Red Hat to Release Enhanced-Security Linux

Klatoo55 writes "According to an article by Techweb, Red Hat will release Red Hat Enterprise Linux 4.0, which includes support for Security-Enhanced Linux, in 2005. Red Hat has been running this system with a published IP address asking for hackers to try to break the security. The last version was defeated within 45 seconds, but this new version (apparently to be the policy for the next Fedora) has yet to be cracked."

Big Deal

[Piethon]

Big deal - even if the core OS is completely secure, there are going to be programs and scripts with vulnerabilitys.

45 Seconds?!?!

[Gunfighter]

Holy smokes!! If it only took 45 seconds to crack it the last time around, I'd venture to say they overlooked a MAJOR security hole. This one has yet to be cracked; but if they overlooked a major one before, what are the chances that there are several obscure security vulnerabilites they overlooked this time?

A good thing...

[danielrm26]

It's nice to see that SEL is being adopted by someone like Red Hat. I think this development will get more distros and organizations interested in using it, which will benefit the project greatly.

Like it or not, Red Hat sets the tone in many ways, and in this case it's a good thing.

Get a Tech Writer Already

[llouver]

"... the root had no IP address" presumably should have read "... root had no password" and the jump from the NSA developed SE Linux to the Eclipse IDE escapes me.

Re:45 Seconds?!?!

[Knuckles]

the root had no IP address

What's that supposed to mean?

Re:45 Seconds?!?!

[Anonymous Coward]

The 45-second-hack was for the last version of Red Hat Enterprise Linux, not the last version of Security Enhanced Linux. The contrast is to show how much SELinux improves things.

Of course, that doesn't rule out a bad implementation in RedHat's SELinux-based project.

Re:Big Deal

[Anonymous Coward]

... And if the OS is secure, those vulnerable programs can't do any more damage than they should be allowed to do, even if they do get compromised.

smart policy

[son_of_asdf]

This, IMHO, is smart policy. What better way to find the holes in a distro than to co-opt the people most capable of exploiting them? Even at worst this will give the folks at RH a good idea of what exploits are going to be most frequently used against thier systems.

Of course, the security of any system is dependant upon the admin and how he/she configures the software used on the system, but this at least will help to establish a baseline from which to work, and provides full disclosure of any inherent system vulnerabilities to the admins that work with the system.

...as an added bonus, this /. post will see how the system might stand up to a major bandwidth spike....

45 Seconds?

[Eberlin]

What happened? Someone ran a brute force root login with the pwlib dictionary or something? Maybe a quick ride with Nessus? Or was it a social engineer who managed to call someone and get the root password?

As has been echoed before time and again -- security is a process, not a product. Of course you'll have more secure products, but it's still up to a competent admin to make sure things are kept secure. Even then, you better have good backups because that one disgruntled guy who works in the mailroom on a machine already inside the firewall just might have an extra ace up his sleeve.

Technically Gutsy Move

[deepbluegeek]

I dig engineering/development efforts that come out and dare people to break their 'stuff'. It takes cahoneys to do such a thing and pretty talented developers to back up such a stance. More power to em!

Re:Invulnerable to MyDoom type virii?

[shird]

You should already be running your mail client under windows without admin privs, which achieves the same thing. However:

I suppose non-root users can't send e-mail? Afterall, that is a major component of what the mydoom virus does.

And I suppose non-root users can't listen on a port for incomming instructions to execute? Or run a proxy server on a non-privleged port?

And will it stop a trojan which asks 'Root password needed to continue:' and then proceeds to use it to screw your system? If users are dumb enough to run arbritrary code, they will be more than happy to supply a root password.

Linux is no more secure than windows against trojans.

Other ways to improve Linux security?

[Debian Troll's Best]

RedHat's 'trial by fire' approach for their new security policy is a good one, and is something all distro makers should try. Nothing beats having your default security config probed and tested by the world's best crackers in a real life environment. But network security is only one piece of the puzzle. As the Windows community has demonstrated time and time again, trojans and spyware can be just as dangerous from a security point of view as network exploits. And while the problem may not be as severe on Linux due to the separation of the root user from the average day-to-day account, havoc may still be wreaked by a regular user downloading a package and installing it, and thus inadvertently installing a trojan.

