Comments
Nicholas Weaver • April 8, 2008 1:34 PM
Yes, because it isn’t a black box.
Stephen Smoogen • April 8, 2008 1:57 PM
I think it can be trusted in the sense that the rules for it should be open and the various patches ofr it have been developed in the open with people who are looking for NSA mis-steps. I think that putting back doors in place would be less than useful as 1) they will be looked for a lot more, 2) if found they would make the elliptical backdoors look minor, and 3) its a heck of a lot easier to get in with just the usual things web systems admins do..
bob • April 8, 2008 1:59 PM
more so than I do Vista…
Robin Stacey • April 8, 2008 2:08 PM
I’d file it under “interestingly unnecessary”.
Linux has proven secutiy; the NSA doesn’t. I rather think that they need Linux more than Linux needs them 🙂
Don Marti • April 8, 2008 2:09 PM
The packaged form of SELinux, as seen in Red Hat Enterprise Linux and other distributions, is already working.
SELinux mitigations — http://www.tresys.com/selinux.html — 2 each for 2005 and 2006, up to 4 in 2007 (including a big Samba vulnerability) and already 1 in 2008. More here: http://www.linuxworld.com/news/2008/022408-selinux.html
Jon • April 8, 2008 2:14 PM
I’m on the fifth line of source code. I’ll let you know after I’ve finished examining the rest.
Fred P • April 8, 2008 2:24 PM
Here’s the main SELinux site.
As to “trust or not”, I implicitly trust it more than any OS where I can’t read the code. Any more detail would depend too much on the application that I intend to use it for.
Craig • April 8, 2008 2:25 PM
I don’t use SELinux, but yeah, I’d be inclined to trust it. The source code is all there. Sure, there could be a sneaky backdoor in it somewhere, but remember NSA’s mysterious changes to the DES S-boxes… people wondered for years if the NSA had introduced a backdoor, but it turned out that they had actually made DES more secure against differential cryptanalysis. Sure, let’s not trust the spooks too much, but not everything they do is evil.
pegr • April 8, 2008 2:27 PM
The NSA doesn’t need help breaking into your computer. (That’s the CIA/FBI’s job anyway.)
What they are doing is supplying a secure platform for government services. Expect to see more government systems running this. I’m happy to have it.
Jim Sting • April 8, 2008 2:34 PM
Malvin: I can’t believe it, Jim. That girl’s standing over there listening and you’re telling him about our back doors?
Jim: Mister Potato Head! Mister Potato Head! Back doors are not secrets!
Malvin: Yeah, but Jim, you’re giving away all our best tricks!
Bryan • April 8, 2008 2:35 PM
This is only about the open-source SELinux enhancements to the Linux kernel, primarily “mandatory access control” features that give administrators a much greater ability to control and audit what each program, user, group or file on the system is capable of. Instead of just the traditional file permissions.
This isn’t an entire Linux distribution or a CD you can pop in your machine and replace windows with.
The SELinux features are already in use in at least Red Hat Enterprise Linux and have been around for years now.
NSA also publishes guides for securing the rest of your Linux software: http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf
At least pretend to know what it’s about before getting too paranoid.
StrawberryCupcake • April 8, 2008 2:37 PM
No.
The reason? Not that it’s from the NSA; however, I’ve seen the relentless pushing on lkml by SELinux developers for the LSM (Linux security framework) hooks to be removed entirely so that SELinux would be the only security module for Linux period, and that just makes me wonder every time. Are they really just convinced that SELinux is the best security module, and the only one you’ll ever need, or do they want to make it impossible to use alternatives for other, more sinister reasons?
I don’t want to put on my tinfoil hat, but I also won’t trust them just because they claim to be the good guys – actions speak louder than words.
Tracy R Reed • April 8, 2008 2:47 PM
I trust it. It is GPL, has been reviewed by many, and it works. I think it should be the job of the government/NSA to help us secure our computers in open and transparent ways. It benefits the economy and the nation as a whole to have more secure infrastructure. I liken it to the national highway system. It is in everyone’s interest both military and civilian.
Tanuki • April 8, 2008 2:51 PM
“Trust, but Verify” – Ronald Reagan.
