turned off on my laptop, for example.

But to baldly claim that "SELinks does not make anything more secure" is just silly.

I really don't want to troll, but...

[Landak]

To me, the whole idea of one distro magically becoming more secure than another is slightly strange - it's not really so much the kernel itself - it's what's ontop of the kernel, the default install, uh, defaults, and the entire chain-of-trust ontop of that. Any production server *should* be competently administered - and locked down fairly tight (e.g. NOT running an nwn dæmon, as a certain webserver I've come across did due to the sysadmin thinking he could get away with it....), and then the only security troubles you'll come up against are those that are totally PEBKAC. (Yes, I know must security problems lie BKAC, but this really does seem to me nothing other than a /. sponsored PR-stunt...)

The flipside of this is linux on the desktop - which is where redhat could earn this title. However, all that really means is making sure wine is b0rken enough with windows viruses, not allowing samba or ssh access from outside the local subnet, and removing all instances of "rm -rf /" from the man pages....

Common Criteria evaluation is mostly worthless

[Wesley+Felter]

Looks like it's time to trot out this link again:

Jonathan S. Shapiro, Ph.D: Understanding the Windows (and Red Hat) EAL4 Evaluation.

"In the case of CAPP, an EAL4 evaluation tells you everything you need to know. It tells you that Microsoft (Red Hat) spent millions of dollars producing documentation that shows that Windows 2000 (RHEL 5) meets an inadequate set of requirements, and that you can have reasonably strong confidence that this is the case."

Granted, RHEL is being evaluated for LSPP as well, but EAL4 is still weak.

All the comments about OpenBSD are missing the point: Common Criteria isn't about actual security; it's about security documentation. It's also about certain government purchasing requirements. Nothing to see here.

Re:Missed a link :)

[duffbeer703]

You're missing the point -- SELinux doesn't make software secure -- it allows you to define secure behavior.

The OpenBSD approach is to raise the quality level of the code to eliminate flaws in the operating environment. That's great -- except not every software development process is shipping flawless software and not every security problem is a result of bugs in software. If Apache or a database or any other application running on BSD has a flaw or is misconfigured, the OS isn't going to protect you or your data.

The SELinux approach gives the operating system control over what is happening on the system. If a hacker or worm compromises an application, and tries to do something that the application is not permitted to do, those actions can be blocked and audited & the impact of flaws or misconfigurations in software can be contained.

SELinux or Trusted Solaris aren't competitors to OpenBSD at all -- they are really in different niches entirely.

Re:Is this a magnet?

[einhverfr]

PIE is pretty neat in that it randomizes the memory layout so an attacker executing an attack can't know what memory lays ahead, often making the overflow useless.

I wouldn't go that far. You can do plenty of bad things without knowing the memory layout in advance. Denial of service comes to mind. Not as bad as arbitrary code execution, but still serious.

PIE is not a magic bullet. It is just something to raise the bar a bit.

Re:Missed a link :)

Why do you never have mod points when you need them!

Redhat has been gathering collecting various kernel enhancements for security, and I think creating clear blue water (if you'll forgive the pun) from vendors who make more marketing fuss about far less work.

Whilst I agree that SELinux is too complex for most people, these kinds of security guarantees aren't about "most people", or "most systems", the question is whether basing Linux security on such a system will make the basic system harder to maintain, and I don't think it will. The complexity is largely in using SELinux effectively, not in the underlying systems or concepts.

Having this in the kernel, means Linux has more scope for tightening security. I'm sure over time a lot of this will be utilised, as the attacks get more sophisticated, and the number of installed servers increases.

And to take a leaf from another company's book, nothing like having government security certifications on the marketing literature, even if we know that those sort of stamps mean "it can be secured better with work", not "it is more secure".

Re:OpenBSD

[mcrbids]

Why don't the security conscious just use OpenBSD?

Two words: failing gracefully.

The OpenBSD approach to security boils down to: "Never, ever make a mistake". They've spent untold thousands of man-hours looking for anything that might ever be a mistake. And, towards this end, they've done an incredible job, and have an excellent track record that they can rightly brag about.

But for one thing: mistakes happen. What happens when you write a stoopid CGI and forget to escape a parameter, allowing a blackhat to execute a shell?

Suddenly, OpenBSD or not, you have a real, live, bonafide security hole. In years of administration I've done, EVERY SINGLE SECURITY HOLE exploited on any of the numerous Linux systems I administer of recent were ALL CASES directly a result of a client installing/using software for their websites that was insecure. (3 such incidents in the past 3 years, 2 of them being website defacements) And, I can't just say "Well, let's not allow for shell scripting" because many customers use tools that require this capability.

The approach of SELinux is to acknowledge that mistakes are made, and the starting assumption is that the above mentioned security hole is ALREADY EXPLOITED and a real, live, bad guy already has gotten thru such a security hole.

Now, how do you limit the damage? It's either

1) Never, ever make a mistake - if you do, you are so, utterly screwed!

2) How do you prevent common mistakes from screwing you?

I choose the latter, thank you.

Re:OpenBSD

[dmiller]

You are misinformed, trolling or both. Most of OpenBSD's efforts in recent years have been directed at proactive security. OpenBSD was the first operating system to add ProPolice to its compiler, the first to implement address space randomisation, the first to add privilege separation to every daemon that needs privilege.

The result of this is that a security hole is either a) not exploitable to begin with, b) incredibly difficult to exploit, or c) not very productive even if it is exploited. All your caps-lock-on ranting misses this entirely.

I doubt that you want to educate yourself rather than ranting, but other people might be interested in Theo's paper on all this.

In addition to good, audited code and these proactive measures, OpenBSD includes systrace, which can enforce mandatory policy on application basis. It doesn't do everything that SELinux does, but it is far, far easier to use.