Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the NSA Took Linux To the Next Level

Posted by Soulskill on from the not-by-beating-the-end-boss-of-the-previous-level dept.

An anonymous reader brings us IBM Developerworks' recent analysis of how the NSA built SELinux to withstand attacks. The article shows us some of the relevant kernel architecture and compares SELinux to a few other approaches. We've discussed SELinux in the past. Quoting: "If you have a program that responds to socket requests but doesn't need to access the file system, then that program should be able to listen on a given socket but not have access to the file system. That way, if the program is exploited in some way, its access is explicitly minimized. This type of control is called mandatory access control (MAC). Another approach to controlling access is role-based access control (RBAC). In RBAC, permissions are provided based on roles that are granted by the security system. The concept of a role differs from that of a traditional group in that a group represents one or more users. A role can represent multiple users, but it also represents the permissions that a set of users can perform. SELinux adds both MAC and RBAC to the GNU/Linux operating system."

10 of 172 comments (clear)

  1. Re:Do you really want NSA developing your OS? by AndGodSed · · Score: 2, Funny

    Here you go... and in your size too! Yep, a nice tinfoil hat, provided by the NSA no less!

    --

    Seven Days with Ubuntu Unity

  2. Re:wrong by pablomme · · Score: 4, Funny

    I like to call it GNU/X11/Apache/Linux/TeX/Perl/Python/FreeCiv . FreeCiv is clearly at the core of it all.

    --
    The state you are in while your HEAD is detached... - wait, what?
  3. Re:Do you really want NSA developing your OS? by diegocgteleline.es · · Score: 5, Funny

    But WHAT if the company who made the oscilloscope also had secret deals with the NSA???

  4. Re:Do you really want NSA developing your OS? by Anonymous Coward · · Score: 1, Funny

    So as long as the code doesn't execute the PWN instruction, we're safe.

  5. Re:Roles by Concerned+Onlooker · · Score: 4, Funny

    Yes, but they're usually just bit parts.

    --
    http://www.rootstrikers.org/
  6. Re:Do you really want NSA developing your OS? by Anonymous Coward · · Score: 5, Funny

    Build your own. An oscilloscope is a remarkably simple device and you can literally make the components you need yourself.

    But what if YOU have a secret deal with the NSA?

  7. Re:All very good, but... by SlashWombat · · Score: 3, Funny

    I guess when the project failed, all the programmers were snapped up by Micro$oft to work on their Vista project!

  8. Re:wrong by osgeek · · Score: 2, Funny

    I find firebrand statements like this to be divisive and petty.

    I prefer to say it more delicately, like "Everyone without a stick up his ass just calls the OS 'Linux'".

    I realize that his is also divisive since it could be "stick up her ass", but I hate to make the facts come across as so wordy when you have to say "his or her ass".

    --
    Why are you letting these clowns ruin our country?
  9. Re:All very good, but... by mrsteveman1 · · Score: 3, Funny

    mister please don't make me use that thing, i promise i'll be real good! and i won't complain about selinux or nothin!

  10. Re:All very good, but... by toddestan · · Score: 3, Funny

    According to some early testers I knew, it took more than 10 minutes just to log on. The command line took, on average, 5 minutes to respond to the simplest command.

    Well, you can get the same experience now, thanks to Symantec Antivirus. Well, except for the whole actual security part.