

NSA Linux In Depth 113
deran9ed writes "Folks over at IBM have an article explaining the intricacies regarding the NSA's SE Linux distribution. Included in the article, are the inner workings of the operating system. its features, design architecture. Definitely a nice article for Linux users (especially SE Linux users). Full The review is in IBM DeveloperWorks."
Silly Question(slightly offtopic) (Score:1)
I think there's a generally held view in the OpenSource/FreeSoftware community that systems for which the source code is freely available are more secure than systems where the opposite is the case.
I accept that if a security breach occurs and the source is available, then the software can be ugraded by the people who have deployed it to plug the hole.
But surely, knowledge of how something works is half the battle towards cracking it! In WWII, for instance, once the bomb disposal people learned how to deal with the different types of time delayed fuses, they were able to defuse the UXBs without triggering the firing mechanism.
Now, if someone wishes to crack a piece of software, doesn't making it open source help them in that they can study how it works and so devise the best strategy for cracking it?
Just thought I'd ask a silly question
Re:IBM and NSA (Score:1)
This is too easy... (Score:1)
Write it in Perl.
Did you see that 7 line DeCSS program?
Irony (Score:1)
Re:Should the NSA be using Linux (Score:1)
If I were NASA, I would develop the code in-house with all the reliability mechanisms that you allude to and when the project was completed, release the code for the whole world to review. It couldn't hurt.
Re:Should the NSA be using Linux (Score:1)
Re:Backdoor challenge for you hackers... (Score:1)
Re:Backdoor challenge for you hackers... (Score:1)
--
Re:Copyright and Government Agencies (Score:1)
Cool (Score:1)
Re:Ease of Use (Score:1)
Re:What about the following comment in the source? (Score:1)
Microsoft Source Code Stolen by Russians (Score:1)
Problem:
We know that McSoft source code was stolen by some hackers in St. Petersburg. This has already rung alarm bells in the US government. Unknown Windows binaries with back doors can be replaced with this code.
Solution:
Secure Linux open source code for mandatory access controls that overlord Windows by placing it in a virtual machine sandbox a la VMWARE.
Then all government computer networks can be secured and Windows and Office software becomes safer from a security point of view. A national security nightmare from Redmond is averted.
one word, diff. (Score:1)
Re:No need for Paranoia (Score:1)
this is not really true. they are a vary large collection of techie geeks, yes, but remember that reigning over them are managers, and an entire governmental hierarchy of institutional paranoia and administrivia.
Re:No need for Paranoia (Score:1)
This must be stopped at once!
Later,
ErikZ
Re:Backdoor challenge for you hackers... (Score:1)
Yeaaah....I imagine it would be rather hard for Linus or someone else who knows about UNIX to write a one liner in bash that uses diff to see any changes, that NSA made against the sources from kernel.org, instantly.
Michael
let's be realistic (Score:1)
They own the world's top security experts.
(That's not to say that everyone in the NSA is a brilliant mathematician but neither is everyone at NASA a brilliant astrophysicist -- the important distinction is that both organizations are the only ones in their class.)
____________________
compiler backdoor workaround (Score:1)
Re:NSA (Never Saw Anything) (Score:1)
So you want to see a comparison of SE Linux vs whatever. Well fine, we'll get right on it sir. You just sit there and spew out an endless stream of consiparcy theories and the rest of us will go read the code.
Didn't we just get done reading a story about a year long cracking spree? And now a government agency, who has the brains and the dough to make an OS SECURE beyond beleif, releases something to help out, and for free, and you want us to shun it because you *think* there's something wrong with it?
Man, you sound like a confused 6 year old who demands cookies and when given some doesn't want them.
I can't believe you were modded up. All you did was cry WOLF! and run away.
Mistake in article ;) (Score:1)
-- Braeus Sabaco
Re:Backdoor challenge for you hackers... (Score:1)
Or...
Put a "mostly harmless" virus into some of the base system apps and the kernel so that there's always something running as root that's infected and can make sure everything else infected.
