NSA Releases High Security Version Of Linux 257
tytso writes: "I recently attended a DARPA workshop which focused on high security open source operating systems. It turns out that parts of the U.S. government are really interested this topic; having an operating system with the necessary high-security features which they need, and for which source code is available, would be a really good thing for them. Among other things, for example, it would mean that they wouldn't have to live in terror about what might happen if Sun, IBM, SGI, et. al decided to pull the plug on Trusted Solaris, Trusted AIX, or Trusted IRIX. And they're serious enough that DARPA's willing to throw money at the problem.
While I was at this workshop, I met some folks from the NSA and they told me about a really neat project that they've been working on, called Security-enhanced Linux. One of the cool things about it is that it separates enforcement and policy. So selinux can easily support many different security policies, from the old (some would say outdated/silly) Multi-Level Secure/Bell-LaPadula model, to Domain-Type enforcement and Rule-Based Access Control models. So if you think that high-security features means the old silly, Secret / Top Secret / CMW bullshit, and needing to make sure that Secret windows don't get expose events from Top Secret windows, think again. A number of folks have found Domain Type Enforcement and Rule-Based Access Control systems very useful for securing Web servers and other real world systems.
The NSA folks just recently got permission to make their stuff available on the Web. It's just a proof of concept, and no doubt a lot of changes will need to made before people will accept integrating it into the kernel, but they have released a working system (both kernel and userspace patches --- RPM's aren't quite ready yet) based on Linux 2.2 and RedHat 6.1. So it's definitely worth a look, and in fact some folks with specialized needs might find it useful, even though it's a prototype.
Of course, the source code is all there, and we're encouraged to look at and audit the code. So paranoiacs who think that the NSA is trying to infiltrate trap doors into the Linux kernels needn't worry. (Besides, it's a different part of the government who's interested in spying on U.S. citizens, and it's much more efficient for them to break into your house, and insert a wiretapping device between your computer and your keyboard as part of a black bag job. :-)
The Web site is http://www.nsa.gov/selinux. I think it's really great that some folks at NSA's Information Assurance Research Office (IARO) have made this contribution to the Linux community. They're really nice folks (even if they can't talk about a lot of what they do at work :-).
P.S. Apparently it's not easy to get stuff published by the NSA, since their entire culture, not surprisingly, is based around not letting stuff out. This Web page went up a few days ago, and then some bureaucrats made the folks in the IARO take it down temporarily, much to their disappointment. At the moment it looks like they've finally crossed all of the bureaucratic t's and dotted all of the bureaucratic i's. But just in case, it might not be a bad idea if someone mirrored the entire tree just in case some flack in some other part of the agency tells them to take it down again....
"
Re:hahahahahahah (Score:1)
Re:Wow. (Score:1)
Voter error? Supervisor of Voters error in my opinion for having such junk. Just because a system is automated doesn't make it reliable. If Florida had used paper ballots then every valid vote would have been counted, and Al Gore would have been president.
Admit it. The voting machine companies are palming off junk on the public. What if Microsoft sold you MS-DOS 2.0 and claimed it was state-of-the-art. That is what the voting machine companies are doing when they sell these horrid, unreliabel machines that steal people's votes. And install an imposter as President.
Re:I have to disagree (Score:1)
Have you? And it's true, *in general*, more secure systems are more difficult to use. Try jacking up the kernel security level in any BSD and see how much stuff you would use normally breaks. There are lots of things you can do in most unices that you can't do in OpenBSD, due to them not being the most secure practices in the world - this makes the system more secure, and less usable.
There is a tradeoff, and you need to find the balance that is appropriate for your needs - developers also need to work on making their OSes security features more useable. Argus Pitbull is one of the most usable AND secure TOS add-ons I've seen, but it's still more difficult to use than your average everyday UNIX.
-lx
Re:But why the old kernel? (Score:2)
...phil
Re:NSA is not that secretive (Score:1)
Or, if you're a Brit apparently MI5 does the same thing.
Re:Why Linux instead of OpenBSD? (Score:2)
Perhaps Linux over BSD et al 'cause they had it handy? Nothing more sinister, nothing more simple?
