rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.
A more appropriate symbol would be a penguin using the NSA Key [nsa.gov] to bash in the head of the commie penguin who symbolizes Red Flag Linux [redflag-linux.com].
Actually, I'm very satistied with Grsecurity [getrewted.net], a nice kernel patch to enhance the security of a linux kernel.
What would be the benefit of switching to NSA (but more complexity to admin) ?
Hell yea. It kicks ass. The things I like the most are random Pids and client ports. I am a die-hard OpenBSD fanatic and I've actually been weighing the pros/cons of a switch. Roll out my own distro from scrath + grsecurity patch. Wonder why I havn't seen any/. press for grsecurity....If you havn't checked it out, DO IT.
oh yea, one of the coolest features hides processes of other users from each other. e.g. top or ps will only show your processes. It doesn't *completly* hide other users that are online though. like i said, go try it out.
To say that it doesn't make the system more secure is incorrect. It doesn't involve the same kind of security audits that have been carried out with other projects, so the individual components aren't any more secure. The new security mechanisms can improve matters, though, because they make it easier to implement least privilege. You should be able to give programs only the privileges they need to do their jobs, so that a single buffer overflow or trojaned binary won't leave the whole system open to attack. It's an approach that's orthogonal and complementary to code auditing.
The main difference is that they address totally different security needs. Grsecurity is focused on preventing various common buffer overflows, race conditions, port scans, etc. It doesn't really do anything to make the basic Unix permissions any more fine grained than the currently are.
On the other hand, the SELinux is focused on exactly this. It allows you to specify much more finely grained permissions for users and processes. This actually complements the grsecurity work. SELinux is focused on minimizing or containing the damage that can be done with a given application. This can both minimize the things that a buffer overflow can do, and minimize the evil tricks that a user might be able to get away with using installed software. For example, a user could restrict what directories netscape is allowed to read and write to. Or an admin could restrict 'top' to opening the kernel read-only so that a buffer overflow wouldn't enable root access. Or preventing even 'root' from changing important system-level libraries and binaries.
All sorts of really neat things are possible. The downside of course, as you mentioned, is more complexity to administer. But it doesn't make sense to compare Grsecurity and SELinux. They address different security shortcoming of Linux.
> "It doesn't really do anything to make the basic Unix permissions any more fine grained than the currently are."
Grsecurity includes LIDS that does exactly this.
this release of SELinux is very significant because it based on LSM. Linux Security Module will be kernel included system that will allow one to load security modules. SElinux has ability to be built based on old way or new way that is recommanded by Linus. As i am aware it is first working system, others will fallow same suit. Kernel will be able to handle any security model once can desire and it is all pluggable. LSM is needed because current kernel module not allows to do certain things that are neede for security! LSM is the way, when it will be included in next kernel we will not have to recopile anymore just load a module
Didn't HP just release there SE Linux the other day? I just got back from the book store to pick up 'Linux Journal' and it was funny how 'Linux Magazine' and LJ have almost identical Security Special Editions.
"I just got back from the book store to pick up 'Linux Journal' and it was funny how 'Linux Magazine' and LJ have almost identical Security Special Editions."
Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system
Is Linux really a mainstream OS yet? I know it is for servers, but definately not for desktops. I couldn't quite tell where they were going with it, if it was geared more towards servers or desktops, since both need decent security. Could someone shed some light on this?
I'm guessing both - the gov't is talking about some serious deployment of Linux on teh desktop and in sensitive areas, I'd epxect they'd use a distro blessed by teh gov't security folks (ie NSA LInux)
Linux is not as ubiquitous as Windows (which I doubt can be considered "trusted" in the security sense due to how it handles memory protection and device access).
It was more that Linux was open and they could actually write testable code into the OS. If you noticed in the main NSA security page, they also provided a series of recommendations for security on Windows 2000. Since they couldn't tamper with Windows code, that was all they could do.
Also, for those people all paranoid about all this, remember it was because of the national security issues that resulted from systems and web servers attacked by Denial of Service, hackers and the Chinese, that caused Congress and NSA to study the problem.
Auditing would seem to be the whole point. If the NSA were just going to hack Linux for their own purposes, they wouldn't bother to make their distro available for external use. Obviously, somebody at the NSA is rebelling against the conventional notion that you hiding the source code makes a system more secure.
Most of the follow-ups have missed your point, I think. Correct me if I'm wrong, but you were asking if anyone had looked at the NSA's code to determine if it had... problems?
