Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the NSA Took Linux To the Next Level

Posted by Soulskill on from the not-by-beating-the-end-boss-of-the-previous-level dept.

An anonymous reader brings us IBM Developerworks' recent analysis of how the NSA built SELinux to withstand attacks. The article shows us some of the relevant kernel architecture and compares SELinux to a few other approaches. We've discussed SELinux in the past. Quoting: "If you have a program that responds to socket requests but doesn't need to access the file system, then that program should be able to listen on a given socket but not have access to the file system. That way, if the program is exploited in some way, its access is explicitly minimized. This type of control is called mandatory access control (MAC). Another approach to controlling access is role-based access control (RBAC). In RBAC, permissions are provided based on roles that are granted by the security system. The concept of a role differs from that of a traditional group in that a group represents one or more users. A role can represent multiple users, but it also represents the permissions that a set of users can perform. SELinux adds both MAC and RBAC to the GNU/Linux operating system."

3 of 172 comments (clear)

  1. Re:wrong by Anonymous Coward · · Score: 0, Flamebait

    I like to call it the GNU/KDE/Firefox/Apache/Perl/Linux operating system, you insensitive clod!

  2. Re:Do you really trust NSA's Linux? by Anonymous Coward · · Score: 0, Flamebait

    I bet you run windows.

  3. Re:Do you really trust NSA's Linux? by Adeptus_Luminati · · Score: 0, Flamebait

    What's with people having so much faith in the security of open source software? Seriously, how many hundreds of thousands of lines makes up SELinux? Have you even reviewed 500 of those lines yourself? The vast size of it, makes it impossible for any one individual or even group of small individuals to KNOW for sure it is all perfectly safe. Now prove to me that some group expert coders that have actually reviewed every single god damn line of it and found nothing wrong with it, and maybe then I'll start trusting it.

    Rough Analogy: It's all about logistics people. Just because there is a freedom of information act out there, doesn't mean every single government document has ever been reviewed, and it doesn't make the government trustworthy.

    --
    No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.