There's two sorts of projects: Those that start out with a committee, a budget, a goal & a process. Then there's a couple of hackers playing around with some tech that came in the door, making a tweak here, making a tweak there, realizing they might have something then writing it up & getting official approval to go ahead with whatever.
It may have been been by plan that Linux got used, or it may have been just what they were playing with the clouds parted in just the right day, things clicked & they got a go-ahead.
There's a lot of bright folks who "work in Maryland" (as in don't-ask-me-details) and their internal culture, while security-obsessed, is also supposed to be pretty free & open to new ideas. Since they've got lots of spare IQ points floating around, budgets aren't a terribly over-riding concern & their mandate is to know all about lots of things (especially stuff like OS's) it's hardly suprising they've been playing with Linux. Heck, it was likely a directive from some (not so) pointy-haired-boss.
The interesting thing is that they're releasing this to the outside world. That means that either the institution thinks doing so would improve the US's security in some way or there's a bunch of geeks in there who *really* want to contribute.
P.S. (Score:2)
Oops--I was careless with my wording.
I meant, of course, that Apache doesn't deserve much credit if any for the 'opening' of NSA. They deserve tons of credit for creating a stable, robust, cross-platform (!), and free app which runs the majority of the world's web sites; and successfully flies in the face of Microsoft. Kudos to them for that!
Re:Government and GPL (Score:4)
Actually, they CAN'T release it under GPL! Huh? It's worse (better?) than that - It's public domain! We PAID for it.
Yes, to the extent that the work is done by government employees, this is true --- however, since it is based on GPL'ed code, only the changes to the code are in the public domain. The overall piece of work is still covered by the GPL. This is part of the "infectious nature" of the GPL.
Also, there's an absolutely trivial way to get around the "work done by government workers must be in the public domain". You just simply hire government contractors to do the work for you, in which case the rule doesn't apply any more. This is a really nasty loophole, especially since many senior government employees get tired of getting paid sh*t wages, and simply resign, and start working for a government contractors, who (after taking a cut, of course) resells that persons time back to the government at a much higher rate. It's a 100% lose all around for the taxpayer. We end up paying more for the same person's work, with a percentage cut being paid to the a third party as sheer overhead, and the work doesn't get have to get released into the public domain any more (the government contractor can resell code developed at government expense as some propietary, commercial product.) Lovely, eh? All because the idiots in Congress aren't willing to pay government workers --- especially in a hot field like software engineering --- what they're worth.
If you'll note on the NSA SE Linux web page, you'll see that some of the work was indeed done by contractors. Fortunately, thanks to the GPL, the overall work still has to be released under the GPL, if it's going to be released at all.
Re:rsh and WU-FTPd (Score:2)
"Sir, Saddam has Secure Linux running, what should we do?"
"Does he still have rsh running and wu-ftpd?"
"Sir, let me say that you are a true genius."
Re:Government and GPL (Score:1)
Trusting the Government and OpenSource OS's (Score:1)
I don't adgree with all of the NSA ops, but this one I do. I see highly unlikey that the NSA would "plant" bugs in open sourced code. That would be stupid. Even though we belive the NSA, CIA, FBI is sometime above the law, they have to follow laws (I'm about to go to court fighting unlawful action of a police officer). So why would they do such a thing. Everybody know this code will be audited, I know I will audit it myself, so why put bugs or backdoors into the code? Somebody will find it. If there is back doors in the code, that would be one of the dumpest thing the NSA has ever done.
Don't have to release source code, do you? (Score:1)
In other words if they modified Linux for internal security, everyone in the NSA could get a copy with out the NSA needing to release the sources to the world.
We should all welcome the NSA's contribution! (Score:1)
Re:Why Linux instead of OpenBSD? (Score:1)
I don't think the Queen of England (or a Canadian for that matter) would have much luck being hired by the NSA, but the Canadian would have much greater luck, being "trusted". Looking on their web page, any and all positions avaliable with the NSA, require you to be a US citizen (http://www.nsa.gov/programs/employ/index.html [nsa.gov]) as well as get a background check.
Phil's Right (Score:1)
Re:Hey Taco & Crew (Score:1)
Score +1 Optimistic
Score -1 Naive
Score -3 AOL user level of naivety
Score -5 I believe the government really cares about my needs naivety
You see, it just gets too wierd when you try to bring balance to the force, (or farce(or schwartz))...