I've taken a quick look (very quick) and am convinced that it's exactly how I'd build a set of Linux patches if I wanted to be sure that a hidden flaw (either now or later) would be hard to detect. Basically, you have a set of "security operations" handlers which are dynamically assigned by modules. The question is, of course, when are these handlers set, and how good is the security around setting them.
I've not reviewed the second half (majority?) of their code, which is the modules themselves. We should really get a gorup together and discuss the internals of this thing. If it's really good, and we find no fault with the implementation, perhaps it should be come mainstream. However, for now I think paranoia is wise.
(I'll probably get modded down as flamebait for this, but screw it.)
I'm a Linux user. However, I've long thought about installing/using one of the *BSD variants, simply because they are often touted as being even more secure than linux. Why might the NSA not create "SE-BSD"? Wouldn't that likely be even more beneficial?
Is the NSA responsible for figuring out the best ways to lock down whatever OS's the various government agencies of the U.S. use? Reason I'm asking is because seems like recently (or kinda-recently) there was an article here on/. with a link to the NSA's guidelines for securing Win2k. I'm sure the NSA has reasons that I don't even want to know about for running both their own build of Linux and a tightened-up install of Win2k, but I'm just curious as to the extent of their influence on other agencies' software choices.
Do other agencies just follow along with the guidelines the NSA sets forth, try to get independent advice or go it alone? Financially, at least, it would seem like going with the NSA's guidelines would be the way, since the information is more or less public (at least it is in these two instances) and there wouldn't be any time or money spent on third-party tripe (bids, negotiations, etc) or independent research.
Yes... Executive Order 12333 of 4 December 1981 describes in more detail the responsibilities of the National Security Agency. The resources of NSA/CSS are organized for the accomplishment of two national missions:
The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.
The foreign signals intelligence or SIGINT mission allows for an effective, unified organization and control of all the foreign signals collection and processing activities of the United States. NSA is authorized to produce SIGINT in accordance with objectives, requirements and priorities established by the Director of Central Intelligence with the advice of the National Foreign Intelligence Board.
The rampant, grossly uninformed FUD that's flying around here is making me ill.
First try and wrap your brain around this concept: The NSA has TWO distinct missions -- to spy on foreign nations on behalf of the US government, and to keep foreign nations from spying on US govt. and businesses. People tend to forget about that second part. Knowing government beaurocracy, it's not at all unlikely that the spy-on-other-folks department and the keep-other-folks-from-spying-on-us department are involved in a turf war, or are working at cross-purposes.
Second: the NSA secure linux is a patch to the standard Linux kernal. If you are paranoid about them trying to do somthing neferious, download the source and diff it against the baseline code. It's pretty hard (but not impossible) to hide a backdoor in source. Paranoid types, make sure you trust your compiler [as well as any other binary that touchs the code as it's being transformed from source to executable] If the NSA wanted to hack your box, they have a lot of better ways to do it than releasing a GPL'ed trojan. Give them some credit -- they are not that stupid.
This is a Good Thing. Having a respected government agency endorse Linux gives it huge amounts of credibility. [OK, geeks may not trust/respect the NSA, but you can be sure that CEOs and PHBs do.] Believe it or not, occasionally the US gvt does manage to Do The Right Thing, even if it's unintentional.
After reading many of the comments on NSA research of security on Linux and Windows 2000, it amazed me the level of paranoia of many of the posters. Let's get real folks! All this research has come about because of the hacks and DoS attacks of commercial and institional computers and servers. The reason NSA chose Linux to test their codes was because it was open. If you notice they also supplied a series of recommendations for security on Windows 2000 systems. Since they couldn't alter Windows source, that was all they could do.
I would guess for the all-out hacker geek, this NSA compile on their system, probably would cause paranoia (like some invisible eye looking back at you !! ha! ha!) But probably wouldn't have any other power you imagine it has. As for anyone else, it wouldn't hurt to at least study their implementations.
"Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
You step out of line, the man come
and take you away"
This system is designed to answer the question "can a secure system be built that people will use?" The object of this project, as NSA makes clear, is to find out if people can use a system that has mandatory security features.
Previous NSA secure OS projects (I worked on one, 20 years ago) concentrated on security at the expense of usability. This resulted in systems that didn't get used much. This time, they're trying to fix the usability problem first.
If mandatory security in Linux goes mainstream, this would be a major step forward. Once we see important applications like Apache modified to work under mandatory security, we'll have real progress.
The NSA says, "We feel much more secure when you use SE Linux."
