New Release Of NSA SELinux 210
rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.
Bonus feature: 100% DMCA compliant (Score:2, Interesting)
Re:These 'Security Enhanced' versions are everywhe (Score:1, Interesting)
The NSA addons allows linux to use a diffrent permissions mechamism and to track the information needed to exist in military installations.
Do you think any OS would be secure ? (Score:1, Interesting)
http://www.acm.org/classics/sep95
(Reflections on Trusting Trust - Ken Thompson)
"The final step is represented in Figure 7. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.
Moral
The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. "
A definate read !
Believe it or not, as Ken Thompson says, you will be 100% secure.
Re:Grsecurity (Score:2, Interesting)