Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Linux Software

NSA Linux In Depth 113

Posted by Hemos from the taking-a-look-inside dept.
deran9ed writes "Folks over at IBM have an article explaining the intricacies regarding the NSA's SE Linux distribution. Included in the article, are the inner workings of the operating system. its features, design architecture. Definitely a nice article for Linux users (especially SE Linux users). Full The review is in IBM DeveloperWorks."
This discussion has been archived. No new comments can be posted.

NSA Linux In Depth More

NSA Linux In Depth

Comments Filter:

  • Silly Question(slightly offtopic) (Score:1)

    by Anonymous Coward
    May I ask a silly question?
    I think there's a generally held view in the OpenSource/FreeSoftware community that systems for which the source code is freely available are more secure than systems where the opposite is the case.
    I accept that if a security breach occurs and the source is available, then the software can be ugraded by the people who have deployed it to plug the hole.
    But surely, knowledge of how something works is half the battle towards cracking it! In WWII, for instance, once the bomb disposal people learned how to deal with the different types of time delayed fuses, they were able to defuse the UXBs without triggering the firing mechanism.
    Now, if someone wishes to crack a piece of software, doesn't making it open source help them in that they can study how it works and so devise the best strategy for cracking it?
    Just thought I'd ask a silly question

  • Re:IBM and NSA (Score:1)

    by Anonymous Coward
    Yes, it's a strange thing seeing the NSA release anything, but then, why not? Perhaps they've become more enlightened in Virginny than they used to be.
    Oh please. NSA's in Fort Meade, Maryland, right off the BW Parkway. Or so they want you to believe....
  • How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read?

    Write it in Perl.

    Did you see that 7 line DeCSS program?

  • Irony (Score:1)

    by mholve ( 1101 )
    That Linux is getting this NSA workover to make it more secure... When Microsoft seems to be headed in the other direction, especially lately with all the exploits and such coming to light.
  • You must be a better coder than me because none of my code is 100% reliable. Even at my workplace after passing QA and code reviews bugs arise. It's my belief that the more eyes on your code the better.

    If I were NASA, I would develop the code in-house with all the reliability mechanisms that you allude to and when the project was completed, release the code for the whole world to review. It couldn't hurt.
  • Occasionally code is submitted to open source projects by people who don't know what they are doing. I've submitted code to a few projects, and I didn't really know what I was doing. However, in many cases there are people who manage those projects with CVS commit access who review every patch before accepting them. The linux kernel is extremely guarded by a heiarchy of knowledgable hackers who review every patch submitted. Perhaps Linus or Alan could be an international terrorist, but that's about as likely as the NSA OS developer being a terrorist. Additionally, the NSA is inviting their own demise by not reviewing internally all the code they run. Even more secure is for them to let the rest of the world (including you, sir) to review the code that they run.
  • Alas for that theory, what they released was the source to the modified kernel (not even the binary). You have to use your own compiler to compile it. Of course, if they've been actually controlling gcc for the last umpteen years...
  • Actually, in reference to who knows or has gone though the entire kernel... Sams Press has a book that annotates the linux kernel, I think it may be complete. It may have been a 2.2 kernel though, not sure... Of course, who has actually read this book ? :P

    --
  • Well, since it's perfectly legal to take public domain works, and incoportate them in your own work, without losing copyright on the combined work, sure. Just like hollywood can use shakespeares plays and copyright the resulting movie.
  • How long until they go ahead and implement these features into the standard Kernel???
  • Uh... if you read the article, it sounds like this is a kernel, not an entire distribution. This is something you could download and build on a RedHat or Debian (or other) system. It would replace your existing Linux kernel.
  • Try this out.

    Problem:
    We know that McSoft source code was stolen by some hackers in St. Petersburg. This has already rung alarm bells in the US government. Unknown Windows binaries with back doors can be replaced with this code.

    Solution:
    Secure Linux open source code for mandatory access controls that overlord Windows by placing it in a virtual machine sandbox a la VMWARE.

    Then all government computer networks can be secured and Windows and Office software becomes safer from a security point of view. A national security nightmare from Redmond is averted.

  • man diff

  • this is not really true. they are a vary large collection of techie geeks, yes, but remember that reigning over them are managers, and an entire governmental hierarchy of institutional paranoia and administrivia.
  • Oh my god! The NSA has CLONED the hacker community and has them working SLAVE labor in their secret coding pits?!

    This must be stopped at once!

    Later,
    ErikZ

  • This is even more true the larger the system gets. For example, how many people in the world understand, line by line, exactly how the entire linux kernel operates? Even Linus himself doesn't;

    Yeaaah....I imagine it would be rather hard for Linus or someone else who knows about UNIX to write a one liner in bash that uses diff to see any changes, that NSA made against the sources from kernel.org, instantly.

    Michael
  • The spooks now gets a very cheap audit from the Worlds top security experts.

    They own the world's top security experts.

    (That's not to say that everyone in the NSA is a brilliant mathematician but neither is everyone at NASA a brilliant astrophysicist -- the important distinction is that both organizations are the only ones in their class.)

    ____________________
  • copy the source for the compiler to a different architecture, preferably some screaming fast alphaserver or ultrasparc box. compile the compiler from source. This presumes the existence of a known uncompromised compiler on the different arch. Code it from perl just to be sure. compile a new compiler for the first (compromised) arch in cross-compilation mode (assuming this is even possible. I've never done it). recompile the compiler on the first arch with the new, uncompromised compiler. recompile login(1) and all the utilities in /bin, /sbin, and the kernel. Actually, recompile *everything* just to be sure. sleep soundly, knowing the Ken Thompson cannot hack your machine. :-)
  • Kripes! We spend all our time griping at the government for not grasping the concepts of Open Source and to protect us from the evil Microsoft. Then, when a governmental agency DOES grasp the idea of Open Source, we cry "Foul! What are they DOING? Don't they know their enemies will use this against us? Have the NSA no brains?"

