Red Hat to Release Enhanced-Security Linux 326
Klatoo55 writes "According to an article by Techweb, Red Hat will release Red Hat Enterprise Linux 4.0, which includes support for Security-Enhanced Linux, in 2005. Red Hat has been running this system with a published IP address asking for hackers to try to break the security. The last version was defeated within 45 seconds, but this new version (apparently to be the policy for the next Fedora) has yet to be cracked."
Big Deal (Score:-1, Insightful)
45 Seconds?!?! (Score:3, Insightful)
A good thing... (Score:4, Insightful)
Like it or not, Red Hat sets the tone in many ways, and in this case it's a good thing.
Get a Tech Writer Already (Score:3, Insightful)
Re:45 Seconds?!?! (Score:3, Insightful)
What's that supposed to mean?
Re:45 Seconds?!?! (Score:1, Insightful)
Of course, that doesn't rule out a bad implementation in RedHat's SELinux-based project.
Re:Big Deal (Score:1, Insightful)
smart policy (Score:3, Insightful)
This, IMHO, is smart policy. What better way to find the holes in a distro than to co-opt the people most capable of exploiting them? Even at worst this will give the folks at RH a good idea of what exploits are going to be most frequently used against thier systems.
Of course, the security of any system is dependant upon the admin and how he/she configures the software used on the system, but this at least will help to establish a baseline from which to work, and provides full disclosure of any inherent system vulnerabilities to the admins that work with the system.
...as an added bonus, this /. post will see how the system might stand up to a major bandwidth spike....
45 Seconds? (Score:5, Insightful)
As has been echoed before time and again -- security is a process, not a product. Of course you'll have more secure products, but it's still up to a competent admin to make sure things are kept secure. Even then, you better have good backups because that one disgruntled guy who works in the mailroom on a machine already inside the firewall just might have an extra ace up his sleeve.
Technically Gutsy Move (Score:2, Insightful)
Re:Invulnerable to MyDoom type virii? (Score:4, Insightful)
I suppose non-root users can't send e-mail? Afterall, that is a major component of what the mydoom virus does.
And I suppose non-root users can't listen on a port for incomming instructions to execute? Or run a proxy server on a non-privleged port?
And will it stop a trojan which asks 'Root password needed to continue:' and then proceeds to use it to screw your system? If users are dumb enough to run arbritrary code, they will be more than happy to supply a root password.
Linux is no more secure than windows against trojans.
Other ways to improve Linux security? (Score:5, Insightful)
It seems to me that our package managers (used by the majority of Linux users...not everyone compiles from source) are vulnerable to some type of subversion. They are not controlled or vetted by a central authority. There is no 'certificate' which can be attached to them to guarantee their purity. What the Linux community needs, I feel, is a type of central signing authority or cryptographically sealed DRM-compatible package management system. This could eliminate potential threats associated with trojaned Linux packages. Imagine a secure apt-get. Packages would be enveloped in a tough layer of crypt() security. They would be digitally signed by the Debian project manager, or even Ian Murdock for highly critical packages like the kernel. And it would be impossible to accidently load and install a trojan. Apt-get could even be modified to 'phone home' and let the Debian administrators know which packages where the most popular (and make security updating easier!) packages were being installed and to automatically e-mail users with news of package updates and 'special offers' from co-sponsors. I look forward to the community's response!
Re:Big Deal (Score:5, Insightful)
All PR and no substance. . . .again (Score:4, Insightful)
Re:Invulnerable to MyDoom type virii? (Score:5, Insightful)
By simply clicking on an attachment in any mail client in linux it will not execute... The user would have to save the attachment to disk, chmod it +x, and then execute it, and then, if the trojan wanted to write anything to disk outside of the users home directory, it would have to ask for the root password, and then if the user was that stupid, ok they really deserve to be infected with a virus. However, in a decently admined system the users don't know the root password, they don't need it ever, and they should never be installing programs. The amount of work it would take to install the trojan on linux would be a deterrent, it is also the deterrent to wide scale adoption by home users of linux.. because installing programs is just as difficult as installing trojans.