Then this nice little guy in the binaries but not in the source will call home to No Such Agency every once in awhile.
Just a couple thoughts. Mind you, they might put the sneaky little present in the source, but we'd be able to find that by diff'ing their sources to ours. If there's lots of little changes, they might be able to sneak something past us.
I'm really not as paranoid as I sound, just kicking around ideas.
Re:Backdoor challenge for you hackers... (Score:1)
Not to mention the fact that the easter eggs might not be in the source, but in the binaries, particularly GCC, so that any new compilings include the NSA's improvements.
Someone should diff the NSA's source, and find out what they did. Sadly, I don't know C and don't have the time...
Re:Backdoor challenge for you hackers... (Score:1)
*Ahem* scuze me, I should go take my pills now.
Re:Should the NSA be using Linux (Score:1)
They are, from what I've read. There was a /. article about it a while ago. NASA is into *real* software engineering... no bug is "acceptable", and they *do* have processes in place to make sure - on a life and death level - that there are no unplanned operations.
Re:NSA (Never Saw Anything) (Score:1)
Conspiracy theorists are peddling FUD: "Don't use that software - NSA may have put a backdoor in it." They may get away with it with binary-only distributions where proving that there isn't a backdoor is difficult, but source code is a different matter. If there is a backdoor in the code, sooner or later someone will find it - particularly when conspiracy theorists are convinced there must be one, because the NSA wrote it.
NSA = New Source Available/Now See All.
Re:Backdoor challenge for you hackers... (Score:1)
Not a really plausible threat, since NSA released the source. Anone who's really interested is likely to get the source and compile it themselves anyway, and NSA sure can't guarantee that they'll all compile it with a cleverly NSA modified version of GCC that activates their backdoors. Most people aren't going to use the NSA's version anyway, since it isn't complete, but are going to wait for RedHat or somebody to add it to a standardized distribution.
Heck, there's not even a real guarantee that a backdoor implemented that way would necessarily work for long. It depends on the modified compiler recognizing the exact code that it's going to modify. With Free Software, there's a good chance that somebody's going to modify the code, and then the clever recognition will fail and the backdoor won't be implemented.
Re:WhY not OpenBSD (Score:1)
Unix's security model isn't broken, honest. You're really supposed to need to use different computers for functions that could be implemented on one box if a compromise of one service didn't open the box as wide a the grand canyon. What a load of crap. That's a kludge, plain and simple; a small site shouldn't need to run three boxes to get security when the computing power of one of them is enough to handle all three tasks. Besides, even if running different services on different boxes does protect you against remote compromise, it does nothing against malicious users. Local exploits can't be dealt with the same way, since trying to keep different versions of the system on each local box is not a reasonable security solution. (In any case, your comment fails to account for the original poster's comment that OpenBSD is the most secure OS in the world, which is clearly not true.)
Sorry, but Unix's security design has serious flaws. It constantly befuddles me that anyone really thinks that a system that requires constant code auditing so that a single broken program won't make the whole box vulnerable is an adequate design is beyond me. Note, though, that Unix doesn't actually need to upgrade to a full, mandatory security package to improve security a lot. All it really needs to develop much better security is some kind of least privilege system, so that programs can be run with only those privileges they specifically need to fulfill their functions. Then your example of a compromised web server not giving special access to the middleware program would still hold even if they were on the same box.
Re:Clairification (Score:1)
Problematic Logic (Score:1)
Of course they must "release" the source code. But with respect to the NSA and the GPL a few things come to mind regarding your statement in particular, and the article in general.