There’s no sensible way for an individual to do a walkthrough validation of hundreds of Megabytes of code. For me, the only trustworthy systems are those which adopt a hardcore minimalist approach – take out what’s not absolutely necessary. If something solid and realtime like Cisco IOS can fit into a few tens of Megabytes, I really fail to see the need for the current generation of Linux-bloatware.
Caleb Cushing • April 8, 2008 2:56 PM
Yes and No. It is open source so we will eventually find anything they have done. But even that being said, I can put it behind a firewall that couldn’t be backdoor-ed so easy and if they try to call home I can packet sniff and find that easy. All without reading the source. Those are how we know the MS calls home.
Do I trust it to be as secure as they think it is? no.
anonymous canuck • April 8, 2008 2:59 PM
SeLinux and any other Multi-level secure system has very interesting properties if you use the functionality.
An MLS can mitigate all kinds of vulnerabilities by keeping things contained. To exploit successfully, you may need to find two major vulnerabilities. One to get into the box. And a second to break containment.
Of course if you don’t understand what it is you are turning on have the potential to hurt yourself or administer yourself into a very unfriendly box.
So probably, yes for many of the same reasons stated above.
Of course, if I’m not going to use the MLS then the question is a bit mute.
Kevin D. S. • April 8, 2008 3:01 PM
Sure – particularly since I’d be using it for DoD systems. I’d love to see the NSA complain about it not being robust enough! 🙂
Dan • April 8, 2008 3:07 PM
Trust:
– that NSA hasn’t done something sneaky? Probably. There are smarter ways to do that.
- that SELinux MAC is going to provide another security layer? Sure. Now if I can just figure out why I want it…
- that SELinux is more secure than vanilla Linux? Probably, but is it too secure?
- that SELinux is as secure as NSA thinks it is? Probably not – errors are unknowns, if they knew about them they’d have fixed them already.
But for all I know Ken Thompson still has a login on my system.
Mike • April 8, 2008 3:10 PM
I looked at the link and, so far as I could see, all it was saying was that there was a new version of SE Linux. Sounds like “business as usual” to me: I mean SE Linux — and AppAmor, which works similarly — have been around in some versions for quite awhile:
http://en.wikipedia.org/wiki/SELinux
http://en.wikipedia.org/wiki/AppArmor
But maybe I’m missing something.
It seems to boil down to this: Mandatory Access Control of some sort or another is nice to have, and great for people whose security needs are greater than average, like the NSA’s … and who have admins who understand it. But it looks to me like it may be overkill for the average user. Wiki has an interesting quote from Theodore T’so:
“…given the threat models and capabilities of the adversaries involved, that’s probably appropriate… But that’s not necessarily appropriate for all users. SELINUX is so horrible to use, that after wasting a large amount of time enabling it and then watching all of my applications die a horrible death since they didn’t have the appropriate hand-crafted security policy, caused me to swear off of it. For me, given my threat model and how much my time is worth, life is too short for SELinux.”
Now this man isn’t exactly a neophyte: he’s responsible for ext3 among other things. I suppose one might say a programmer’s skills and a sysadmin’s aren’t identical, and maybe he lacks the patience to set it up. Still and all, if he’s got problems using it, most of us would probably be better to avoid it.
Carlo Graziani • April 8, 2008 3:11 PM
I think it requires paranoia above and beyond the usual obsessive variety peculiar to security-conscious folks to believe that the NSA is trying to pull a fast one here.
A backdoor concealed in a giant pile of source code might be possible, but it is certain to be discovered sooner or later. There is no guarantee that it would wind up on some system that the NSA would like to break into before it is discovered, and in fact it seems kind of unlikely. And they can only pull that stunt once, after which nobody would ever trust them with ‘hello_world.c’, let alone a major kernel subsystem.
Given the level of development effort that has gone into SELinux, one would have to believe that the NSA is capable of throwing away tens of programmer-years for an uncertain, but almost certainly small intelligence return. I don’t doubt they’d like a backdoor into every linux box on the planet, but I’m quite sure they’re not that stupid.
Jeff Craig • April 8, 2008 3:12 PM
SELinux is old news, it’s been around for years. It’s also a pretty solid system for adding some additional security capabilities that Linux doesn’t natively support.