    So you want to see a comparison of SE Linux vs whatever. Well fine, we'll get right on it sir. You just sit there and spew out an endless stream of consiparcy theories and the rest of us will go read the code.

    Didn't we just get done reading a story about a year long cracking spree? And now a government agency, who has the brains and the dough to make an OS SECURE beyond beleif, releases something to help out, and for free, and you want us to shun it because you *think* there's something wrong with it?

    Man, you sound like a confused 6 year old who demands cookies and when given some doesn't want them.

    I can't believe you were modded up. All you did was cry WOLF! and run away.

  • It says "Dropping the bomb", but I think it really meant "Somebody set us up the bomb [servowebdesign.com]".

    -- Braeus Sabaco

  • Infect the compiler with a little reproducing bit of code that inserts itself into all code compiled with NSA Linux's copy of GCC. Compile a new version of GCC? Not to worry - you compile it with your current GCC and the new version is infected, too.

    Or...

    Put a "mostly harmless" virus into some of the base system apps and the kernel so that there's always something running as root that's infected and can make sure everything else infected.

    Then this nice little guy in the binaries but not in the source will call home to No Such Agency every once in awhile.

    Just a couple thoughts. Mind you, they might put the sneaky little present in the source, but we'd be able to find that by diff'ing their sources to ours. If there's lots of little changes, they might be able to sneak something past us.

    I'm really not as paranoid as I sound, just kicking around ideas.
  • The NSA might have made lots of tiny little changes that improve the system in little ways. What if there are major differences? They have the brains to do something like that. We'd have to test that source mighty well to find any easter eggs.

    Not to mention the fact that the easter eggs might not be in the source, but in the binaries, particularly GCC, so that any new compilings include the NSA's improvements.

    Someone should diff the NSA's source, and find out what they did. Sadly, I don't know C and don't have the time...
  • Ah, but the NSA has an even easier job than that... just release a distribution, and people start using the compromised compilers. How many of us use package managers that install binaries? Enough to get the NSA's little Easter Egg well established... Muahahahaha... *rubbing hands together evilly*

    *Ahem* scuze me, I should go take my pills now.
  • Assumes you are ... more careful than the rest of the world

    They are, from what I've read. There was a /. article about it a while ago. NASA is into *real* software engineering... no bug is "acceptable", and they *do* have processes in place to make sure - on a life and death level - that there are no unplanned operations.

  • The NSA is a big organisation, with many hats. One of these hats is to ensure that (US) government systems are secure. No matter how much you want to know others' secrets, it is far more important to protect your own - a poker player who shows his hand while trying to peek at his opponent's is unlikely to win.

    Conspiracy theorists are peddling FUD: "Don't use that software - NSA may have put a backdoor in it." They may get away with it with binary-only distributions where proving that there isn't a backdoor is difficult, but source code is a different matter. If there is a backdoor in the code, sooner or later someone will find it - particularly when conspiracy theorists are convinced there must be one, because the NSA wrote it.

    NSA = New Source Available/Now See All.
  • Not to mention the fact that the easter eggs might not be in the source, but in the binaries, particularly GCC, so that any new compilings include the NSA's improvements.

    Not a really plausible threat, since NSA released the source. Anone who's really interested is likely to get the source and compile it themselves anyway, and NSA sure can't guarantee that they'll all compile it with a cleverly NSA modified version of GCC that activates their backdoors. Most people aren't going to use the NSA's version anyway, since it isn't complete, but are going to wait for RedHat or somebody to add it to a standardized distribution.

    Heck, there's not even a real guarantee that a backdoor implemented that way would necessarily work for long. It depends on the modified compiler recognizing the exact code that it's going to modify. With Free Software, there's a good chance that somebody's going to modify the code, and then the clever recognition will fail and the backdoor won't be implemented.

  • Unix's security model isn't broken, honest. You're really supposed to need to use different computers for functions that could be implemented on one box if a compromise of one service didn't open the box as wide a the grand canyon. What a load of crap. That's a kludge, plain and simple; a small site shouldn't need to run three boxes to get security when the computing power of one of them is enough to handle all three tasks. Besides, even if running different services on different boxes does protect you against remote compromise, it does nothing against malicious users. Local exploits can't be dealt with the same way, since trying to keep different versions of the system on each local box is not a reasonable security solution. (In any case, your comment fails to account for the original poster's comment that OpenBSD is the most secure OS in the world, which is clearly not true.)

    Sorry, but Unix's security design has serious flaws. It constantly befuddles me that anyone really thinks that a system that requires constant code auditing so that a single broken program won't make the whole box vulnerable is an adequate design is beyond me. Note, though, that Unix doesn't actually need to upgrade to a full, mandatory security package to improve security a lot. All it really needs to develop much better security is some kind of least privilege system, so that programs can be run with only those privileges they specifically need to fulfill their functions. Then your example of a compromised web server not giving special access to the middleware program would still hold even if they were on the same box.

  • I did not mean that people should use OpenBSD rather than SE Linux, I mean the NSA should have implimented the features ia BSD system. Even if ACLs are imlimented in the kernel, it doesn't mean that an exploit wouldn't give a user root access, and if you think so you have a lot to learn. Meanwhile, I refuse to get into a flameware with people that are quicker to speak than think... And to address some of the redundant complaints about my post, yes, the BSD architecture is far different than Linux. I don't care if you want to deny it, but an application compiled on OpenBSD will be more secure than the same app on linux. This has a great deal to do with the kernel's code, and little to do with code auditing of the applications. I think OpenBSD would make a rock solid foundation for security features... rather than building, even the very Fort Knox of security, on a swamp
  • No, they've got to release source code.

    Of course they must "release" the source code. But with respect to the NSA and the GPL a few things come to mind regarding your statement in particular, and the article in general.