First off, in the article, we read:
This is a true statement, in a vacuum. However, the when combined with the preceding statement: Let's ignore the fact that it's virtually impossible to verify that a distribution has no trojan horses in it. The very fact that this is a distribution implies it probably consists of not just source code, but also binaries. One only needs to be reminded of Ken Thompson's brilliant back door [astrian.net] in early versions of UNIX to wonder if you can ever trust any binary that comes from a tainted distribution. "But I've got the source!" How many people go to the exercise of starting with a "trusted" distribution and then iteratively move source from the "untrusted" distribution to make a "trusted" version of the new distribution? As Open-Source OS's become more mainstream a larger and larger proportion of the user community won't bother.Which brings me to your statement again:
Does anyone out there know (I certainly don't) what would happen if indeed it was found that the NSA was building such a brilliant monstrosity into their secure Linux distribution? In which case, they clearly didn't release the source code that accurately represented the binaries distributed. We usually think about legal enforcement of the GPL with respect to the corporations of the world. However, what do readers think would happen if this were shown to be the case? How would the GPL hold up against claims of "in the interest of National Security"?Re:Should the NSA be using Linux (Score:1)
Few open source or closed source projects get anywhere near this, because it is cost prohibitive. And open source programmers are driven by personal interest a lot, so they don't usually want to do boring stuff, or go over the same code 1000 times.
Re:NSA (Never Saw Anything) (Score:1)
Re:Backdoor challenge for you hackers... (Score:1)
Then we trigger our "hidden" code somewhere else with a similar tactic designed to nuke the frame pointer.
I guess the flaw (apart from the obscene complexity) would be if somebody spotted and fixed *just one* of the potential overflows, our code could be rendered totally useless.
Maybe you could implement some sort of parity-based decoding routine (similar to RAID-5) which could handle this situation.
I'm scared... 8-)
Si
Re:NSA (Never Saw Anything) (Score:1)
Re:Backdoor challenge for you hackers... (Score:1)
No need for Paranoia (Score:1)
It comes down to money.
If the Linux crew take this on board and in the future, versions of Linux contain this MAC security stuff, then the NSA doesn't have to buy any new software!
This is a common reasoning for releasing stuff opensource. Build it to a working prototype level and then let other people test, debug and improve it.
It is nice to see a big bad ugly intelligence agency giving back to the source.
Perhaps someone should thank them for their communist spirit?
Nonsense! Go *READ* the GPL! (Score:1)
Under GPL, don't they have to release the source code?
Nope. What they do have to do is make the source available to anyone they give binaries to. This idea that "they have to release mods to GPL'ed code" is the most common misconception about the GPL. Anyone is within their rights to modify a GPLed program and withold the source mods, so long as they also don't share the binaries. So if all the NSA wanted to do was to implement MAC for Linux for their own (and other USGov) use, they could have kept the changes behind the "it's classified" wall.
MAC != Crypto - Go read the Orange Book! (Score:1)
If things are so bad for NSA officials to keep tabs on terrorists and the way they commit digital crimes in association with their acts, then why would they release an OS that could further help these terrorists hide/secure their data.
Mandatory Access Control (MAC) is one of the requirements of a B1-secure ("Labeled Security Protection") system under the Trusted Computer System Evaluation Criteria [ncsc.mil] book originally published by NCSC way back in 1983 (the so-called Orange Book). None of the TCSEC security ratings (C2, B1, B2, etc.) mention cryptography. I've seen B1 and even B2 systems (rare though they may be), none of which had encrypted filesystems. Sure, most systems have an encryption capability, but so did Bell Labs Unix - the crypt command. Crypto ain't MAC, and TCSEC don't care 'bout no crypto. The two are orthoganal.
TCSEC is all about isolation and protection - about ensuring that access to data and information is restricted according to clearly defined rules and that information cannot be "leaked" from one security zone to another. What the NSA has produced in Linux SE is a variant of Linux that is harder to crack, even from the inside. Cryptography has nothing to do with that. But that doesn't make Linux SE bad - I'd love a less-crackable Linux, even though I personally despise living under MAC restrictions.
Not: Re:why suprised? They HAVE TO RELEASE CODE (Score:1)
GPL is based on copyright isn't it?
ergo: GPL doesn't apply to the government. They can do more or less whatever they want, even AFAIK legally charge for their changes and not release source.
