Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Linux Software

New Release Of NSA SELinux 210

Posted by Hemos from the more-secure-then-secure dept.
rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.
This discussion has been archived. No new comments can be posted.

New Release Of NSA SELinux More

New Release Of NSA SELinux

Comments Filter:

  • Bonus feature: 100% DMCA compliant (Score:2, Interesting)

    by swagr ( 244747 ) on Monday August 27, 2001 @04:22PM (#2222792) Homepage
    3 years without cdparanoia working in the default install.

  • Re:These 'Security Enhanced' versions are everywhe (Score:1, Interesting)

    by Anonymous Coward on Monday August 27, 2001 @05:11PM (#2223005)
    HP's secure linux and other projects like that harden the box against breakins. This is COMLETELY diffrent from what the NSA is doing.

    The NSA addons allows linux to use a diffrent permissions mechamism and to track the information needed to exist in military installations.

  • Do you think any OS would be secure ? (Score:1, Interesting)

    by sn0wdude ( 317116 ) on Monday August 27, 2001 @05:27PM (#2223056)
    Then read this:

    http://www.acm.org/classics/sep95

    (Reflections on Trusting Trust - Ken Thompson)

    "The final step is represented in Figure 7. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.

    Moral
    The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. "

    A definate read !
    Believe it or not, as Ken Thompson says, you will be 100% secure.

  • Re:Grsecurity (Score:2, Interesting)

    by virion ( 461888 ) <virion.tuxy@org> on Monday August 27, 2001 @06:28PM (#2223221) Homepage
    this release of SELinux is very significant because it based on LSM. Linux Security Module will be kernel included system that will allow one to load security modules. SElinux has ability to be built based on old way or new way that is recommanded by Linus. As i am aware it is first working system, others will fallow same suit. Kernel will be able to handle any security model once can desire and it is all pluggable. LSM is needed because current kernel module not allows to do certain things that are neede for security! LSM is the way, when it will be included in next kernel we will not have to recopile anymore just load a module

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close