Re:But... (Score:1)
Re:Wow. (Score:1)
www.perceive.net [perceive.net]
The end is near. (Score:3)
First sign: Courts finding Microsoft guilty of leveraging a monopoly
Second Sign : NSA releasing information to the public about security
Third sign : Rivers turn to blood
The end is coming just one more sign
Can someone explain this to me? (Score:2)
#ifndef SECRETBACKDOOR
#define SECRETBACKDOOR 23
#endif
I may be paranoid, but that seems a little suspicious...
I'd rather be a unix freak than a freaky eunuch
Why did they have to use Linux? (Score:1)
This seems counterproductive, in my opinion. They could have just as easily contributed to the TrustedBSD [trustedbsd.org] project. If they had done that, then their code could have actually been used in more than just one operating system, instead of just Linux, due to the incompatibilities between the GPL and the BSD license.
Re:Wow. (Score:1)
What I meant to say was that you claim is that it is necessary for a vote to be properly prepared for the machine to count it, while the Gore camp claims it is not sufficient for a vote to be properly prepared for the machine to count it. I meant to add the most important point: these two statements do not contradict each other.
Re:I have to disagree (Score:2)
But there's a good laziness and there's a bad laziness.
When laziness prompts you to find a better, more efficient, and often ingenious way to tackle the problem, it's grand. But when you don't implement a specific sanity check, or a buffer length check because of laziness, then it's a bad thing (tm).
Mike
"I would kill everyone in this room for a drop of sweet beer."
Mirror (Score:3)
Re:Wow. (Score:2)
Actualy, the media are already doing a recount under Florida's extraordinary liberal "Sunshine Laws".
There's a big blustery effort including multiple news publishers and a conservative "research" group, and they're inching along at about 450 ballots a day.
However, The Miami Herald is going it solo, and using their brains. They have already done a whole county using an optical scanner, which not only helps with speed, but also reduces subjectivity.
Guess what? That single county turned up 130 more votes for Gore. Stay tuned for more. At least until the Republicans get Scalia to order it stopped and the ballots destroyed.
--
Re:hahahahahahah (Score:2)
Either they release it, and have to release the code, or the don't release it, and you dont' have to worry.
No problem... (Score:5)
Re:Wow. (Score:2)
But, the system is broken when it comes to the application of these state votes.
The electoral college voters aren't required to vote the way the voters in their state voted. If the EC wanted, they could reverse a 99% popular vote.
That's the part that should be thrown out, an EC voter who doesn't vote the popular vote should be considered to have committed an offense on the level of vote tampering.
But then, with those votes guaranteed to go for the popular vote, we could ditch the whole EC step and just put all of the state's votes directly towards the winner of the popular election.
I know that's not what happened in Florida, but it's the biggest problem in the electoral part of USA politics.
(The other biggest problem, imho, is that campaign contributions are considered bribery, and taking them isn't considered treason.)
I think the USA (and Canada) would both benefit from a better system of actually casting votes, as have been outlined on
Re:I have to disagree (Score:2)
No, I haven't. I place a specific amount of trust in the systems I set up and a specific amount of faith in my abilities as a sysad. If anything looks peculiar or out of place, I place faith in my abilities to find any security issues in my setup and/or responsible code.
And it's true, *in general*, more secure systems are more difficult to use.
Yes, I'll agree with you, in general, they are. My point is that they don't *have* to be and just because a majority of them *are*, doesn't mean a well-designed secure system neccessarily be user unfriendly.
Try jacking up the kernel security level in any BSD and see how much stuff you would use normally breaks.
Oh I have. Case in point: trying to run X under FreeBSD with the default kernel security level. It confused me the first time I tried it, but after mucking around in the system, I found out why the X server was dying at the point it tried to open the console. I adjusted my kernel.securelevel to compensate.
There are lots of things you can do in most unices that you can't do in OpenBSD, due to them not being the most secure practices in the world - this makes the system more secure, and less usable
Very valid point. We don't have to keep the scope to UNIX though. I'm talking about the security of any computerized system, really. But, perhaps we've gotten away from the security controls the UNIX model provides. Whatever happened to the principle of least privilege anyway?
If you ask me, vendors nowadays are placing too much trust in the programmers.