Museum & NSA Mission & past, Re:Two headed beast (Score:1)
A favorite exhibit is the carved Great Seal of the United States from the old U.S. Embassy in Moscow
From Surveillance countermeasures primer from Kaiser Electronics part one [martykaiser.com]
[click above for technical details on how it worked]
Yes, the roles of the NSA are diverse and growing. From the About the NSA [nsa.gov]
From The Evolution of the U.S. Intelligence community
The secrecy was probably the only way to combine the groups handling sensitive material which were competing for the same job.
Keeping sensitive information from wandering off is necessary if espionage exists. Even after 50 years captured information is useful. See the now declassified (well mostly) VENONA project. [nsa.gov]
Finally, have a look at NSA via slashdot's past in
Enjoy, Chris Lent [cooper.edu]
NSA == Never Saw Article? (Score:1)
Hello? 1/4 of the article talks about how it has nothing to do with crypto. It's a security *model*, concerned with access control. You don't even need their code to implement the design.
In fact, it looks like some good grist for the eternal acls vs. crufty old unix security argument. They seem to have solved a lot of nagging issues by just moving the SIDs out of the object definition and maintaining mapping externally (to the file, not the system!). From the diagrams, it looks like security info is just stored in regular files on whatever filesystem you're securing. This scheme could even be used to secure FAT! Unless I'm misreading everything...
This seems like a perfect match for linux, with its goal of filesystem interoperability. I hope the fact that it comes from the NSA and looks (to the user) a lot like the w2k model doesn't keep people from taking a closer look. In particular, I'd like to hear from the "linux/acls don't mix" crowd, to see if any of their objections are answered by this architecture.
Those interested should probably check out the nsa itself [nsa.gov]. Turn off those cookies!
Re:NSA (Never Saw Anything) (Score:1)
Which is why we have the source code to look through and determine what they're doing.
Ranessin
Re:Kudos! (Score:1)
This is not a matter paranoia. (Score:1)
- Ken Thompson
'Nuff said.
--
Ok, so I'm a smart aleck... (Score:1)
Sorry, I had a one-byte brain overflow there for a second...
Re:WhY not OpenBSD (Score:1)
Re:Backdoor challenge for you hackers... (Score:1)
Ease of Use (Score:1)
Tyler
IBM Article -- excellent. (Score:1)
Interesting also the comments by the NSA guy interviewed about what this is and what it is not. They are pretty carefully staying out of CroptoFS and such and not commenting about the crypto available.
In the end there could be a lot of good done by this, in terms of making a large piece of the net harder to trash by idiots and kiddies. Also could make the linux mail/web/server platform orders of magnitude more interesting to corporate/business if easily accessible security is (more?) orders of magnitude better than NT/2000 tech.
------------------------
Re:They might as well use Linux (Score:1)
------------------------
Re:Should the NSA be using Linux (Score:1)
In the end they do need extreme reliability, and one of the ways they deal with this systems that vote among themselves. They don't trust a single machine to be 100% reliable. No personal knowlege here, but I surmise NASA has a testing regime/QA process that is almsot unparallelled. Run an opensource project structure in the way Linux is through that same process and you would see remarkable reliability.
------------------------
Open Obfuscation (Score:1)
doesnt_really mean.u C the-truth* cycle seq
Do it on your own system (Score:1)
The big question should be...who's got root access...I think it's the cigarrett smoking guy or a Roswell grey!
Now get dressed for dinner and tell Katherine not to be spend sixty years doing her hair.
My own experience (Score:1)
Some of the best used attacks won't work on either, but Unix can be a bit more pro-active with less hassle.
NetBSD, however, is somewhat easier to learn. It's all in what you prefer.
As for GNU/Linux, my recommendation for server use would be Debian.
That's just my
Re:dual of the iron swords (Score:2)
The NSA don't give a crap.
NSA's Linux distro is just a result of some enterprising hackers on the periphery of the organization who are bored and happen to have some free time on their hands.