Re:Security Enhanced Sure! But... (Score:3, Insightful)
Re:Invulnerable to MyDoom type virii? (Score:3, Insightful)
I would respectfully disagree. Linux is no more secure than windows against "social engineering", but there is a difference in a trojan run as a user and a trojan run as root. One of the primary problems with Windows is the difficulty in running some software that should be "user" software without root access.
I got my first SunOS shell many years ago, and I am pretty sure most trojans, if they had existed, might have wiped out my files, but not wiped the entire system, since I certainly did not have root access. Even at an office network, it is possible to have a Linux setup without anyone having root access, but this is more difficult with Windows, and impossible with networks that work with mixed OS's (like mine) with win9x/2k/linux.
I agree that Linux is not bullet-proof, but there are some real differences that would limit the rampant spread of a worm/trojan as long as the whole world doesn't change to Lindows or other nix varients that run as root default.
Re:Invulnerable to MyDoom type virii? (Score:4, Insightful)
Whether I run as root/Administrator or not, all the important stuff on my machine (my files) are read/write/delete my user anyway. Running as an unprivileged user means two things:
a) I can't interfere with other users' files
b) I can't interfere with system files
If I'm the only user, and my system files are all backed up on the nice, shiny install media, what is the difference, apart from perhaps having to reinstall?
Re:Invulnerable to MyDoom type virii? (Score:1, Insightful)
It appears that Microsoft relies on, even banks on, the end user being completely stupid.
The open source movement instead tries to educate the end user, even if it is just a little, with how things work.
Whiners will say this takes too much time.
Again, wrong.
What takes to much time is the countless hours every week that end users spend dealing with spam, viruses, crashes, and incompatabilities.
We can thank Microsoft and their model for the majority of these.
Re:Invulnerable to MyDoom type virii? (Score:1, Insightful)
So the process of downloading and starting attached executables is more difficult. This would stop viruses that tried to hide themselves as jpegs or something, but not the "try this neato screensaver" ones.
and then, if the trojan wanted to write anything to disk outside of the users home directory, it would have to ask for the root password
You can set up Windows to work this way (NT based ones anyway). There's probably a reason Microsoft does not do that by default, and those selling Linux to the masses will quickly discover it.
ok they really deserve to be infected with a virus.
The amount of work it would take to install the trojan on linux would be a deterrent, it is also the deterrent to wide scale adoption by home users of linux.. because installing programs is just as difficult as installing
Exactly. So this is all really meaningless. You can make things just as difficult with Windows. It's not that way by default, but if you're talking "decently admined"...
In fact, Windows has more fine-grained file security, so one could argue that Windows is actually better.
Security is too expensive? (Score:4, Insightful)
So let me get this straight: US industry alone spent around half a billion buckaroonies cleaning up the last little virus/worm fiasco, we get about a half-dozen or so of these little gems per year, and yet it's TOO EXPENSIVE(tm) to engineer in security that would stop this kind of thing from happening?
So tell me, just who are these "vendors and IT decision-makers"? Or, to rephrase the question, just who are these drooling, incompetent, feeble-minded idiots who understand so little about security and the consequences of its failure? I'm asking because I want to make sure that i never, ever use (or heaven forbid, purchase!) any product that they have had anything to do with.
Mr. Tiemann, please tell us, did some people actually say this? Really? Because if so, we need to know which products, companies, and idiots to avoid. And I want some of what they're smoking.
Not necessarily true. (Score:4, Insightful)
Are you willing to warrant that there are no such holes in Evolution, Thunderbird or KMail?
Re:Invulnerable to MyDoom type virii? (Score:1, Insightful)
And a similar virus can work on Linux. Pretty much any program can start as a daemon and listen on unpriveledged ports. That's really all the Windows virus programs are doing. No root password needed.
A Linux virus is possible and would cause just as much havoc. However, most Linux software tends to be more network aware than the Windows stuff (remember that Microsoft was late to this Internet thing) and therefore isn't as riddled with obvious holes as say Outlook.