The NSA might be the principle developer of SELinux, but there are other groups working on the code as well. The code is available for review, and the benefits that MAC can add under certain circumstances are pretty useful.
I don’t have any systems which require me to go through the trouble of setting up SELinux, but it’s always something that I’ve kept in mind.
gordon • April 8, 2008 3:13 PM
I’ve used SELinux for a few months now, and have become a convert. It’s not the kind of security system that provides a static “wall” around your system. It’s more like a toolkit that allows you (the administrator) to build your own defenses by giving you fine-grained control over who can access what. There’s a default set of rules which are pretty good (i.e. they provide a reasonably good additional layer of security, and more importantly they don’t get in the way too much), which is important since building your own policy is an enormously complicated task. There are also some pretty good tools that come with it.
Do I trust this “toolkit”? Yes, for several reasons. First, these tools are intended to be used on (among others) DoD computers that protect information important to national security, and so it’s in the NSA’s interest to help make those systems as secure as possible. Second, as others have pointed out, it’s open source and the code can be reviewed by anyone (including highly-motivated foreign adversaries)
Anonymous • April 8, 2008 3:56 PM
“It’s also a pretty solid system for adding some additional security capabilities …”
That’s something else that I don’t think whoever wrote the linked article realized: that it’s not a “version” of Linux but something you add — something can use in, say, Ubuntu.
https://wiki.ubuntu.com/SELinux
In fact, there are some files relating to it in a default install of Hardy Heron, as anyone running that can see by navigating to, say:
/usr/share/doc/libselinux1
Mike • April 8, 2008 3:56 PM
“It’s also a pretty solid system for adding some additional security capabilities …”
That’s something else that I don’t think whoever wrote the linked article realized: that it’s not a “version” of Linux but something you add — something can use in, say, Ubuntu.
https://wiki.ubuntu.com/SELinux
In fact, there are some files relating to it in a default install of Hardy Heron, as anyone running that can see by navigating to, say:
/usr/share/doc/libselinux1
no such... • April 8, 2008 3:58 PM
No such agency has released NSL, no such linux?
BSD • April 8, 2008 4:08 PM
OpenBSD baby!
jochem kossen • April 8, 2008 5:10 PM
Err Bruce? Do YOU trust it?
TimH • April 8, 2008 5:22 PM
My argument for trusting it would be that if someone did find a backdoor, the Trust-Us-We’re-the-Government issue would editorialised in the print rags for weeks.
A lot of people will amuse themselves looking for the backdoors, so there’s a realistic chance of one being found if fitted.
NSA can’t afford that loss of credibility. They wouldn’t take the risk.
Mace Moneta • April 8, 2008 5:33 PM
As others have mentioned, this is a Mandatory Access Control add-on subsystem for Linux, not a distribution of Linux.
I’ve been using this with Fedora since it was introduced (2004). The Fedora and Redhat folks have developed an extensive targetted policy that makes the use of SELinux almost completely transparent. SELinux also provides extensive auditing, necessary for almost any environment that takes security seriously.
Creating local policy to authorize non-standard software access is really trivial. There are many tutorials online (including at the Fedora Wiki). I think I spent a total of 30 minutes learning it. I use SELinux on all my home systems.
As far as trusting it, I obviously do. If I remember correctly, the kernel developers spent 3 years reviewing the code prior to accepting the kernel changes (which were modified for generic MAC software use).
I trust the Red Hat and Fedora security teams to have properly reviewed the user-space tools. The code is all open, and there are many people that live to find bugs in this stuff. No backdoors or other nasties have ever been reported.
In combination with the many other security layers in Fedora, I trust my systems to be as secure as I can reasonably make them.
Arancaytar • April 8, 2008 6:01 PM
All of us would trust software only if its code is public. We just assume that somewhere, someone will actually read all of it and declare the absence of backdoors – and that somewhere, someone else will do the same, and confirm it.
Does anyone actually sit down with the source and /do/ this?
jessta • April 8, 2008 6:22 PM
SELinux appears way to complex to me.
Reading the documentation about how to create policies is difficult enough, being about to verify for myself that the code is secure and not malicous would be impossible.
A good computer security system needs to be small, simple and easily verifiable.