It's a joke, more than anything else, for people of their ilk - I mean come on
A continuation of the altering theme:
There are far *worse* ways for them to know what's going on in your head than by monitoring electronics in the form of computers.
(Views are infinite.)
They might as well use Linux (Score:2)
If they find some fundamental flaws with Linux generally, they'll still release fixes, albeit anonymously. Anyone remember how they fixed DES against an exploit not publicly known until many years after the fix? Same thing.
And while we might not like the NSA, we can't pretend we'd rather they be open to all the exploits that plague other operating systems. Attack them at the Congressional level, but don't compromise our national integrity by attacking them at the client level.
Re:Not: Re:why suprised? They HAVE TO RELEASE CODE (Score:2)
So, your theory is that government offices just buy zillions of copies of MS Office to support the economy? The idea that Bill could press charges for piracy is irrelevant?
Don't tell anybody (Score:2)
Re:NSA (Never Saw Anything) (Score:2)
As for me, It's an overture to the Open Source movement, and I appreciate it.
The government always had a weak argument with the four horsemen stuff (terrorists, drug dealers, child pornographers, and some other threat I can't remember). The problem is that Bin Laudin would have strong crypto no matter what. RSA was published in Scientific American back in the late 70's, it's not a big secret. People with resources and incentives to use strong crypto can get the job done on their own.
Releasing this software isn't going to give any terrorists any fundamental capabilities they didn't have already, and not releasing it wouldn't have made the NSA's deteriorating situation with respect to surveillance any better. And who knows, maybe this will give us safer ecommerce systems.
So let's give them credit for choosing rationality over political hype, rather than rubbing their noses in that same old hype.
Also, I'm not sure how you're comparing Linux SE with OpenBSD. They're different animals. Linux SE is a kernel with added functionality that makes it possible to implement certain kinds of access controls. OpenBSD is an audited BSD in a small BSD with integrated crypto tools. I don't think it can do what Linux SE was designed to do, and I know that Linux SE doesn't claim to have the audit against buffer overflows. In the article they quoted the NSA guys talking about why they felt an encrypted FS was beyond the scope of their project.
For the last 10 years I've been reading NSA flames on the net. They did something good here. I think it's great, and I hope they continue to move in this direction.
Re:Backdoor challenge for you hackers... (Score:2)
ObJectBridge [sourceforge.net] (GPL'd Java ODMG) needs volunteers.
Re:Backdoor challenge for you hackers... (Score:2)
This isn't so surprising... (Score:2)
Re:NSA (Never Saw Anything) (Score:2)
Basically what they are doing is ACL improvements.
Nothing to do with encrypting communications.
Re:Not: Re:why suprised? They HAVE TO RELEASE CODE (Score:2)
Copyright and Government Agencies (Score:2)
I'm also wondering about the legal status (under Copyright) of advancements made by NASA for Linux.
Spook public test of their technology! (Score:2)
Surpise, there are no intentional backdoors in this code. The spooks now gets a very cheap audit from the Worlds top security experts. This is probably what they want since they probably are using some equivalent code in very sensitive systems running the World.
If someone finds the non existent 'backdoor' the spooks will just correct the real world system in a heartbeat and be thankful for the audit. The guy finding the 'backdoor' might even get a good job offer.
//Pingo
But...!!! (Score:2)
Who says the same sort of thing hasn't happened with the kernel changes? Perhaps they are all, or nearly all in place, waiting for that last bit to open it up? Or maybe they will be delivered as patches, until the right moment. I'll admit that it should be very hard to do such a thing in an open source system, but that doesn't make it unlikely.
Worldcom [worldcom.com] - Generation Duh!
Re:Backdoor challenge for you hackers... (Score:2)
for (i = 0; i < BUF_LEN; i++) {
do lots of junk
}
and add the code:
for (i = 0; i < BUF_LEN; i++) {
do lots of stuff
if (buf[i] == '\n') {
buf[++i]=0;
break;
}
do lots of stuff
}
it looks like it belongs, but if the \n is at the end of the buffer it will result in a one byte overflow. If the one byte it overflows is the frame pointer (which you can rearrange the declarations to make it so) you can perform a one byte overflow and execute arbitary code.