    First off, in the article, we read:

    There's no way to hide a trap door in code that all can comment upon and analyze.
    This is a true statement, in a vacuum. However, the when combined with the preceding statement:
    The distribution .tgz file contains no secret Trojan horse that reads the data on your hard disk and then sends it all back to Fort Meade.
    Let's ignore the fact that it's virtually impossible to verify that a distribution has no trojan horses in it. The very fact that this is a distribution implies it probably consists of not just source code, but also binaries. One only needs to be reminded of Ken Thompson's brilliant back door [astrian.net] in early versions of UNIX to wonder if you can ever trust any binary that comes from a tainted distribution. "But I've got the source!" How many people go to the exercise of starting with a "trusted" distribution and then iteratively move source from the "untrusted" distribution to make a "trusted" version of the new distribution? As Open-Source OS's become more mainstream a larger and larger proportion of the user community won't bother.

    Which brings me to your statement again:

    No, they've got to release source code.
    Does anyone out there know (I certainly don't) what would happen if indeed it was found that the NSA was building such a brilliant monstrosity into their secure Linux distribution? In which case, they clearly didn't release the source code that accurately represented the binaries distributed. We usually think about legal enforcement of the GPL with respect to the corporations of the world. However, what do readers think would happen if this were shown to be the case? How would the GPL hold up against claims of "in the interest of National Security"?
  • The fact of the matter is that getting near 100% reliablility requires an inane amount of boring programming work.

    Few open source or closed source projects get anywhere near this, because it is cost prohibitive. And open source programmers are driven by personal interest a lot, so they don't usually want to do boring stuff, or go over the same code 1000 times.
  • > Orange Book C2 isn't it a B1 trusted system they've designed with kernel capabilities for segregation of privilege and mandatory access controls etc?
  • So, let me get this right, we have loads of these tiny "off-by-one" errors scattered throughout the code. Each one overflowing a preconceived byte into some area of system memory.

    Then we trigger our "hidden" code somewhere else with a similar tactic designed to nuke the frame pointer.

    I guess the flaw (apart from the obscene complexity) would be if somebody spotted and fixed *just one* of the potential overflows, our code could be rendered totally useless.

    Maybe you could implement some sort of parity-based decoding routine (similar to RAID-5) which could handle this situation.

    I'm scared... 8-)

    Si
  • While I agree that the NSA may have other motives for releasing SE Linux, I doubt they are doing so to exploit a back door. If you were an international terrorist who was being watched by the USA, why would you ever use a product being built and distributed by that government. Bin Laden and Castro would have to be complete morons to actually trust anything the NSA gave them. Thats comparable to the US giving Sadam a bomb disguied as a Playstation and Sadam actually accepting it. Hello, yes there are conspiracies, but I don't think you quite hit the nail on the head on this one.
  • I don't use C/C++, but instead use Java and f90. When I am developing a code in f90, the first time I compile and run it, I use the bounds checking compiler flag to see if I stepping somewhere I did not intend to. I would expect that this would be caught in a similar way assuming gcc has such an option.

  • Well, I think you can understand the NSA's actions in releasing this.

    It comes down to money.

    If the Linux crew take this on board and in the future, versions of Linux contain this MAC security stuff, then the NSA doesn't have to buy any new software!

    This is a common reasoning for releasing stuff opensource. Build it to a working prototype level and then let other people test, debug and improve it.

    It is nice to see a big bad ugly intelligence agency giving back to the source.

    Perhaps someone should thank them for their communist spirit?

  • Under GPL, don't they have to release the source code?

    Nope. What they do have to do is make the source available to anyone they give binaries to. This idea that "they have to release mods to GPL'ed code" is the most common misconception about the GPL. Anyone is within their rights to modify a GPLed program and withold the source mods, so long as they also don't share the binaries. So if all the NSA wanted to do was to implement MAC for Linux for their own (and other USGov) use, they could have kept the changes behind the "it's classified" wall.

  • If things are so bad for NSA officials to keep tabs on terrorists and the way they commit digital crimes in association with their acts, then why would they release an OS that could further help these terrorists hide/secure their data.

    Mandatory Access Control (MAC) is one of the requirements of a B1-secure ("Labeled Security Protection") system under the Trusted Computer System Evaluation Criteria [ncsc.mil] book originally published by NCSC way back in 1983 (the so-called Orange Book). None of the TCSEC security ratings (C2, B1, B2, etc.) mention cryptography. I've seen B1 and even B2 systems (rare though they may be), none of which had encrypted filesystems. Sure, most systems have an encryption capability, but so did Bell Labs Unix - the crypt command. Crypto ain't MAC, and TCSEC don't care 'bout no crypto. The two are orthoganal.

    TCSEC is all about isolation and protection - about ensuring that access to data and information is restricted according to clearly defined rules and that information cannot be "leaked" from one security zone to another. What the NSA has produced in Linux SE is a variant of Linux that is harder to crack, even from the inside. Cryptography has nothing to do with that. But that doesn't make Linux SE bad - I'd love a less-crackable Linux, even though I personally despise living under MAC restrictions.

  • If you check copyright law, government isn't bound by it. NSA is a government organisation.


    GPL is based on copyright isn't it?


    ergo: GPL doesn't apply to the government. They can do more or less whatever they want, even AFAIK legally charge for their changes and not release source.

  • First, if you have a chance and are in the Washington/Baltimore area, the National Cryptologic Museum [nsa.gov] is a treat. Don't miss taking a photo with an old Cray supercomputer [nsa.gov]

    A favorite exhibit is the carved Great Seal of the United States from the old U.S. Embassy in Moscow
    From Surveillance countermeasures primer from Kaiser Electronics part one [martykaiser.com]
    One type of free-space transmitter, a type that has no battery, is the so-called "resonant cavity" transmitter. The Great Seal of the United States in the Moscow Embassy concealed such a device. As has been reported extensively in the media, a wooden wall plaque was presented as a gift along with the suggestion of mounting it on the wall behind the Ambassador's desk. Many may recall the photograph of Ambassador Lodge [findagrave.com] pointing to a "bug" concealed in the back of the plaque. The embarrassment caused by the detection of this transmitter motivated the intelligence community to spring into action and devices similar to it soon evolved.