Jeff Craig • April 8, 2008 6:41 PM
@Arancaytar: Does anyone actually sit down with the source and /do/ this?
Yes, there are security researchers that do this sort of thing. Most security researchers are particularly distrustful of the Government (the US Government in particular these days).
But either way, there are other ways this would potentially be uncovered. If the SELinux patches “phoned home” someone would quickly notice the bizarre traffic. And if there is a backdoor, someone would notice, because non-NSA people would be using it, the source also being available for bad guys to peruse and find the backdoor.
Stuart Young • April 8, 2008 7:18 PM
I’ve met a number of people who have worked on the SELinux code (many who were at LCA 2008, at which Bruce spoke). All of these people work for the distributions (eg: Ubuntu, Debian, RedHat, Novell, etc), and I’ve no reason NOT to trust them. Ergo, I trust it as much as I trust any other open source software.
Given that all the code and tools are GPL, there should be nothing hidden. It was given a LOT of scrutiny when it was originally proposed to be merged into the Linux Kernel ages ago, specifically for the sort of silly programming tricks that look like one thing and do another.
That said, it’s software. There are always bugs. The advantage of open source is that we can analyse the bugs at a much lower level because of access to the source, and maybe even do something about it.
Anton • April 8, 2008 7:23 PM
NSA can’t afford that loss of credibility.
They wouldn’t take the risk.
SELinux is very secure against everyone except those that hold the key to the back door. It’s NSA’s job to take on exactly these risks.
TimH • April 8, 2008 7:47 PM
@Anton: SELinux is open source, right? So the back door CAN be spotted. If a foreign government spots it, exploits it, NSA would look just a touch stupid don’t you think?
If t’was I, I would put the backdoor in a proprietary binary driver that most SELinux users would install with a wrapper.
Esurnir • April 8, 2008 8:07 PM
http://www.nsa.gov/selinux/info/faq.cfm#I16
Did anyone tried the :
#backdoor –help
command yet ?
Steve • April 8, 2008 8:26 PM
If this were a complete binary release of an OS to install, it would be different, but plenty of folks look at the source. So I don’t have any concerns about it having backdoors, etc.
There’s more to worry about in the compiler than SELinux. See ‘Reflections on Trusting Trust’.
That said, I just dislike SELinux, it’s cumbersome, to the point that plenty of people turn it off because it gets in the way.
2fewsecrets • April 8, 2008 9:21 PM
NSA, well first off, that is a SERIOUS level agency, that even failed as a result of bad policy, and bad Going Public, policy. Read the book. Damn, they almost learned, only to replaced a director who got the idea, but had to got to the CIA for XXX reasons. Reminds me of the computer program Life.
NSA, well second off, any high level security is a SERIOUS cat and mouse game. Mousetrap, a neat game, keep that in mind.
NSA, well thirdly off, the more security, the more expensive the remaining exploits. PROMIS is sure a tempting game to MAKE.
-read- < such a little picture. FBI view of putting up ‘answers’ and letting the hackers exploit the answers. Cause more problems than they solve. Too bad, you only let hoover suck the life out of the country.
SElinux, sorry charlie, I’d rather hookup with another OBSCURITY layer, that is simpler, that will do the wrong thing at precisely the right time, to DEPENDENCY, and nothing you can design around.
For some minds/institutions/groups; who can grok the whole, sure SElinux can help as a model, but as an example, NO, you are better off without it, and running a something something system, with serIOUS mods, and rampant understanding.
The NSA policy for many years, has really been poor! A director even said ‘NSA is in serious trouble…’ OFF, what do you expect? Crypto policy on DSS has been B A D, and caused more problems and distrust. IDIOTS. OSS a long time ago, internet and discussion, you would have been 100X further along, with infinite less funding…get the picture? Cared more about the tech, AS AN ESCAPE FROM SOCIETY, than your consumers. I challenge the NSA to write a full report to RAND group, and let it be critiqued, you might learn something. Then again, you might not. GRR. Security sure causes unintended consequences, as B.S. has written about here, FANCY that. Keep the faith B.S., but don’t be t o o o b v i o u s.
Jennifer • April 8, 2008 11:31 PM
NOT!
Guest12345 • April 9, 2008 12:55 AM
Have no opinion about SELinux, but I’m curious what government employees are doing creating GPLed code in violation of the law that all government created IP is public domain?