It seems to me that our package managers (used by the majority of Linux users...not everyone compiles from source) are vulnerable to some type of subversion. They are not controlled or vetted by a central authority. There is no 'certificate' which can be attached to them to guarantee their purity. What the Linux community needs, I feel, is a type of central signing authority or cryptographically sealed DRM-compatible package management system. This could eliminate potential threats associated with trojaned Linux packages. Imagine a secure apt-get. Packages would be enveloped in a tough layer of crypt() security. They would be digitally signed by the Debian project manager, or even Ian Murdock for highly critical packages like the kernel. And it would be impossible to accidently load and install a trojan. Apt-get could even be modified to 'phone home' and let the Debian administrators know which packages where the most popular (and make security updating easier!) packages were being installed and to automatically e-mail users with news of package updates and 'special offers' from co-sponsors. I look forward to the community's response!

Re:Big Deal

[burns210]

yes, but a good core OS will limit the damage any 1 program can do... A common argument about windows is that it itself is secure, however the programs that run it(drivers/applications/etc) are insecure. In actuallity, even with a buggy/trojan program being run, a good OS would not allow it to reak havic on much of the system, let alone crash the entire computer.

All PR and no substance. . . .again

[Anonymous Coward]

So now Red Hat is using the tired and cliche approach of getting PR by hosting a cracker contest. You would think that they'd have learned from previous examples [attrition.org]. Just because a system hasn't been defeated in a cracker contest doesn't mean its secure. Security is a process not something you can shrinkwrap. The proper way to demonstrate the security of a product is through repeated, thorough code audits like some other software distributions [openbsd.org] are doing. Things must be looking dire indeed for Redhat if they're starting to make announcements of products like this ala another company we know and love [microsoft.com].

Re:Invulnerable to MyDoom type virii?

[pavera]

Wrong,
By simply clicking on an attachment in any mail client in linux it will not execute... The user would have to save the attachment to disk, chmod it +x, and then execute it, and then, if the trojan wanted to write anything to disk outside of the users home directory, it would have to ask for the root password, and then if the user was that stupid, ok they really deserve to be infected with a virus. However, in a decently admined system the users don't know the root password, they don't need it ever, and they should never be installing programs. The amount of work it would take to install the trojan on linux would be a deterrent, it is also the deterrent to wide scale adoption by home users of linux.. because installing programs is just as difficult as installing trojans.

Re:Security Enhanced Sure! But...

[t0ny]

But Red Hat's point is that somebody can bring down Slashdot, with a hack. And, were it a race, I dont think /. could bring them down in 45 seconds.

Re:Invulnerable to MyDoom type virii?

[Pharmboy]

Linux is no more secure than windows against trojans

I would respectfully disagree. Linux is no more secure than windows against "social engineering", but there is a difference in a trojan run as a user and a trojan run as root. One of the primary problems with Windows is the difficulty in running some software that should be "user" software without root access.

I got my first SunOS shell many years ago, and I am pretty sure most trojans, if they had existed, might have wiped out my files, but not wiped the entire system, since I certainly did not have root access. Even at an office network, it is possible to have a Linux setup without anyone having root access, but this is more difficult with Windows, and impossible with networks that work with mixed OS's (like mine) with win9x/2k/linux.

I agree that Linux is not bullet-proof, but there are some real differences that would limit the rampant spread of a worm/trojan as long as the whole world doesn't change to Lindows or other nix varients that run as root default.

Re:Invulnerable to MyDoom type virii?

[Tim C]

But on a single-user system, what difference does it really make?

Whether I run as root/Administrator or not, all the important stuff on my machine (my files) are read/write/delete my user anyway. Running as an unprivileged user means two things:

a) I can't interfere with other users' files
b) I can't interfere with system files

If I'm the only user, and my system files are all backed up on the nice, shiny install media, what is the difference, apart from perhaps having to reinstall?

Re:Invulnerable to MyDoom type virii?

[Anonymous Coward]

Wrong.

It appears that Microsoft relies on, even banks on, the end user being completely stupid.