Re:Source for your .sig (OT) (Score:2)
Re:why suprised? They HAVE TO RELEASE CODE (Score:2)
Only if they wanted to distribute the distribution outside their organization. They could have kept everything internal, instead.
why suprised? They HAVE TO RELEASE CODE (Score:2)
The author of the article states : If you haven't been following the cryptography area lately, let me assure you that this action by the NSA was the crypto equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers.
Re:Paranoid (Score:2)
Re:NSA (Never Saw Anything) (Score:2)
The reason why the NSA did this is for many reasons.
So all in all this can be seen as a good thing. If the NSA is really trying to make it so their are backdoors in every Linux installation they have a LOT of eyes to get through to slip it past.
Too complex? (Score:2)
I liked this quote:
I'm glad the NSA wasn't fooled by Netscape's pretty exterior.
Shades of grey (Score:2)
Re:NSA (Never Saw Anything) (Score:2)
Just a thought.
It's the security model, stupid (Score:2)
The next step is getting applications to live with a strong security model. When "running as root" isn't an option, you have to think carefully about how multiuser services like web servers, mail servers, and such should actually handle security. This is the hard part both conceptually and politically. This is where you find out what security models are liveable. It forces a tough rethink of how security works.
Once you have the services working under a tough security model, then you can go back and really beat on the kernel and the hardware to look for holes in the enforcement of the model. But you have a lot less code to look at than you did when way too much stuff was running as root. And the Linux kernel functionality doesn't change much over time. So there's real hope of getting a secure system this way.
Re:Why didn't they start secure with OpenBSD? (Score:2)
The word buzzword springs to mind for some reason.
Although I suspect it should be possible to intergrate the SEL functionality into the BSD kernel.
The rest of the changes are a number of patches to various user space apps. The SEL bundle, for want of a better words is bassed on a vanilla RedHat 6.2 install. Which I assume is because RedHat is (at least pervieved) the distribution of choice for commercial purposes
I think I strayed nicely from the point there...
--
WhY not OpenBSD (Score:2)
ides, OpenBSD's SMP is in development.
Re:Backdoor challenge for you hackers... (Score:2)
However, it does not qualify as "hiding an Easter Egg in open source" because it depends on compiling the source with a compromised compiler. The source for the NSA kernel can be compiled with compilers not supplied by the NSA. Unless of course the NSA has been hacking all our compilers for years... *chucka* *chucka* (That is the sound of black helicopters for all you that are conspiracy impaired.)
Re:Not: Re:why suprised? They HAVE TO RELEASE CODE (Score:2)
I'm saying that the new NSA code isn't GPLd.
I don't beleive that the NSA have decopyrighted Linux. (OTOH the GPL has never been tested in court so you never know.)
Re:Not: Re:why suprised? They HAVE TO RELEASE CODE (Score:2)
Re:why suprised? They HAVE TO RELEASE CODE (Score:2)
Re:They might as well use Linux (Score:2)
OpenBSD != SE Linux/TrustedBSD (Score:2)
Remember, OpenBSD is about fixing such things as buffer overflows and configuration problems in a stock Unix configuration. SE Linux and Trusted BSD go i a different direction by modifying and augmenting the security model for trust and permissions designed to allow for finer grained, strictly enforced security policies.
No offense to OpenBSD (I use OpenBSD), but the projects are very different. For my use as a development box and workstation, all this ACL and Flask stuff would just be a PITA. On a multi-user system with important information in play, this makes a lot of sense, but will probably take some cluefull admining to implement correctly.
I wonder if, e.g., any web hosting companies will look into this (protect users from each other and the system itself; protect the system from the internet at large) and be able to actually grok it. My webhost are pretty good (hacked parts of the FreeBSD VM system into Linux 2.2, e.g.), but this is security policy stuff can get pretty hairy--getting everyhing to work just right without breaking everything (think about getting a firewall right).