Mike
"I would kill everyone in this room for a drop of sweet beer."
Re:Why Linux instead of OpenBSD? (Score:3)
The OpenBSD SMP branch is probably just waiting for code from NetBSD (where SMP is being worked on.)
Re:Wow. This is very cool. (Score:3)
Whatever your opinion of the NSA might be, this is going to be a real boost to fighting the argument that "an open source operating system can't be secure."
While I agree with you, it's important to make the distinction between an operating system which is secure, and an operating system which has high-security features. After all, this is based on Red Hat 6.2, and if the version of WU-FTPD they used happens to have some stack overruns, you can still break into the darned thing. Of course, the fact mandatory access controls are in place means that the attacker can't do as much damage, but letting someone have shell access even on a trusted OS is still a bad thing.
Having a high-security operating systems means that you both have to have the right set of features, *and* you still have to worry about fixing all of those little annoying stack overruns and format string bugs. Both parts of the story are very important.
NSA is not that secretive (Score:4)
All they really want is a little human warmth.
Wow (Score:4)
...phil
Re:Why Linux instead of OpenBSD? (Score:2)
Yes. Oh, it's more nunanced than that, but Canada is a military and economic appendage of the United States, and English-speaking Canada isn't any more culturally distinct from the U.S. than Texans, Californians, Rhode Islanders, and Michiganians are from each other. While Canada isn't states 51 through 60, it might as well be.
Re:The end is near. (Score:4)
Err, ever hear of the rainbow books? They're a series of standards for classifying trusted computer systems. They were published by the DoD, which is the parent organization for the NSA; the odds are good that there was NSA involvement in the project.
SHA, DSA, reviews of AES candidates... (Score:2)
--
Re:Dont just assume. Audit it yourself (Score:2)
That's a good thing, by the way. That review alone could improve Linux security to possibly surpass that secure BSD distro (netbsd?)
-------
Re:Wow. This is very cool. (Score:2)
Oops, sorry, I hit submit too soon. SE Linux is based on Red Hat 6.1, not 6.2.
And furthermore, the important thing to remember is that this is a prototype. Hopefully it will spark discussions about adding some or all of these features into Linux 2.5, and how to do so in a clean way. I've talked with the folks at the NSA, and that's one of their main goals behind doing this release.
Re:Linux vs. *BSD (Score:2)
Re:What potential! (Score:2)
--
Richter 9,9 (Score:2)
Because that is a MOVE. NSA publishing a security system? Think, that's first the setting of a standard. NSA is entering as a player of the security market. A big one. Second it is a risk. NSA is showing its strenghts and weaknesses to everyone. Third NSA is a security arbitrer. Someone will get up and others get real burned on this move. And fourth, NSA makes the security wars more intricted and complex than before. Right now it is not only NSA vs MI*/MOSSAD/FAPSI. This goes farther than old government pitty fights. NSA may be giving a weapon to mobs and terrorists. Or maybe be giving a weapon organisations to figth these rough groups. What will come from this, only the Future will know.
Anyway NSA made a huge move into the pedestal. It is putting itself as one of the biggest security players in the world. From now on we will have to look at NSA when talking about security. Its governmental status was already heavy-weight. Now it starts getting earthquake.
NSA code in the kernel? Oh my! Uh...It already is! (Score:3)
Go to
Oh NO! All of those unaudited strcpy's in kernel space! IEEE! And I thought linux was safe! hehe.
Moderators::Note(humor)
---
man sig
Re:Why Linux instead of OpenBSD? (Score:2)
--
Government and GPL (Score:4)
There are other government groups that talk about this. There is a Linux probram called EMC (Enhanced Machine Controler) that has been let out by the government, and there was a whole discussion of the GPL issue, and they said "We can't GPL it, we MUST Public domain it"
Go to www.linuxcnc.org for more details!
Re:Trusted Irix? (Score:2)
"Linux and the NSA. We know where you want to go today."
or, "Linux and the NSA. Partners against crime".
tigert, where are you? I want T-shirts! I want bumper-stickers!
Torrey Hoffman (Azog)
Examples please? (Score:2)
I'd like evidence for what you assert. Everyone thought that the DES S-boxes were "cooked" to give the NSA a back door into the cipher, until we discovered differential cryptanalysis and found that the S-boxes had been arranged to lend resistance to it. I think what they have contributed is as strong as they claim it to be.
