New Release Of NSA SELinux

rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.

Dumb question

[Anonymous Coward]

Aside from the NSA, has anyone taken the time to audit the code?

BSD?

[Kozz]

(I'll probably get modded down as flamebait for this, but screw it.) I'm a Linux user. However, I've long thought about installing/using one of the *BSD variants, simply because they are often touted as being even more secure than linux. Why might the NSA not create "SE-BSD"? Wouldn't that likely be even more beneficial?

Just a question...

[mystery_bowler]

Is the NSA responsible for figuring out the best ways to lock down whatever OS's the various government agencies of the U.S. use? Reason I'm asking is because seems like recently (or kinda-recently) there was an article here on /. with a link to the NSA's guidelines for securing Win2k. I'm sure the NSA has reasons that I don't even want to know about for running both their own build of Linux and a tightened-up install of Win2k, but I'm just curious as to the extent of their influence on other agencies' software choices.

Do other agencies just follow along with the guidelines the NSA sets forth, try to get independent advice or go it alone? Financially, at least, it would seem like going with the NSA's guidelines would be the way, since the information is more or less public (at least it is in these two instances) and there wouldn't be any time or money spent on third-party tripe (bids, negotiations, etc) or independent research.

Open Development Model

[vbprgrmr]

It was more that Linux was open and they could actually write testable code into the OS. If you noticed in the main NSA security page, they also provided a series of recommendations for security on Windows 2000. Since they couldn't tamper with Windows code, that was all they could do.

Also, for those people all paranoid about all this, remember it was because of the national security issues that resulted from systems and web servers attacked by Denial of Service, hackers and the Chinese, that caused Congress and NSA to study the problem.

Let's lose the FUD, people

[Tassach]

The rampant, grossly uninformed FUD that's flying around here is making me ill.

First try and wrap your brain around this concept: The NSA has TWO distinct missions -- to spy on foreign nations on behalf of the US government, and to keep foreign nations from spying on US govt. and businesses. People tend to forget about that second part. Knowing government beaurocracy, it's not at all unlikely that the spy-on-other-folks department and the keep-other-folks-from-spying-on-us department are involved in a turf war, or are working at cross-purposes.

Second: the NSA secure linux is a patch to the standard Linux kernal. If you are paranoid about them trying to do somthing neferious, download the source and diff it against the baseline code. It's pretty hard (but not impossible) to hide a backdoor in source. Paranoid types, make sure you trust your compiler [as well as any other binary that touchs the code as it's being transformed from source to executable] If the NSA wanted to hack your box, they have a lot of better ways to do it than releasing a GPL'ed trojan. Give them some credit -- they are not that stupid.

This is a Good Thing. Having a respected government agency endorse Linux gives it huge amounts of credibility. [OK, geeks may not trust/respect the NSA, but you can be sure that CEOs and PHBs do.] Believe it or not, occasionally the US gvt does manage to Do The Right Thing, even if it's unintentional.

Re:Why is the NSA in this?

[Anonymous Coward]

Yes, the NSA spies on people. No this isn't nice.

Why do some many people see the NSA as evil? Yes, the NSA listens to overseas communications. That just might avoid a war, or reduce the scope of one.

For all you US citizens out there, and citizens of our allies, they are the good guys! When an article comes up mentioning the Air Force, people generally don't dwell on thoughts like "yes the Air Force shoots down enemy fighters, no this isn't nice."

Paranoia Strikes Deep

[vbprgrmr]

After reading many of the comments on NSA research of security on Linux and Windows 2000, it amazed me the level of paranoia of many of the posters. Let's get real folks! All this research has come about because of the hacks and DoS attacks of commercial and institional computers and servers. The reason NSA chose Linux to test their codes was because it was open. If you notice they also supplied a series of recommendations for security on Windows 2000 systems. Since they couldn't alter Windows source, that was all they could do.

I would guess for the all-out hacker geek, this NSA compile on their system, probably would cause paranoia (like some invisible eye looking back at you !! ha! ha!) But probably wouldn't have any other power you imagine it has. As for anyone else, it wouldn't hurt to at least study their implementations.

"Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
You step out of line, the man come
and take you away"

-- Stephen Stills, "For What It's Worth"