---
In a hundred-mile march,
IBM and NSA (Score:2)
But the IBM developerworks zones are hosted and edited by IBM, but provide content composed by non-IBMers for non-IBMers.
Yes, it's a strange thing seeing the NSA release anything, but then, why not? Perhaps they've become more enlightened in Virginny than they used to be. Certainly more enlightened than when Cliff Stoll wrote the Cuckoo's Egg.
A host is a host from coast to coast, but no one uses a host that's close
Re:How did that slip through? (Score:2)
"...in fact, we plan to kill you just for asking about it."
Kudos! (Score:2)
Kudos to the NSA!
*aims flamethrower* (Score:2)
Other than using an older kernel as the base, though, I don't see how this is out of date. If anything, all you're missing are the nifty applications the NSA uses. I believe, but don't quote me on it, that it was "60 minutes" that recently got to take a look at many nifty security tools and devices at NSA HQ. Among them were all your favourites, retinal scanners, hand prints, voice patterns and the ever increasing in popularity, physical recognition scanner.
Besides, as I've argued several times in
"Welcome to level fifteen, Mr. Bond. Please submit to a genetic scan."
I prefer my replies to be shaken...not stirred.
How did that slip through? (Score:3)
Um... I'm not clicking on that link. Anyone want to cache the page and live to tell about it first?
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Paranoid (Score:3)
The idea that the NSA is comprised of ONE mind with sinister intentions is just nuts. The NSA is mostly comprised of ordinary people trying to make government systems more secure. Sure some of them are trying to crack codes and working on monitoring equipement but even they think of thier job as "working to catch bad guys".
I would examine the NSA's code because it probably holds some really neat ideas and concepts. I am sure some X-Files fan will probably check it for the back doors anyway
What about the following comment in the source? (Score:4)
Re:Backdoor challenge for you hackers... (Score:4)
It seems to me that this would be double-damned hard in an open source system.
[...]
How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read?
Ken Thompson's discussion of how he did this is available at http://www.acm.org/classics/sep95/ [acm.org]. To summarize, I've blindly copied from Ignatius [slashdot.org]' post in an earlier Slashdot [slashdot.org] discussion below:
--
Re:WhY not OpenBSD (Score:4)
Well, that just shows that there's more to security than you realize. OpenBSD may be more secure than other typical Unix-type systems because of its code auditing, it still has all of the architectural problems that Unix suffers from in general- basically that a single broken SUID program compromises the whole system. OpenBSD has had fewer exploits turn up over the years, but when one is discovered the system is just as open to crackers as other Unices.
The goal of SE Linux is to add on mandatory access controls. Mandatory access controls are very powerful, but tend to add a lot of complexity. They add a whole different layer of compartmentalization, so that users and programs simply aren't allowed to do many operations, even if they somehow get root privileges. That's the route to true security, becuase it means that you can maintain substantial system security even if some of your programs are broken or contain Trojan Horses. Try reading some of the documentation [nsa.gov] about why the NSA sees this as important, and you might learn a bit out making really secure systems.
Re:Should the NSA be using Linux (Score:4)
/usr/local/bin/launch --longitude +60 \
--latitude +55 --number_of_warheads 4
and see if you can destroy my hometown
Wroot
NSA (Never Saw Anything) (Score:4)
One of the things concerning the NSA's release of SE Linux is, in some instances, they complain that terrorists, and criminals are hindering their [stormpages.com] (the US Government) efforts to investigate, and or monitor crimes, and they go and release this distribution of Linux.
Think about that for a quick second with an open mind if you will, and look at exactly what was said in this article [kablenet.com] If things are so bad for NSA officials to keep tabs on terrorists and the way they commit digital crimes in association with their acts, then why would they release an OS that could further help these terrorists hide/secure their data. Sure you can look at this post and claim its a conspiracy of some sort to point out these findings, but lets take a look at how many 1k bytes of code could be inserted throughout the SE Linux OS to have them somewhere down the line be combined in order for the NSA to open a backdoor of some sort.