I'm no fan of the NSA, quite the opposite, but I'd just like to do my bit to resist the spread of crypto-paranoia.
--
An audit doesn't change anything (Score:2)
What the stupid default password in Pirahna "proved" was that system security is an active pursuit, not a passive one. The flaw in the fish only bit people who never changed the password, even when instructed to during installation, never mind on a regular basis as many standard system security practices recommend.
Yes, by all means, do "your own damn auditing", but don't waste your time by doing so before you have an actual policy of secure practices in place to audit.
And be really careful about calling in an outside auditor. You won't get your money's worth if you and your system aren't ready, and you might wind up paying contractor rates to fix really stupid things - anyone who needed an outside auditor to find and fix the Pirahna flaw shouldn't be trusted to carry their own money, let alone their company's.
What potential! (Score:5)
I applaud the effort that these people within the NSA who brought this project to light went to. The fact that they have released this work at all is surprising. But they have demonstrated their good faith by honoring the GPL. Bravo.
Linux vs. *BSD (Score:2)
--
Trusted Irix? (Score:2)
Even if it exists, AFAIK SGI is switching over to Linux "soon" anyway, so a "Trusted Linux" is a natural progression.
This is great news for Linux...we've had a hard time getting Linux taken seriously where I work because there has been little "solid" government interest outside of clusters.
But being able to use "NSA" and "Linux" in the same sentence (and in print) will ease a lot of fears 'round these parts.
I hope someone out in slashdot land, with the requsite graphics skills, does a spoof of a "NSA Linux" distro.
Maybe a spoof of Austin Powers or something? Yeah Baby! Trusted Linux!
Re:NSA is not that secretive (Score:2)
Re:What potential! (Score:2)
I'd go so far as to say that this release shows they have interpreted protection of our industrial base as a national security interest.
Remember the spate of DDOS's we had last year, and the subsequent (almost continual) stream of press releases about how "we must protect ourselves from cyberwarfare"? Looks like the intelligence community really woke up and smelled the coffee.
But this is far beyond press releases - this is amazing stuff.
Our taxpayer dollars - not only at work, but the citizens actually personally getting the benefits.
Mad, mad, mad props to those at NSA who were part of this decision. Keep up the good work.
What about *BSD? (Score:2)
Re:Wow (Score:2)
Re:rsh and WU-FTPd (Score:2)
Nobody said you had to use those packages.
What's new is the underlying security model. If the end-user of the distro is so clueless as to put holes in the system, he deserves what he gets.
Remember - security isn't just software. It's also the guy at the root prompt.
Re:If they pull it, can Linus sue? (Score:4)
If they pull the site again, would that be a violation of the GPL? And could the NSA be sued over it?
IANAL, but my understanding is that:
You only have to release changes that you re-distribute. This does not include changes that you keep entirely within your own organization, company, or whatever.
The GPL would forbid the NSA from releasing a binary-only distribution without making the source code available, but it wouldn't have any effect on whether they can make their own in-house distribution.
Re:Nice step forward (Score:2)
Re:Why Linux instead of OpenBSD? (Score:2)
NSA Slashdotted (Score:2)
Re:Mirror (Score:2)
Re:NSA is not that secretive (Score:4)
since they're the NSA, shouldn't that read "...and in an hour or two they're giving you your lifestory..."?
"Leave the gun, take the canoli."
rsh and WU-FTPd (Score:5)
Come on, an ultra-secure system with rsh and WU-FTPd?
Okay, so it says WU-FTPd is untested, but there is no excuse for using rsh.
This makes me skeptical of the whole thing.
Re:Why Linux instead of OpenBSD? (Score:3)
Re:NSA is not that secretive (Score:2)
"Oh - so you're the guys I hear breathing on all my telephone converstions?"
"No. That's the FBI"
"So you just set up foreign dictatorships and finance black ops"
"No. That's the CIA. We're the good guys Marty."
Two spooks + Marty (Robert Redford) - Sneakers.
Re:hahahahahahah (Score:3)
Maybe you missed the part of the article where they will be releasing source code?