The open source movement instead tries to educate the end user, even if it is just a little, with how things work.

Whiners will say this takes too much time.

Again, wrong.

What takes to much time is the countless hours every week that end users spend dealing with spam, viruses, crashes, and incompatabilities.

We can thank Microsoft and their model for the majority of these.

Re:Invulnerable to MyDoom type virii?

[Anonymous Coward]

By simply clicking on an attachment in any mail client in linux it will not execute... The user would have to save the attachment to disk, chmod it +x, and then execute it

So the process of downloading and starting attached executables is more difficult. This would stop viruses that tried to hide themselves as jpegs or something, but not the "try this neato screensaver" ones.

and then, if the trojan wanted to write anything to disk outside of the users home directory, it would have to ask for the root password

You can set up Windows to work this way (NT based ones anyway). There's probably a reason Microsoft does not do that by default, and those selling Linux to the masses will quickly discover it.

ok they really deserve to be infected with a virus.

...which doesn't really matter. Do you deserve to be spammed by the virus after they infect their machine?

The amount of work it would take to install the trojan on linux would be a deterrent, it is also the deterrent to wide scale adoption by home users of linux.. because installing programs is just as difficult as installing

Exactly. So this is all really meaningless. You can make things just as difficult with Windows. It's not that way by default, but if you're talking "decently admined"...

In fact, Windows has more fine-grained file security, so one could argue that Windows is actually better.

Security is too expensive?

[Emor dNilapasi]

"But vendors and IT decision-makers widely believe it is too expensive to implement these more hacker-resistant security models, he [Tiemann] said."

So let me get this straight: US industry alone spent around half a billion buckaroonies cleaning up the last little virus/worm fiasco, we get about a half-dozen or so of these little gems per year, and yet it's TOO EXPENSIVE(tm) to engineer in security that would stop this kind of thing from happening?

So tell me, just who are these "vendors and IT decision-makers"? Or, to rephrase the question, just who are these drooling, incompetent, feeble-minded idiots who understand so little about security and the consequences of its failure? I'm asking because I want to make sure that i never, ever use (or heaven forbid, purchase!) any product that they have had anything to do with.

Mr. Tiemann, please tell us, did some people actually say this? Really? Because if so, we need to know which products, companies, and idiots to avoid. And I want some of what they're smoking.

Not necessarily true.

[Doktor Memory]

There have been exploitable buffer overflows in (going from memory here) PINE, MetaMail and Mutt, all of which in theory could allow a trojan email to be sent to a unix user, and none of which required clicking on an executable.

Are you willing to warrant that there are no such holes in Evolution, Thunderbird or KMail?

Re:Invulnerable to MyDoom type virii?

[Anonymous Coward]

Uh, this thing is, your important data and stuff is under your user account, not root. Otherwise how do you get to your data?

And a similar virus can work on Linux. Pretty much any program can start as a daemon and listen on unpriveledged ports. That's really all the Windows virus programs are doing. No root password needed.

A Linux virus is possible and would cause just as much havoc. However, most Linux software tends to be more network aware than the Windows stuff (remember that Microsoft was late to this Internet thing) and therefore isn't as riddled with obvious holes as say Outlook.

SELinux still has holes

[Anonymous Coward]

#1 programs like cron, login, sshd are still super-trusted, so if you have an openssh hole, you're still fuxed

#2 if you have a kernel bug like mmremap again, you're still fuxed (and the kernel just keeps getting bigger, and bigger, and ...)

Re:Other ways to improve Linux security?

[IamTheRealMike]

It seems to me that our package managers (used by the majority of Linux users...not everyone compiles from source) are vulnerable to some type of subversion.

That's right. When you have piles of packages (source or binary) hosted on single servers run by the same group of people, you're making yourself a really tempting target. You don't even have to trojan a package - just find an exploit then DDOS the update servers so people can't access the fixed packages easily and you've bought yourself some time. As for large repositories of unsigned packages - let's not even go there.

There is no 'certificate' which can be attached to them to guarantee their purity. What the Linux community needs, I feel, is a type of central signing authority or cryptographically sealed DRM-compatible package management system.