We all know about the OpenSource arguements and whether or not OpenSource solidifies security, the fact remains, no one has gone line for line on the NSA's code for SE Linux to determine whether or not they've done something shady to hide their underlying actions for creating this OS.
Now back to the OS in general, I would like to see a comparison between say SE Linux vs. OpenBSD [openbsd.org], or SE Linux vs. TrustedBSD [trustedbsd.org]. Personally I would option for OpenBSD [openbsd.org], as Trusted [trustedbsd.org] is an overlay for FreeBSD [freebsd.org].
Again, one should wonder about the facts, the NSA claims people like Usama bin Laden and Fidel Castro [antioffline.com] are giving them headaches with technology, and yet they release something which could help them? Typical politics wouldn't you say. Hey, here's some thoughts to consider for NSA naming conventions this millenium.
Newer Stealth Arrangements
Never See Anything
Next Superpower Agency
New Snooping Applications
Nothing's Secret Anymore
/[a-z]['")]*[.!?]+['")]*\s/g) {
while($information =~
$conspiracy++;
}
print "Your $information is filled with $conspiracy theories\n";
Where in the world is SpeedyGrl [speedygrl.com]
Re:Backdoor challenge for you hackers... (Score:5)
I would think that the best way to hide an "Easter Egg" in openly available code would be not to attempt to hide it at all.
Just because the source is available, doesn't mean that people will examine it, nor does it mean that the people who do examine it are competent to do so. A good example of this is the OpenBSD team. Many people trust that OpenBSD has been audited. Can anyone here give one good reason why this auditing should be trusted, or what qualifies the OpenBSD team to audit the code? Even with the auditing, security compromises have been found in the audited OpenBSD code, as recently as late last year.
This is even more true the larger the system gets. For example, how many people in the world understand, line by line, exactly how the entire linux kernel operates? Even Linus himself doesn't; he delegates code he doesn't find interesting (or doesn't have the time or ability to work on) to other people.
Besides, there are far, far more effective ways to compromise information than a direct technology attack. Sideband attacks, social engineering, tempest readings, bribery, etc. I am of the opinion that the reason the NSA are not as up in arms as they used to be about encryption is that they have other means of obtaining that same information.
Missing the point (Score:5)
They also charged with stoping computer terrorism.
Instead of just trying to intercept the information trail, they are stoping the problem at its source: bad security. By encouraging corperations and govt agenceys to have better security they are saving themselves the headache of tracking down the bad guys that exploit security holes.
Two headed beast (Score:5)
You're missing two points. The simpler one is that NSA SE Linux is not really about encryption at all; it's about adding mandatory access controls to the system. IOW it's about making the box more secure to attempts to crack it, but has nothing to do with the security of data that's transmitted from the box to the rest of the world. That means that so long as NSA can gather and decrypt the other guys' transmissions, it doesn't matter how resistant their boxen are to being cracked.
The other thing to consider is that NSA really has two missions. One is the one that everyone pays attention to- signals intelligence. The other mission is to help American institutions develop more secure computing systems so that our data is protected, and that's the group that's involved in SE Linux. The two pieces may be nominally part of the same organization, but their structures and goals are very different. The SIGINT branch is very secretive and wishes that nobody knew that they exist. The secure computing part by definition has to evangelize and make its developments as widespread as possible in order to make sure that everyone who's supposed to be protected is protected. With an organization that schizophrenic, you shouldn't be surprised to see something like this occasionally.
Backdoor challenge for you hackers... (Score:5)
How would all you clever hackers out there hide a function in an open source system in a way that it can escape detection even if all the source is read? (Let's call the function an Easter Egg, rather than a back door, because I don't want to encourage anything evil. ;-)
I started down a couple of thought paths, and stopped because they both sounded lame to me. I keep coming up against the problem of getting the source to encode something fishy, without having it smell! Obfuscation is problemmatic, because in my mind it would raise red flags, especially in NSA code.