Why are you people always moaning when some big company supports GNU/Linux ?
That's what *you* want, ne c'est pas ?
Nope, I could care less. I want people to be free to use their computers as they see fit. I'm not happy to see people surrender those freedoms to another big company, much less the Federal Government, using some basterdized version of a free OS. The NSA has a history of recomending weak secruity, backdoors and nice stuff like Carnivore.
Pay attention to section 1, Article 5, Section 3 et. al. The NSA also is charged with creating standards for the security of information held in DoD computers (specifically), other govt. computers (generally), and promulgating those standards for use in other systems. Here is a nice link to the NSA's computer security guidelines if you haven't seen them [ncsc.mil].
Yes, the NSA spies on people. No this isn't nice. Yes, the government of the USA does some awfully screwy things, like the DMCA. Tarring the whole government with the same brush is simple-minded.
Besides, the code is available for your perusal. If you think the uberspooks have put in a back door, get to work and find it!
Why do some many people see the NSA as evil? Yes, the NSA listens to overseas communications. That just might avoid a war, or reduce the scope of one.
For all you US citizens out there, and citizens of our allies, they are the good guys! When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."
Why do some many people see the NSA as evil? Yes, the NSA listens to overseas communications. [...] For all you US citizens out there, and citizens of our allies, they are the good guys!
Forgive us for having a healthy skepticism about the government. Most Americans probably wouldn't mind if the NSA only worked to listen to overseas communications. However, through Echelon, the NSA and its friends have the power to listen to our conversations as well, which we reguard is a violation of our privacy.
When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."
Also, just because my government does something (even to foreigners) does not mean I have to like it. Being part of a democracy means evaluating your government's policies, domestic and foreign. That doesn't mean being super-negative and unwilling to admit that the government ever makes good decisions, but it doesn't mean you sheepishly go along with all the government's decisions either. What kind of patriot are you if, when you see the government doing something overseas you feel is unwise, wrong, or possibly both, you don't speak up? The many men and women who have died serving our country--including those in the Air Force--didn't die so you and I could mindlessly go along with whomever happens to be in power at the moment.
Maybe because the most common distros (at least commercially) are rpm-based, & a lot of US government organizations (including the one I contract for) use Red Hat?
I would think that the kernel patches & source code would be able to build on *any* distro, not just RH...or you could use alien and/or rpm2tgz.
Absolutely. When are you going to be making the same claims for other tax payer funded items?
Consider the White House... Everyone should get to sit in the big chair? Stealth Bomber? You want a go?
Don't think so. Just because you pay for it doesn't mean you personally or you corporately benefit from it. In this case you can use it; even modify it. Be happy. But you can't modify it and distribute it without everyone else seeing how you've hacked it. That's much fairer than the stealth bomber.
I agree completely. All government funded software should be public domain. I'm sick and tired of my tax dollars going to fund development of commercial software. This is nothing more than welfare for rich (and in the case of M$, criminal) organizations.
Secure Linux? (Score:3, Flamebait)
Wouldn't a... (Score:2)
Re:Wouldn't a... (Score:1)
Re:Secure Linux? (Score:1)
Re:Secure Linux? (Score:1, Funny)
Re:Secure Linux? (Score:2)
Unfortunately, the RIAA would probably object to such a blatant act of thievery!
Dueling Penguins (Score:2)
Grsecurity (Score:4, Informative)
What would be the benefit of switching to NSA (but more complexity to admin) ?
Re:Grsecurity (Score:1)
oh yea, one of the coolest features hides processes of other users from each other. e.g. top or ps will only show your processes. It doesn't *completly* hide other users that are online though. like i said, go try it out.
Re:Grsecurity (Score:3)
# sysctl kern.ps_showallprocs=0
Re:Grsecurity (Score:2, Informative)
It doesn't actually make anything more secure.
Re:Grsecurity (Score:2)
To say that it doesn't make the system more secure is incorrect. It doesn't involve the same kind of security audits that have been carried out with other projects, so the individual components aren't any more secure. The new security mechanisms can improve matters, though, because they make it easier to implement least privilege. You should be able to give programs only the privileges they need to do their jobs, so that a single buffer overflow or trojaned binary won't leave the whole system open to attack. It's an approach that's orthogonal and complementary to code auditing.