No, the last thing Linux package management needs is more centralization. What we need is *less* centralization.

How many times have you heard of Windows users being compromised by trojaned InstallShield Wizards? I'm not talking about binaries a virus has infected, I mean bent installers. I've never heard of such a thing. Even if it has happened (and I expect it has a few times), it's a very hard way to infect somebodies system because you have to compromise a server, rebuild the installer somehow and then you only manage to get one package which may or may not be run by lots of people anytime soon.

What Linux package management needs to be more secure is for projects to host their own binary packages as they do for source packages. That way if/when breakins occur, the damage is at least limited.

And it would be impossible to accidently load and install a trojan.

I think this is wrong- if upstream is trojaned you are still screwed. Packagers don't audit the code, you know.

Re:Invulnerable to MyDoom type virii?

[salimma]

But doesn't the MyDoom virus depend on a dope sysadmin clicking on a binary attachment to spread?

Not really. Two points:

• In Windows XP everyone defaults to being sysadmins
• A virus does not need access to other people's files to access our user's address book and mass-mail itself. Though in this case the virus would only be active once the user logs on

The problem with Windows permissions is that you could attach an executable and it would have 'execute' permission by default, unless in Unix-like OSes where attachments are not by default executable. You could send a Unix trojan in a tarball, but it would not be point-and-click anymore, so would probably spread less.

Still, if Windows users have 5 popular e-mail clients to choose from virus/trojan writers would still have a much harder time. That they don't, in general, should be Microsoft's problem. Except that they don't care.

Re:Invulnerable to MyDoom type virii?

[digidave]

From what I've seen lusers do I'm pretty confident that some people would spend four hours installing dependencies just so they could get the virus or trojan to run.

Re:Not necessarily true.

[Xpilot]

There have been exploitable buffer overflows in going from memory here) PINE, MetaMail and Mutt, all of which in theory could allow a trojan email to be sent to a unix user, and none of which required clicking on an executable.

Are you willing to warrant that there are no such holes in Evolution, Thunderbird or KMail?

All very true. However, for a virus such as mydoom to spread like wildfire and do the DDoS damage it was designed to do, it needs to acheive a "critical mass" that can only be acheived through homegeneity which Windows provides. Sure there are some clueless Linux users using unpatched Pine, Mutt, but they all have *different* vulnerabilities, and a single worm or virus could not propogate quickly using the same method.

Re:Too much security for you!

[0x0d0a]

Yes, I'd expect it to be a real pain in the ass to get X working. The structure of X is really awful from the standpoint of a secure system. (This is not to say that XFree86 is particularly insecure, but that current implementations of this type of software aren't particularly secure).

Among the other security issues with XFree86:

* Runs as root. On UNIX, this is a big sin. On traditional UNIX systems, and still with most Linux systems (POSIX capabilities are one way around this), root can do anything. If you can compromise XFree, you can compromise anything. Not only that, but XFree does not drop privileges -- the whole damn thing runs with elevated privilege.

* Any user that sits down locally can use the thing. It's easy to interface with.

* By default, most systems listen for incoming connections. If you can exploit the auth system, you control a root daemon remotely.

* There are many ways to authorize to the thing (xauth, xhost, etc). It is easy to turn off authorization, and many people (disturbingly many) do so.

* There are many ways to communicate with the thing (UNIX domain sockets, TCP). XFree is not small and simple and easy to check for flaws.

* XFree talks directly to hardware. Aside from the OS, it mucks with all kinds of things that might be exploitable.

* XFree is a major attack path for monitoring user input.

* XFree is responsible for displaying a login screen (and accepting username and password).

* XFree does not natively encrypt remote connections, though many people now use ssh's tunneling abilities.

* XFree is decidedly vulnerable to traffic analysis.

XFree is pretty bad from a security standpoint, and almost anathema to a trusted system. That's not a stab at XFree -- many decisions have been made in favor of simplicity, stability, and performance, and lots of other remote access systems aren't great from a security standpoint either. If X had been built as a secure system, it'd be a lot less usable for general purpose stuff. It would be the single thing that I would first remove from a system that *must* remain secure.