...phil
Re:Why Linux instead of OpenBSD? (Score:3)
Because Canada is also part of NORAD (NORth American [Air?] Defense). I don't recall all the details of the arrangment, but it goes back to the early cold war days with the setting up of the DEW (Distant Early Warning) line across northern Alaska and Canada, and various other arrangements that had to do mainly with protecting the US from Russian bombers (and later missiles) that might take the direct route over the North Pole and Canada.
There are even a few Canadian officers routinely posted to the NORAD facility in Cheyenne Mountain, although I don't recall seeing any US military in the "Diefenbunker" underground facility north of Ottawa when I was posted there.
All that said, however, there are plenty of US secrets that Canadians don't have access to.
There's also the recognition that the border between the US and Canada is pretty open both to people and information, and that strong encryption can benefit the many companies that do business and have offices in both countries.
Re:Wow. (Score:2)
Perhaps you should look at the definitions of "necessary" and "sufficient". Your claim is that it is necessary for a vote to be properly prepared for the machine to count it.
The claim made by the Gore camp is that it wasn't sufficient for a vote to be properly prepared for the machine to count it.
Even your claim is in dispute (by the by the manufacturers of the machine, no less), but that doesn't matter -- no-one provided any evidence to discard Gore's claim. Bush's lawyers didn't dispute it, and every court semed to assume it was true. The decisions always came down to other matters of law and fact.
But if you actually believe that the problem in Florida was with people who are "unable to read directions," then you've manged to shove your head very deep in the sand. Think about what actually happened some more, please.
Nice step forward (Score:5)
Even without taking all their modifications directly and integrating them, they might just show developpers innovative ways to secure Linux, which can lead to better security for everyone and alot of other software in which security is critical.
So in short, I think they're contributing to open source as a whole, not only to Linux. I also think their contribution is a BIG one. This sounds great!
Re:This IS a Good Thing(TM) (Score:2)
Security through obscurity does work when the obscurity covers _only_ the specific security plan at a site. This forces attackers waste time attempting exploits you have blocked, and may cause them to give up, fail, or get caught when otherwise they would root you. Simple military tactics, always keep your enemy guessing as to what you have and don't have.
However, when applied to security tools it does not work. Imagine security software like a wall. Why do walls work so well? Because the construction of a wall was open to all those who benefited from them. Other people could contribute to a better, more secure wall. Walls could provide the security you needed and the access you needed all at the same time. Security software must be open to the public so we can review and enhance the new "wall" of the 21st century.
Re:Source code woudln't be entirely safe... (Score:2)
Ritchie's classic essay, "Reflections on Trusting Trust", is available from the ACM [acm.org].
While I agree with your point completely, are you sure that your non-NSA Linux box doesn't have any gcc backdoors? Have you gone over it with a hex editor, or even gdb? Are you sure that your current system is any safer than anything the NSA may put out?
I haven't done any of that either; I'm as guilty as the next person of trusting the upstream sources. I'm just saying that I don't think that the NSA is the only party that would be susceptible to making stealthy changes to your system.
Re:Government and GPL (Score:2)
Sigh
Charlie
Wow. This is very cool. (Score:4)
Re:Linux vs. *BSD (Score:2)
Realistically, they're not using any of the above internally for truly secure computing.
I like it. (Score:4)
Wow the government is waking up to the fact that security through obscurity is not security at all.
Plus think of all the money they save with all us crypto geeks hacking at their code testing for bugs, coming up with new additions just because it would be cool to say you helped write part of the NSA's security system
Re:Nice step forward (Score:5)
An offshoot of LOCK is the Sidewinder firewall, which the AF picked as the standard firewall to protect all AF bases. (I don't, and haven't worked for SCC, but I did spend a year installing Sidewinders at AF bases.) While some hate it for its relatively slow throughput, I've *never* heard anyone say it was insecure. "Type Domain" security is a series of serious brick walls for an attacker to breach.
Yes, NSA is usually reticent about most things, but not about Computer Security. When I worked at the National Computer Security Center (part of NSA), other NSA entities shunned us because we were so open. Ever heard of the old "Orange Book" and the rest of the "Rainbow Series?" All NSA stuff!
History: NSA had an earlier project to secure Tannebaum's Minix in a similar way. It was targeted at the C2 level. I was saddened when they abandoned that effort.