Re:Grsecurity (Score:5, Informative)
On the other hand, the SELinux is focused on exactly this. It allows you to specify much more finely grained permissions for users and processes. This actually complements the grsecurity work. SELinux is focused on minimizing or containing the damage that can be done with a given application. This can both minimize the things that a buffer overflow can do, and minimize the evil tricks that a user might be able to get away with using installed software. For example, a user could restrict what directories netscape is allowed to read and write to. Or an admin could restrict 'top' to opening the kernel read-only so that a buffer overflow wouldn't enable root access. Or preventing even 'root' from changing important system-level libraries and binaries.
All sorts of really neat things are possible. The downside of course, as you mentioned, is more complexity to administer. But it doesn't make sense to compare Grsecurity and SELinux. They address different security shortcoming of Linux.
Parent
Re:Grsecurity (Score:2)
Grsecurity includes LIDS that does exactly this.
Re:Grsecurity (Score:2, Interesting)
What about debian? (Score:4, Funny)
or do i have to use their rpm?
nah, install from source.. (Score:2)
Bonus feature: 100% DMCA compliant (Score:2, Interesting)
These 'Security Enhanced' versions are everywhere (Score:1)
I just got back from the book store to pick up 'Linux Journal' and it was funny how 'Linux Magazine' and LJ have almost identical Security Special Editions.
Re:These 'Security Enhanced' versions are everywhe (Score:2)
Those are two different magazines?
Finally we can get NSA/Linux (Score:2, Funny)
Search google for NSAKey if you don't know what I'm yammering about
Linux mainstream? (Score:1)
Is Linux really a mainstream OS yet? I know it is for servers, but definately not for desktops. I couldn't quite tell where they were going with it, if it was geared more towards servers or desktops, since both need decent security. Could someone shed some light on this?
Re:Linux mainstream? (Score:2)
Re:Linux mainstream? Consider the options... (Score:1)
Linux is not as ubiquitous as Windows (which I doubt can be considered "trusted" in the security sense due to how it handles memory protection and device access).
However, if you look at the other operating systems which are considered B2 or B1 secure [boran.com] Linux is mainstream compared to those.
j.
Open Development Model (Score:2, Insightful)
Also, for those people all paranoid about all this, remember it was because of the national security issues that resulted from systems and web servers attacked by Denial of Service, hackers and the Chinese, that caused Congress and NSA to study the problem.
Dumb question (Score:5, Insightful)
Not all that Dumb a Question (Score:2)
Re:Dumb question (Score:2)
I've taken a quick look (very quick) and am convinced that it's exactly how I'd build a set of Linux patches if I wanted to be sure that a hidden flaw (either now or later) would be hard to detect. Basically, you have a set of "security operations" handlers which are dynamically assigned by modules. The question is, of course, when are these handlers set, and how good is the security around setting them.
I've not reviewed the second half (majority?) of their code, which is the modules themselves. We should really get a gorup together and discuss the internals of this thing. If it's really good, and we find no fault with the implementation, perhaps it should be come mainstream. However, for now I think paranoia is wise.
NSA vs. Deus Ex (Score:1)
Re:NSA vs. Deus Ex (Score:2)
I can't get the patch to work. (Score:5, Funny)
Re:I can't get the patch to work. (Score:2)
I think you meant Ken Thompson [acm.org].
BSD? (Score:2, Insightful)
Re:BSD? (Score:3, Informative)
Just a question... (Score:5, Insightful)
Do other agencies just follow along with the guidelines the NSA sets forth, try to get independent advice or go it alone? Financially, at least, it would seem like going with the NSA's guidelines would be the way, since the information is more or less public (at least it is in these two instances) and there wouldn't be any time or money spent on third-party tripe (bids, negotiations, etc) or independent research.
Re:Just a question... (Score:3, Informative)
The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests.
The foreign signals intelligence or SIGINT mission allows for an effective, unified organization and control of all the foreign signals collection and processing activities of the United States. NSA is authorized to produce SIGINT in accordance with objectives, requirements and priorities established by the Director of Central Intelligence with the advice of the National Foreign Intelligence Board.
Re:Just a question... (Score:2)
Sorry. That would be the CIA.
From the FAQ (Score:2)
Let's lose the FUD, people (Score:5, Insightful)
First try and wrap your brain around this concept: The NSA has TWO distinct missions -- to spy on foreign nations on behalf of the US government, and to keep foreign nations from spying on US govt. and businesses. People tend to forget about that second part. Knowing government beaurocracy, it's not at all unlikely that the spy-on-other-folks department and the keep-other-folks-from-spying-on-us department are involved in a turf war, or are working at cross-purposes.