    [click above for technical details on how it worked]


    Yes, the roles of the NSA are diverse and growing. From the About the NSA [nsa.gov]

    The National Security Agency is the Nation's cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information. [...]
    Happily, our government is such that we know that the organization exists and is limited its scope. Unknown and unlimited secret organizations are the greatest threat to personal and national freedom. Note too that the NSA's existence was secret.

    From The Evolution of the U.S. Intelligence community

    The 1950s Acting on the recommendations of a commission of senior officials headed by George Brownell, President Truman, by classified memorandum , established the National Security Agency (NSA) in October 1952 in recognition of the need for a single entity to be responsible for the signals intelligence mission of the United States. Placed within the Department of Defense, NSA assumed the responsibilities of the former Armed Forces Security Agency as well as the signals intelligence responsibilities of the CIA and other military elements. In 1958, the National Security Council issued directives that detailed NSA's mission and authority under the Secretary of Defense.

    The secrecy was probably the only way to combine the groups handling sensitive material which were competing for the same job.

    Keeping sensitive information from wandering off is necessary if espionage exists. Even after 50 years captured information is useful. See the now declassified (well mostly) VENONA project. [nsa.gov]

    Finally, have a look at NSA via slashdot's past in


    Enjoy, Chris Lent [cooper.edu]

  • Hello? 1/4 of the article talks about how it has nothing to do with crypto. It's a security *model*, concerned with access control. You don't even need their code to implement the design.

    In fact, it looks like some good grist for the eternal acls vs. crufty old unix security argument. They seem to have solved a lot of nagging issues by just moving the SIDs out of the object definition and maintaining mapping externally (to the file, not the system!). From the diagrams, it looks like security info is just stored in regular files on whatever filesystem you're securing. This scheme could even be used to secure FAT! Unless I'm misreading everything...

    This seems like a perfect match for linux, with its goal of filesystem interoperability. I hope the fact that it comes from the NSA and looks (to the user) a lot like the w2k model doesn't keep people from taking a closer look. In particular, I'd like to hear from the "linux/acls don't mix" crowd, to see if any of their objections are answered by this architecture.

    Those interested should probably check out the nsa itself [nsa.gov]. Turn off those cookies!

  • Sure you can look at this post and claim its a conspiracy of some sort to point out these findings, but lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to have them somewhere down the line be combined in order for the NSA to open a backdoor of some sort.

    Which is why we have the source code to look through and determine what they're doing.

    Ranessin
  • Are you on crack? Do you think they've done this for your well being? Grab a latin ditionary, and look up "Cui Bono"
  • "You can't trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code."
    - Ken Thompson

    'Nuff said.

    --
  • Second paragraph, second sentence... there is a one-byte addition to the preceeding post --- a dash "-" right after the word "to". I'll bet no one gave it even a second thought ;-)

    Sorry, I had a one-byte brain overflow there for a second...

  • Usually the problem has nothing to do with which Unix you're running, but instead with the various applications running as SUID root. So whether your preference is OpenBSD or Linux, if there's a hole in Sendmail, BIND, FTP, RPC, etc., the cracker is still getting onto your box.
  • What about Ken Thompson's famous backdoor C compiler? [acm.org] The source code looked fine, but when one compiled the login program a back door was automatically compiled in...and if you tried to recompile the compiler, you had to use the compiler and you're right back where you started.
  • Has anyone used this yet? I'm just wondering how this compares to using RedHat or Debian.

    Tyler
  • For those that have not visited the link in the article it is well worth the read. Pretty good discussion of the topics involved and a decent high-level discussion of the kernel architecture involved.

    Interesting also the comments by the NSA guy interviewed about what this is and what it is not. They are pretty carefully staying out of CroptoFS and such and not commenting about the crypto available.

    In the end there could be a lot of good done by this, in terms of making a large piece of the net harder to trash by idiots and kiddies. Also could make the linux mail/web/server platform orders of magnitude more interesting to corporate/business if easily accessible security is (more?) orders of magnitude better than NT/2000 tech.


    ------------------------

  • I was working at a bank at the time and some folks there took a *careful* look at the fixes. Since DES/3DES was a well accepted encryption standard in wide use at the time (and still is...) it's pretty important to them. Also important to the FDIC for similar reasons, and I'd be willing to bet that's a big reason for their release of that fix.
    ------------------------
  • There are many reasons they do this I am sure, including custom hardware etc.

    and the only way youcan guarantee that kind of reliability is to code it yourself
    Huge statement, also fluff. Assumes you are smarter and more careful than the rest of the world.

    In the end they do need extreme reliability, and one of the ways they deal with this systems that vote among themselves. They don't trust a single machine to be 100% reliable. No personal knowlege here, but I surmise NASA has a testing regime/QA process that is almsot unparallelled. Run an opensource project structure in the way Linux is through that same process and you would see remarkable reliability.
    ------------------------

  • # Just because there's a comment
    doesnt_really mean.u C the-truth* cycle seq
  • You think the NSA just lets anyone upgrade the bits and bobs in the kernel without it being checked by an internal commitee? Let's be honest, that's a laudible idea. As a result, there's no kernel hacker to put in a back door; you can only do that on your own system, then distribute it. I'm sure most fixes that the NSA will use will be internal and well reviewed; there won't be much chance for the unmaintainable code master to mess with the best...out of date, but still the best.
    The big question should be...who's got root access...I think it's the cigarrett smoking guy or a Roswell grey!
    Now get dressed for dinner and tell Katherine not to be spend sixty years doing her hair.
  • Unix and NetBSD have almost always been flawless for server use, both in security and stability. If you're a BSD, you may want to consider NetBSD, but if you want the best, you should turn to the mother of ice and stick with Unix.
    Some of the best used attacks won't work on either, but Unix can be a bit more pro-active with less hassle.
    NetBSD, however, is somewhat easier to learn. It's all in what you prefer.
    As for GNU/Linux, my recommendation for server use would be Debian.
    That's just my /.-er hood helping out another /.-er, even if it is an AnonCow.
  • An alternative view:

    The NSA don't give a crap.