Now, I look eagerly forward to checking out SCC/NSA's "Secure Linux!"
Dont just assume. Audit it yourself (Score:5)
Do not rely only on peer review. If you want to be sure about what you are using, especially in environments needing ultimate security, do your own damn auditing and testing or pay someone to do it.
Oh, and Merry Christmas.
Re:because *BSD is dying (Score:2)
Blah blah BLAH blah blah!
You post the same thing every single time someone mentions *BSD. Don't you get tired of being so repetitive?
Here's a fact for you: Market share doesn't matter for anything but profitability. If a product is free and distributable, it's going to continue to be used regardless of what the companies behind it do. (including go out of business)
In short, who CARES that FreeBSD went out of business? It's still available, and it's as good now as it was before. Marketing surveys are all pretty much shite.
I have to disagree (Score:5)
This statement is opinion and is fundamentally flawed. Of course it is possible to have a completely secure and completely usable multi-user system. Where did you get the idea that a secure system is less usable than an unsecure one?
It is true that many vulnerabilities are discovered on a daily basis. These vulnerabilities are the result of only ONE thing: programmer error.
Eliminate programmer error and, assuming we're not introducing vendor/admin error into the equation, you have a secure system. The largest causes of programmer error are:
ignorance
carelessness
laziness
Unfortunately, even the best coders in the world are still human, and that leaves the possibility for error. The larger and more complex the project, the larger the chance for error. So what's the answer? Collaboration. Peer review. Open source is the best method for peer review.
You could also set it so you have NO ports open, but then you can't get on most irc networks because of no ident...
This is a moot point. IRC is not something you would be running on a mission-critical must-be-secure box. You must also understand that just because a box has no ports open doesn't mean it's secure.
so just stick with slak 7.1 with a chmod'd suid perl
Are you implying that slackware 7.1 is a secure system? Have you audited the entire distribution yourself? Can you honestly say that you trust your distribution to be 100% secure?
If you do, one of these days, you're going to be in for a rude awakening. Unfortunately, that's a problem with admins these days. They blindly trust their systems. I don't care if a specific OS wasn't vulnerable to ANY bugs disclosed in the last 3 years, that doesn't mean that that OS is secure. You should ALWAYS assume all systems to be insecure and untrusted.
It's not really a question of secure/insecure, because no system is completely secure; it's more a question of faith and trust.
Mike
"I would kill everyone in this room for a drop of sweet beer."
Re:Dont just assume. Audit it yourself (Score:5)
Of course it did, that's the point. Security isn't something you achieve overnight, the status of any particular system is very much the result of consensus building which takes time. It's down to how many eyeballs have looked at the system, how deep they've looked at it, and how long they've looked at it.
Opening up the source results, eventually, in a more secure system because those people who do so can look deeper, and also because the skills to analyse source code are more widespread than the skills required to analyse a running binary, so hopefully more people will do so. But anyone who takes a newly released system and immediately relies on it for security has to be insane.
And while doing your own audit is good advice, the most valuable result will be a new data point to add to the global consensus. Relying on your own analysis isn't much better than relying on no analysis at all, but if 100 people have looked at the system over 5 years or so and not found it wanting, then we start to feel some level of confidence in it.
Of course this is if you want to do security properly, but for most people, for most applications, this level of care is just not necessary.
Re:Wow (Score:2)
Re:So.. What about Sun, IBM, and SGI ?? (Score:2)
Hey Taco & Crew (Score:2)
Score +1 Cautious
Score -1 Paranoid
Score -5 Written from a Y2K Bunker
Re:What potential! (Score:2)
Security-enhanced Linux is being released under the conditions of the GNU General Public License (GPL). The release includes documentation and source code for both the system and some system utilities that were modified to make use of the new features. Participation with comments, constructive criticism, and/or improvements is welcome.
This is unbelievably cool! For ANY government agency to release GPL code is huge, but for the NSA to do it is a stunning precedent. I just wonder if this action will survive the change of administration.
I recommend that people write their Congressmen and express support for this.
Re:I have to disagree (Score:2)
Anyhow, yes, I suppose not running IRC makes it less usable. But you have the *option* of using it. You're just taking a chance. And you most certainly should run IRC as root. It's a shame that some people do.