Second: the NSA secure linux is a patch to the standard Linux kernal. If you are paranoid about them trying to do somthing neferious, download the source and diff it against the baseline code. It's pretty hard (but not impossible) to hide a backdoor in source. Paranoid types, make sure you trust your compiler [as well as any other binary that touchs the code as it's being transformed from source to executable] If the NSA wanted to hack your box, they have a lot of better ways to do it than releasing a GPL'ed trojan. Give them some credit -- they are not that stupid.
This is a Good Thing. Having a respected government agency endorse Linux gives it huge amounts of credibility. [OK, geeks may not trust/respect the NSA, but you can be sure that CEOs and PHBs do.] Believe it or not, occasionally the US gvt does manage to Do The Right Thing, even if it's unintentional.
Paranoia Strikes Deep (Score:3, Insightful)
I would guess for the all-out hacker geek, this NSA compile on their system, probably would cause paranoia (like some invisible eye looking back at you !! ha! ha!) But probably wouldn't have any other power you imagine it has. As for anyone else, it wouldn't hurt to at least study their implementations.
"Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
You step out of line, the man come
and take you away"
-- Stephen Stills, "For What It's Worth"
NSA? (Score:2)
I keep asking around, and all I get is that there is "No Such Agency".
How come? (Score:2)
???
This is a usability test (Score:2)
Previous NSA secure OS projects (I worked on one, 20 years ago) concentrated on security at the expense of usability. This resulted in systems that didn't get used much. This time, they're trying to fix the usability problem first.
If mandatory security in Linux goes mainstream, this would be a major step forward. Once we see important applications like Apache modified to work under mandatory security, we'll have real progress.
Security Built In (Score:2)
Why are you people always moaning when some big company supports GNU/Linux ?
That's what *you* want, ne c'est pas ?
Nope, I could care less. I want people to be free to use their computers as they see fit. I'm not happy to see people surrender those freedoms to another big company, much less the Federal Government, using some basterdized version of a free OS. The NSA has a history of recomending weak secruity, backdoors and nice stuff like Carnivore.
You're not doing the stuff yourself, so be happy.
Backdoors are not a do it yourself job.
Re:Why is the NSA in this? (Score:5, Informative)
Incorrect. Read the NSA's charter [psu.edu].
Pay attention to section 1, Article 5, Section 3 et. al. The NSA also is charged with creating standards for the security of information held in DoD computers (specifically), other govt. computers (generally), and promulgating those standards for use in other systems. Here is a nice link to the NSA's computer security guidelines if you haven't seen them [ncsc.mil].
Yes, the NSA spies on people. No this isn't nice. Yes, the government of the USA does some awfully screwy things, like the DMCA. Tarring the whole government with the same brush is simple-minded.
Besides, the code is available for your perusal. If you think the uberspooks have put in a back door, get to work and find it!
Parent
Re:Why is the NSA in this? (Score:2, Insightful)
Why do some many people see the NSA as evil? Yes, the NSA listens to overseas communications. That just might avoid a war, or reduce the scope of one.
For all you US citizens out there, and citizens of our allies, they are the good guys! When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."
Re:Why is the NSA in this? (Score:2)
Forgive us for having a healthy skepticism about the government. Most Americans probably wouldn't mind if the NSA only worked to listen to overseas communications. However, through Echelon, the NSA and its friends have the power to listen to our conversations as well, which we reguard is a violation of our privacy.
When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."
Also, just because my government does something (even to foreigners) does not mean I have to like it. Being part of a democracy means evaluating your government's policies, domestic and foreign. That doesn't mean being super-negative and unwilling to admit that the government ever makes good decisions, but it doesn't mean you sheepishly go along with all the government's decisions either. What kind of patriot are you if, when you see the government doing something overseas you feel is unwise, wrong, or possibly both, you don't speak up? The many men and women who have died serving our country--including those in the Air Force--didn't die so you and I could mindlessly go along with whomever happens to be in power at the moment.
Re:NSA only sticks to Red Hat? (Score:2)
I would think that the kernel patches & source code would be able to build on *any* distro, not just RH...or you could use alien and/or rpm2tgz.
Re:Government using GPL? (Score:2)
Consider the White House... Everyone should get to sit in the big chair? Stealth Bomber? You want a go?
Don't think so. Just because you pay for it doesn't mean you personally or you corporately benefit from it. In this case you can use it; even modify it. Be happy. But you can't modify it and distribute it without everyone else seeing how you've hacked it. That's much fairer than the stealth bomber.
Government using MS? (Score:2)