    NSA's Linux distro is just a result of some enterprising hackers on the periphery of the organization who are bored and happen to have some free time on their hands.

    It's a joke, more than anything else, for people of their ilk - I mean come on ... why the fuck are they even *WORKING* at the NSA?

    A continuation of the altering theme:

    There are far *worse* ways for them to know what's going on in your head than by monitoring electronics in the form of computers.

    (Views are infinite.)
  • I'm as wary as the next guy of the NSA's actions, and their secretive behaviors don't seem to jive with the spirit of the GPL. But since they're going to use an operating system and not release all their modifications (though so far, they've supposedly done so with SE Linux), they might as well do it with Linux.

    If they find some fundamental flaws with Linux generally, they'll still release fixes, albeit anonymously. Anyone remember how they fixed DES against an exploit not publicly known until many years after the fix? Same thing.

    And while we might not like the NSA, we can't pretend we'd rather they be open to all the exploits that plague other operating systems. Attack them at the Congressional level, but don't compromise our national integrity by attacking them at the client level.
  • If you check copyright law, government isn't bound by it. NSA is a government organisation


    So, your theory is that government offices just buy zillions of copies of MS Office to support the economy? The idea that Bill could press charges for piracy is irrelevant?
  • SHHHH, it's one of those clever NSA hacks hiding in plain view.
  • Well, the NSA is made up of a lot of people, and I'm sure that many of them feel that they shouldn't have done this, while others felt that they should have.

    As for me, It's an overture to the Open Source movement, and I appreciate it.

    The government always had a weak argument with the four horsemen stuff (terrorists, drug dealers, child pornographers, and some other threat I can't remember). The problem is that Bin Laudin would have strong crypto no matter what. RSA was published in Scientific American back in the late 70's, it's not a big secret. People with resources and incentives to use strong crypto can get the job done on their own.

    Releasing this software isn't going to give any terrorists any fundamental capabilities they didn't have already, and not releasing it wouldn't have made the NSA's deteriorating situation with respect to surveillance any better. And who knows, maybe this will give us safer ecommerce systems.

    So let's give them credit for choosing rationality over political hype, rather than rubbing their noses in that same old hype.

    Also, I'm not sure how you're comparing Linux SE with OpenBSD. They're different animals. Linux SE is a kernel with added functionality that makes it possible to implement certain kinds of access controls. OpenBSD is an audited BSD in a small BSD with integrated crypto tools. I don't think it can do what Linux SE was designed to do, and I know that Linux SE doesn't claim to have the audit against buffer overflows. In the article they quoted the NSA guys talking about why they felt an encrypted FS was beyond the scope of their project.

    For the last 10 years I've been reading NSA flames on the net. They did something good here. I think it's great, and I hope they continue to move in this direction.
  • One option: hide the vulnerability in gcc. That could create massive problems in all *kinds* of operating systems.

    ObJectBridge [sourceforge.net] (GPL'd Java ODMG) needs volunteers.
  • That's actually easy - just read Reflections on trusting trust [acm.org] by Ken Thompson. This paper is absolutely recommended reading, and was groundbreaking when first published in August 1984. It's also one of /.'s top ten hacks of all time... Of course it would only work if your NSA Linux code was compiled on a system running NSA Linux from binaries, but that would probably apply a fair amount of the time.
  • If you think about it, it really doesn't matter who has seen the source for a truly secure kernel. If I'm using a secure OS, I won't care who knows how it works because I'm confident they won't get in. The fact that they released the source speaks very well for the NSA's confidence in their OS. They think people will read the source and still be unable to get in.
  • I briefly scanned the article and they said their goal was not to help out with any of that. But with access control mechanisms in the kernel.

    Basically what they are doing is ACL improvements.
    Nothing to do with encrypting communications.

  • Okay, so you're saying derivitive works by the gummint lose whatever copyright they originally had? Are you sure that's what you mean?
  • I thought works produced by Government Agencies were not permitted to have a copyright. Thus, any work that the NSA does on Linux falls into the Public Domain. Can work in the Public Domain co-exist with code under the GPL? Or does that not apply in this case?

    I'm also wondering about the legal status (under Copyright) of advancements made by NASA for Linux.
  • The spooks knows that alot of people assumes that this release contains hidden backdoors and will look for it. The spooks also expects that if anyone finds the backdoor they will cry Wolf on the Internet and get credited for revealing the nasty backdoor.

    Surpise, there are no intentional backdoors in this code. The spooks now gets a very cheap audit from the Worlds top security experts. This is probably what they want since they probably are using some equivalent code in very sensitive systems running the World.

    If someone finds the non existent 'backdoor' the spooks will just correct the real world system in a heartbeat and be thankful for the audit. The guy finding the 'backdoor' might even get a good job offer.

    //Pingo

  • Isn't this akin to the same kind of thing [slashdot.org] that happened to all the DSS hackers/crackers not too long ago? I mean, they could see the bits of code that Hughes was sending out to thier cards - it wasn't until the final piece got inserted did they find out the "surprise".

    Who says the same sort of thing hasn't happened with the kernel changes? Perhaps they are all, or nearly all in place, waiting for that last bit to open it up? Or maybe they will be delivered as patches, until the right moment. I'll admit that it should be very hard to do such a thing in an open source system, but that doesn't make it unlikely.

    Worldcom [worldcom.com] - Generation Duh!
  • Pretty damn easily actually. Just look for a bit of code like:

    for (i = 0; i < BUF_LEN; i++) {
    do lots of junk
    }

    and add the code:

    for (i = 0; i < BUF_LEN; i++) {
    do lots of stuff
    if (buf[i] == '\n') {
    buf[++i]=0;
    break;
    }
    do lots of stuff
    }

    it looks like it belongs, but if the \n is at the end of the buffer it will result in a one byte overflow. If the one byte it overflows is the frame pointer (which you can rearrange the declarations to make it so) you can perform a one byte overflow and execute arbitary code.
  • it would be good. Sorry, I cant find the name of the person I'm quoting. He is a professor doing research into the neurological function of art apprication. He is indian (I think) and focuses a lot of his research on hindu art. I wish I could remember his name.
  • *shrug*

    Only if they wanted to distribute the distribution outside their organization. They could have kept everything internal, instead.
  • I find it funny that everyone is so suprised that the NSA has released the source code. Under GPL, don't they have to release the source code?