My stance on everything vulnerability-related is that it is most always the programmer's fault, and we are placing a lot of trust in the author's ability to write decent, secure code. If protocols were designed flawlessly and apps were written flawlessly, then there is absolutely no reason why any "secure" system would be less usable than an insecure one. In this situation, the only way a system could become insecure is by fault of the admin.
By secure, I mean a system that can't be cracked, has no way to leak information, has no holes anywhere. It's a hypothetical system. Nobody knows for sure whether a system is secure. It's a concept.
My core point is there is absolutely no reason that a secure system should be less usable than an insecure one. It's because we will never know whether a system is secure or not that we have to place a certain amount of trust into it.
You can never prove a system to be secure, but you sure as hell can prove it to be insecure.
Mike
"I would kill everyone in this room for a drop of sweet beer."
Why Linux instead of OpenBSD? (Score:3)
mirror of selinux in australia (Score:2)
ftp://ftp.planetmirror.com/pub/selinux/
http://ftp.planetmirror.com/pub/selinux/
cheers,
-jason
This is cute - I'll make sure that FAPSI hear! (Score:2)
There has been a lot of interest in open systems in the Russian Federation because you can legally have the source code. This isn't the old days and they are not supposed to be sitting on the VSS archives of NT.
Strangely enough, the Russian federation has a similar probem to the US. How to do electronic commerce securely. The Russian Federation is a lot bigger (9 hours time difference from St. Pete to Vladivostok) thus making non-electronic commerce a major problem.
If the Russians decide they also like SE Linux, it will be a big plus. At the moment, on the commercial side, they use a mixture of OpenBSD and Mandrake Linux.
If you want to do anything security-wise, FAPSI want to know about it so I'm pretty sure we'll get to hear their opinion soon. The general Russian opinion on standard Linux was not that high for security, although they liked the price and the uptime.
Re:Dont just assume. Audit it yourself (Score:2)
The piranha security hole was "found" and delt with in just two or three weeks after the initial release.
I use quotes around "found" because there were people who knew about it before but didn't think it was a big deal. (Which it was).
Re:hahahahahahah (Score:3)
Actually they aren't forced to make it public, they are only forced to give the source code to who the os is distributed. They could just distribute internally and make it avaliable to anyone who uses their systems. This release is really a decision they made based on the need for security or publicity. Which one doesn't matter, what matters is they were not forced to do this.
Re:What potential! (Score:2)
Re:As long as they release the code... (Score:5)
I'm not one to read the articles either, but in this case I made a special exception, and yes, there is a download link [nsa.gov].
You may also find this note at the bottom of the main site interesting:
--
Re:Why Linux instead of OpenBSD? (Score:2)
If Theo is really such a problem, there's one solution that will still let them do it: fork.
---
Re:easy way to secure a box (Score:2)
Mike
"I would kill everyone in this room for a drop of sweet beer."
It's more about administration and usage (Score:3)
The key concept of mandatory access controls is that ordinary users are prevented from leaking information even if they want to. Discretionary access controls, all standard UNIX has, allow any user to change their own file modes to 777 and allow access by anybody.
Once you have mandatory access controls, you have to figure out new ways to do many administration tasks. Logging in as root isn't an option. Getting the Linux community thinking about how that can work is a major step forward.
If Linux system administration and applications get worked around to where they can live with mandatory security, that's a big win. Then a kernel with mandatory security can become widely used.
Re:Trusting the Government and OpenSource OS's (Score:2)
Re:Big guns at the NSA (Score:2)
The NSA has been using 'sort of open' code since several decades before the www even existed, let alone apache. Try looking at the long view, and you'll realise that the NSA has owned more computing power than just about anyone for most of the history of computers, and the very idea of proprietary software hasn't been around for very much of that time.
Open source as a concept is as old as computing. Open Source as an evangelical movement is the only thing that's new. (and usually quite annoying
Re:Dont just assume. Audit it yourself (Score:2)
I think you're thinking about OpenBSD [openbsd.org].
[TMB]
Wow. (Score:3)
Wonder when they're going to have their IPO.
--
Yeah, but..... (Score:2)
----------------------------
Silicone Valley? (Score:2)