SELinux still has holes (Score:1, Insightful)
#2 if you have a kernel bug like mmremap again, you're still fuxed (and the kernel just keeps getting bigger, and bigger, and
Re:Other ways to improve Linux security? (Score:3, Insightful)
That's right. When you have piles of packages (source or binary) hosted on single servers run by the same group of people, you're making yourself a really tempting target. You don't even have to trojan a package - just find an exploit then DDOS the update servers so people can't access the fixed packages easily and you've bought yourself some time. As for large repositories of unsigned packages - let's not even go there.
There is no 'certificate' which can be attached to them to guarantee their purity. What the Linux community needs, I feel, is a type of central signing authority or cryptographically sealed DRM-compatible package management system.
No, the last thing Linux package management needs is more centralization. What we need is *less* centralization.
How many times have you heard of Windows users being compromised by trojaned InstallShield Wizards? I'm not talking about binaries a virus has infected, I mean bent installers. I've never heard of such a thing. Even if it has happened (and I expect it has a few times), it's a very hard way to infect somebodies system because you have to compromise a server, rebuild the installer somehow and then you only manage to get one package which may or may not be run by lots of people anytime soon.
What Linux package management needs to be more secure is for projects to host their own binary packages as they do for source packages. That way if/when breakins occur, the damage is at least limited.
And it would be impossible to accidently load and install a trojan.
I think this is wrong- if upstream is trojaned you are still screwed. Packagers don't audit the code, you know.
Re:Invulnerable to MyDoom type virii? (Score:3, Insightful)
Not really. Two points:
The problem with Windows permissions is that you could attach an executable and it would have 'execute' permission by default, unless in Unix-like OSes where attachments are not by default executable. You could send a Unix trojan in a tarball, but it would not be point-and-click anymore, so would probably spread less.
Still, if Windows users have 5 popular e-mail clients to choose from virus/trojan writers would still have a much harder time. That they don't, in general, should be Microsoft's problem. Except that they don't care.
Re:Invulnerable to MyDoom type virii? (Score:3, Insightful)
Re:Not necessarily true. (Score:3, Insightful)
Are you willing to warrant that there are no such holes in Evolution, Thunderbird or KMail?
All very true. However, for a virus such as mydoom to spread like wildfire and do the DDoS damage it was designed to do, it needs to acheive a "critical mass" that can only be acheived through homegeneity which Windows provides. Sure there are some clueless Linux users using unpatched Pine, Mutt, but they all have *different* vulnerabilities, and a single worm or virus could not propogate quickly using the same method.
Re:Too much security for you! (Score:4, Insightful)
Among the other security issues with XFree86:
* Runs as root. On UNIX, this is a big sin. On traditional UNIX systems, and still with most Linux systems (POSIX capabilities are one way around this), root can do anything. If you can compromise XFree, you can compromise anything. Not only that, but XFree does not drop privileges -- the whole damn thing runs with elevated privilege.
* Any user that sits down locally can use the thing. It's easy to interface with.
* By default, most systems listen for incoming connections. If you can exploit the auth system, you control a root daemon remotely.
* There are many ways to authorize to the thing (xauth, xhost, etc). It is easy to turn off authorization, and many people (disturbingly many) do so.
* There are many ways to communicate with the thing (UNIX domain sockets, TCP). XFree is not small and simple and easy to check for flaws.
* XFree talks directly to hardware. Aside from the OS, it mucks with all kinds of things that might be exploitable.
* XFree is a major attack path for monitoring user input.
* XFree is responsible for displaying a login screen (and accepting username and password).
* XFree does not natively encrypt remote connections, though many people now use ssh's tunneling abilities.
* XFree is decidedly vulnerable to traffic analysis.
XFree is pretty bad from a security standpoint, and almost anathema to a trusted system. That's not a stab at XFree -- many decisions have been made in favor of simplicity, stability, and performance, and lots of other remote access systems aren't great from a security standpoint either. If X had been built as a secure system, it'd be a lot less usable for general purpose stuff. It would be the single thing that I would first remove from a system that *must* remain secure.