    The author of the article states : If you haven't been following the cryptography area lately, let me assure you that this action by the NSA was the crypto equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers.
  • Ah, but what makes you think the compiler is intrinsically compromised? Sure you might compile X program but then lets say the compiler doesn't see the Y string of code in it so it puts it in. You go to rewrite that compiler but the compiler you're compiling the compiler with is tainted; it'll just redo that new compiler as well forcing you go to back to the very beginning. I think it was Bill Joy who wrote something like that.
  • Oh please. You can be as paranoid as you want. If your that concerned about it do like the group you claim to be a part of does. You read the source code. You study it. You improve it.

    The reason why the NSA did this is for many reasons.

    1. Improve the general state of the U.S. computer systems. Which in turn makes the NSA's job easier as they are out to protect the U.S. You might not approve of some of their methods but they are doing this to keep the U.S. a free and soverign nation. (At least the ordinary folks working there are.)
    2. Encourage development of an Open Source/Free/Outside Developed/Third Party O.S. that has Orange Book (? I think that's the right one) C2 security. Everything in anything governemnt that has any type of security has to be SO secured its disgusting. By doing this they can ideally not spend so much money developing these internal O.S.es and either not HAVE to have such a big budget or do bigger and better things with their money. Read the press release on VMware's [vmware.com] site about the cooperation with NSA to do development on Linux. Put these two things together. If I was sun, ibm, whoever does C2 hardened OSes I'd be scared right about now. The NSA wants to use linux internally, not Windows or Solaris or AIX.

    So all in all this can be seen as a good thing. If the NSA is really trying to make it so their are backdoors in every Linux installation they have a LOT of eyes to get through to slip it past.

  • I like the architecture the NSA has come up with, but I wonder if it's too complex to be used effectively in the real world. It sounds like NT's security - wonderful in theory, but in practice always left wide open. If SE Linux becomes widespread, I hope people will come up with scripts and tools to check for overly broad permissions. One problem I foresee is that commercial software like Citrix will demand overly broad permissions and refuse to run otherwise.
    I liked this quote:
    Removing permissions for a potentially dangerous program such as Netscape...

    I'm glad the NSA wasn't fooled by Netscape's pretty exterior.
  • Well...consider:
    • It's easier to hack systems you already know something about. (Security arguments aside, this is the main reason why there have been so many more viruses for Windows than Linux - and why so many more people get scared about Windows viruses.)
    • It's even easier to hack something you helped write. (I've actually been paid to hack a system under those circumstances: the system's owners lost the root password. Good thing it was only meant to be secure against remote access, and not physical.)
    • Or, from another perspective, this makes the Feds' jobs easier because US businesses will trust the NSA more than foreign businesses will, so if they can get those businesses to use something far more secure than current popular alternatives, say by hitching security to Linux to take advantage of current migrations towards Linux...
  • Reflections on Trusting Trust by Ken Thompson.

    Just a thought. :)
  • As was mentioned the last time this came up, this isn't about fixing security holes. This is about putting in a security model that's strong enough to offer real protection, then learning to deal with it.

    The next step is getting applications to live with a strong security model. When "running as root" isn't an option, you have to think carefully about how multiuser services like web servers, mail servers, and such should actually handle security. This is the hard part both conceptually and politically. This is where you find out what security models are liveable. It forces a tough rethink of how security works.

    Once you have the services working under a tough security model, then you can go back and really beat on the kernel and the hardware to look for holes in the enforcement of the model. But you have a lot less code to look at than you did when way too much stuff was running as root. And the Linux kernel functionality doesn't change much over time. So there's real hope of getting a secure system this way.

  • The word buzzword springs to mind for some reason.

    Although I suspect it should be possible to intergrate the SEL functionality into the BSD kernel.

    The rest of the changes are a number of patches to various user space apps. The SEL bundle, for want of a better words is bassed on a vanilla RedHat 6.2 install. Which I assume is because RedHat is (at least pervieved) the distribution of choice for commercial purposes

    I think I strayed nicely from the point there...


    --

  • While I do use GNU/Linux on my workstation, I think OpenBSD is by far the most secure OS on the planet and don't see why people insist on using Linux on servers. I'm glad security is on people's minds but why spend oh so many hours locking down a linux box when it takes 10 minutes to completely secure an OpenBSD system. OpenBSD performs just as well as linux, the only drawback is it's use on multiprocessor systems, of which there ally aren't many at all... be
    ides, OpenBSD's SMP is in development.
  • I remember laughing my butt off when I first heard of Thompson's hack. It truly was a thing of beauty.

    However, it does not qualify as "hiding an Easter Egg in open source" because it depends on compiling the source with a compromised compiler. The source for the NSA kernel can be compiled with compilers not supplied by the NSA. Unless of course the NSA has been hacking all our compilers for years... *chucka* *chucka* (That is the sound of black helicopters for all you that are conspiracy impaired.)

  • Not.

    I'm saying that the new NSA code isn't GPLd.

    I don't beleive that the NSA have decopyrighted Linux. (OTOH the GPL has never been tested in court so you never know.)
  • No. My theory is that works BY the government can't be legally copyrighted, and hence can't use the GPL as protection.
  • No no they don't. Have to release the code that is. You only have to release the code if you release binaries. So the NSA could take the Kernel code do whatever they want with it and not give it to anyone and they would be within the GPL. But if they distribute anything they have to distribute the source also. If you read the GPL you will notice that no where does it say you have to share only that if you share you have to share the source also.
  • It would seem that while their spooks want to be all hush hush that their computer security guys simply understand their job. Full disclosure is a *very* important concept to real security professionals. This would in truth fit very well.

  • Remember, OpenBSD is about fixing such things as buffer overflows and configuration problems in a stock Unix configuration. SE Linux and Trusted BSD go i a different direction by modifying and augmenting the security model for trust and permissions designed to allow for finer grained, strictly enforced security policies.

    No offense to OpenBSD (I use OpenBSD), but the projects are very different. For my use as a development box and workstation, all this ACL and Flask stuff would just be a PITA. On a multi-user system with important information in play, this makes a lot of sense, but will probably take some cluefull admining to implement correctly.

    I wonder if, e.g., any web hosting companies will look into this (protect users from each other and the system itself; protect the system from the internet at large) and be able to actually grok it. My webhost are pretty good (hacked parts of the FreeBSD VM system into Linux 2.2, e.g.), but this is security policy stuff can get pretty hairy--getting everyhing to work just right without breaking everything (think about getting a firewall right).

    ---
    In a hundred-mile march,

  • In the bad old days, people would have said, IBM and NSA in the same article? must be bad news!

    But the IBM developerworks zones are hosted and edited by IBM, but provide content composed by non-IBMers for non-IBMers.

    Yes, it's a strange thing seeing the NSA release anything, but then, why not? Perhaps they've become more enlightened in Virginny than they used to be. Certainly more enlightened than when Cliff Stoll wrote the Cuckoo's Egg.



    A host is a host from coast to coast, but no one uses a host that's close
  • The rest of that...

    "...in fact, we plan to kill you just for asking about it."
  • I never thought I'd say this, but . . .

    Kudos to the NSA!

  • Nah, I usually only go after anonymous cowards and people with names Bess would block.
    Other than using an older kernel as the base, though, I don't see how this is out of date. If anything, all you're missing are the nifty applications the NSA uses. I believe, but don't quote me on it, that it was "60 minutes" that recently got to take a look at many nifty security tools and devices at NSA HQ. Among them were all your favourites, retinal scanners, hand prints, voice patterns and the ever increasing in popularity, physical recognition scanner.
    Besides, as I've argued several times in /. before, Open Source does NOT mean Open Security.
    "Welcome to level fifteen, Mr. Bond. Please submit to a genetic scan."

    I prefer my replies to be shaken...not stirred.

  • How did that slip through? (Score:3)

    by pb ( 1020 ) on Friday March 09, 2001 @11:55AM (#373529)
    NSA Linux: "We could tell you about it, but then we'd have to kill you."

    Um... I'm not clicking on that link. Anyone want to cache the page and live to tell about it first? :)
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].

  • Paranoid (Score:3)

    by oconnorcjo ( 242077 ) on Friday March 09, 2001 @12:30PM (#373530) Journal
    People who think the NSA are up to something shady with this release are being way over paranoid. Come on folks- the source is available to everyone. It would be so embarassing for them to get caught with a backdoor that they would never try it.

    The idea that the NSA is comprised of ONE mind with sinister intentions is just nuts. The NSA is mostly comprised of ordinary people trying to make government systems more secure. Sure some of them are trying to crack codes and working on monitoring equipement but even they think of thier job as "working to catch bad guys".

    I would examine the NSA's code because it probably holds some really neat ideas and concepts. I am sure some X-Files fan will probably check it for the back doors anyway :) .

  • What about the following comment in the source? (Score:4)

    by Anonymous Coward on Friday March 09, 2001 @12:04PM (#373531)
    /* All your secrets are belong to us */

  • Re:Backdoor challenge for you hackers... (Score:4)

    by stang ( 90261 ) on Friday March 09, 2001 @12:38PM (#373532)

    lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to

    It seems to me that this would be double-damned hard in an open source system.
    [...]
    How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read?

    Ken Thompson's discussion of how he did this is available at http://www.acm.org/classics/sep95/ [acm.org]. To summarize, I've blindly copied from Ignatius [slashdot.org]' post in an earlier Slashdot [slashdot.org] discussion below:

    Check out the "
    back door [jargon.org]" entry of the Jargon File [jargon.org] to learn about one of the IMHO most creative hacks of all time:

    [...] Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the `login' command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.
    Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler -- so Thompson also arranged that the compiler would recognize when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled `login' the code to allow Thompson entry -- and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources. [...]

    A detailed description of the hack by Ken Thompson himself can be found here [acm.org].


    --

  • Re:WhY not OpenBSD (Score:4)

    by rgmoore ( 133276 ) <glandauer@charter.net> on Friday March 09, 2001 @02:48PM (#373533) Homepage
    While I do use GNU/Linux on my workstation, I think OpenBSD is by far the most secure OS on the planet

    Well, that just shows that there's more to security than you realize. OpenBSD may be more secure than other typical Unix-type systems because of its code auditing, it still has all of the architectural problems that Unix suffers from in general- basically that a single broken SUID program compromises the whole system. OpenBSD has had fewer exploits turn up over the years, but when one is discovered the system is just as open to crackers as other Unices.

    The goal of SE Linux is to add on mandatory access controls. Mandatory access controls are very powerful, but tend to add a lot of complexity. They add a whole different layer of compartmentalization, so that users and programs simply aren't allowed to do many operations, even if they somehow get root privileges. That's the route to true security, becuase it means that you can maintain substantial system security even if some of your programs are broken or contain Trojan Horses. Try reading some of the documentation [nsa.gov] about why the NSA sees this as important, and you might learn a bit out making really secure systems.

  • Re:Should the NSA be using Linux (Score:4)

    by wroot ( 264810 ) on Friday March 09, 2001 @01:04PM (#373534)
    Next time you telnet to a nuclear site computer, try

    /usr/local/bin/launch --longitude +60 \
    --latitude +55 --number_of_warheads 4

    and see if you can destroy my hometown

    Wroot

  • NSA (Never Saw Anything) (Score:4)

    by deran9ed ( 300694 ) on Friday March 09, 2001 @11:54AM (#373535) Homepage

    One of the things concerning the NSA's release of SE Linux is, in some instances, they complain that terrorists, and criminals are hindering their [stormpages.com] (the US Government) efforts to investigate, and or monitor crimes, and they go and release this distribution of Linux.

    Think about that for a quick second with an open mind if you will, and look at exactly what was said in this article [kablenet.com]
    CIA director George Tenet said individuals such as Osama bin Laden - the man alleged to have been behind the 1998 bombings of US embassies in East Africa - are using the internet to cloak communications within their organisations. "You recruit people on internet sites and you use encryption," Tenet said. "You move your operational planning and judgements over internet sites' use of encryption. You raise money."

    Bin Laden inspires particular alarm in the US. National Security Agency chief Mike Hayden says his own organisation is "behind the curve in keeping up with the global telecommunications revolution", which bin Laden is able to exploit. Hayden blamed this gap for the US's failure to prevent the 1998 embassy attacks, which killed 224 people.
    If things are so bad for NSA officials to keep tabs on terrorists and the way they commit digital crimes in association with their acts, then why would they release an OS that could further help these terrorists hide/secure their data. Sure you can look at this post and claim its a conspiracy of some sort to point out these findings, but lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to have them somewhere down the line be combined in order for the NSA to open a backdoor of some sort.

    We all know about the OpenSource arguements and whether or not OpenSource solidifies security, the fact remains, no one has gone line for line on the NSA's code for SE Linux to determine whether or not they've done something shady to hide their underlying actions for creating this OS.

    Now back to the OS in general, I would like to see a comparison between say SE Linux vs. OpenBSD [openbsd.org], or SE Linux vs. TrustedBSD [trustedbsd.org]. Personally I would option for OpenBSD [openbsd.org], as Trusted [trustedbsd.org] is an overlay for FreeBSD [freebsd.org].

    Again, one should wonder about the facts, the NSA claims people like Usama bin Laden and Fidel Castro [antioffline.com] are giving them headaches with technology, and yet they release something which could help them? Typical politics wouldn't you say. Hey, here's some thoughts to consider for NSA naming conventions this millenium.

    Newer Stealth Arrangements

    Never See Anything

    Next Superpower Agency

    New Snooping Applications

    Nothing's Secret Anymore

    while($information =~ /[a-z]['")]*[.!?]+['")]*\s/g) {
    $conspiracy++;
    }

    print "Your $information is filled with $conspiracy theories\n";

    Where in the world is SpeedyGrl [speedygrl.com]

  • Re:Backdoor challenge for you hackers... (Score:5)

    by trog ( 6564 ) on Friday March 09, 2001 @12:32PM (#373536)

    I would think that the best way to hide an "Easter Egg" in openly available code would be not to attempt to hide it at all.

    Just because the source is available, doesn't mean that people will examine it, nor does it mean that the people who do examine it are competent to do so. A good example of this is the OpenBSD team. Many people trust that OpenBSD has been audited. Can anyone here give one good reason why this auditing should be trusted, or what qualifies the OpenBSD team to audit the code? Even with the auditing, security compromises have been found in the audited OpenBSD code, as recently as late last year.

    This is even more true the larger the system gets. For example, how many people in the world understand, line by line, exactly how the entire linux kernel operates? Even Linus himself doesn't; he delegates code he doesn't find interesting (or doesn't have the time or ability to work on) to other people.

    Besides, there are far, far more effective ways to compromise information than a direct technology attack. Sideband attacks, social engineering, tempest readings, bribery, etc. I am of the opinion that the reason the NSA are not as up in arms as they used to be about encryption is that they have other means of obtaining that same information.

  • Missing the point (Score:5)

    by GrEp ( 89884 ) <crb002&gmail,com> on Friday March 09, 2001 @12:50PM (#373537) Homepage Journal
    I think some here are missing the point. The NSA's mission is to stop terrorists/druglords etc.

    They also charged with stoping computer terrorism.

    Instead of just trying to intercept the information trail, they are stoping the problem at its source: bad security. By encouraging corperations and govt agenceys to have better security they are saving themselves the headache of tracking down the bad guys that exploit security holes.

  • Two headed beast (Score:5)

    by rgmoore ( 133276 ) <glandauer@charter.net> on Friday March 09, 2001 @12:38PM (#373538) Homepage

    You're missing two points. The simpler one is that NSA SE Linux is not really about encryption at all; it's about adding mandatory access controls to the system. IOW it's about making the box more secure to attempts to crack it, but has nothing to do with the security of data that's transmitted from the box to the rest of the world. That means that so long as NSA can gather and decrypt the other guys' transmissions, it doesn't matter how resistant their boxen are to being cracked.

    The other thing to consider is that NSA really has two missions. One is the one that everyone pays attention to- signals intelligence. The other mission is to help American institutions develop more secure computing systems so that our data is protected, and that's the group that's involved in SE Linux. The two pieces may be nominally part of the same organization, but their structures and goals are very different. The SIGINT branch is very secretive and wishes that nobody knew that they exist. The secure computing part by definition has to evangelize and make its developments as widespread as possible in order to make sure that everyone who's supposed to be protected is protected. With an organization that schizophrenic, you shouldn't be surprised to see something like this occasionally.

  • Backdoor challenge for you hackers... (Score:5)

    by clary ( 141424 ) on Friday March 09, 2001 @12:12PM (#373539)
    Sure you can look at this post and claim its a conspiracy of some sort to point out these findings, but lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to have them somewhere down the line be combined in order for the NSA to open a backdoor of some sort.
    It seems to me that this would be double-damned hard in an open source system. I was just going to flame you as promoting an inferior conspiracy theory...but instead...

    How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read? (Let's call the function an Easter Egg, rather than a back door, because I don't want to encourage anything evil. ;-)

    I started down a couple of thought paths, and stopped because they both sounded lame to me. I keep coming up against the problem of getting the source to encode something fishy, without having it smell! Obfuscation is problemmatic, because in my mind it would raise red flags, especially in NSA code.

Slashdot Top Deals

The use of anthropomorphic terminology when dealing with computing systems is a symptom of professional immaturity. -- Edsger Dijkstra

Close