Lawrence D'Oliveiro • April 9, 2008 1:29 AM
There seem to be a lot of religious arguments over which security layer is best–which is why Linus Torvalds has so far resisted incorporating any one of them into the mainline kernel.
SELinux may be the most powerful, but it’s also the most complex. Novell is keen on AppArmor, which seems to be simpler to set up. And then there are other projects, like smack.
Isn’t choice wonderful. 🙂
Kanly • April 9, 2008 2:48 AM
Sure it might be bugged, but (1) if this is bugged then Vista is more bugged, and at least you can look at the source code. May not have time to do so but others may and it’ll be out there (2) Imagine if they did put in a backdoor and hackers found out about it and used it to break into Government computers (since presume every Government employee can’t be ‘let in on the secret’). Given security people tend to be very risk averse (it wouldn’t look good for their careers), I’d say unlikely they did this.
So: Sure, use it, solely because it is probably better than other versions of Unix and anything Microsoft makes. (Sorry Bill, but you know it’s true!)
D0R • April 9, 2008 3:22 AM
I’ll trust it after that the whole source code has been reviewed by a bunch of independent Linux developers.
Bryan • April 9, 2008 6:02 AM
As complex as SELinux is, administering it can be done in only minutes. Since it has been mentioned a few times in this thread…
You can run it in ‘permissive’ mode where it will log denials but not actually block anything. Then use the ‘audit2allow’ tool to automatically generate a policy based on those logs that will allow business as usual. You can hand tune that policy or blindly apply it with ‘semodule -i’.
Assuming your applications have had a chance to run (to generate audit messages) and your machine hasn’t already been compromised in the meantime, this will let you lock it down in two easy steps. Then just switch to ‘enforcing’ mode. (/usr/sbin/setenforce 1)
Colossal Squid • April 9, 2008 6:20 AM
Linked article is crap, as others have pointed out it’s an add-in available to distros, but not a distro in it’s own right.
It’s been available in Debian for a while, but is disabled by default.
An alternative if your tinfoil hat is too tight is Bastille Linux, also available as a Debian package.
Russell Coker • April 9, 2008 6:33 AM
It seems strange to me that we are still having these discussions after eight years.
Anyone who is intelligent enough to put a back-door in a system is probably not going to do it under their own name (anyone can use a gmail.com account to send in kernel patches) and they are probably not going to put it in systems that they use (the LSPP certification process that RHEL4 went through with SE Linux was to enable sales to the US Government).
I’ve been working on SE Linux for almost seven years now. The NSA code I’ve reviewed as part of this process has been of greater quality than the typical Linux source code – which of course makes it easier to read than it might otherwise be.
http://www.coker.com.au/selinux/play.html
If you find a bug in a random piece of Linux code then it won’t be a big deal. If you find a security bug in SE Linux then it will get significantly more attention. There are lots of people trying to break SE Linux in various ways. See the above URL about my SE Linux Play Machine for a current challenge (NB DOS attacks are out of scope).
Bruce, if you would like some background information on SE Linux development then send me a private email.
The Black Horseman • April 9, 2008 6:52 AM
If you are curious as to whether or not you should use SELinux, which is open source, perhaps you should first consider what closed source proprietary applications you use, since you cannot audit the code of those proprietary programs for yourself. So what programs are we talking about here? Let’s consider a few:
CLOSED SOURCE PROPRIETARY APPLICATIONS OFTEN USED ON LINUX:
- NVidia driver, graphics card
- Adobe Flash Player
- Opera, web browser
- RealPlayer
- AVG AntiVirus
These are but a few popular closed additions for Linux. Let’s look at this:
[1] Nvidia driver: Sure you don’t have to use it as you can use the default nv driver on most Linux but it won’t help you in running those nice looking games and multimedia applications, so most people install Nvidia’s closed graphics driver. Since it’s so common, what better method to exploit by a shadow organization than a popular graphics driver? Linux is sure? That depends what you’ve slapped on it.
[2] Adobe Flash Player: Weee, here we go, most Linux users who use the web today and want to belong to the popular stampede of today’s web apps use Adobe’s closed Flash Player. Again, because of the size of deployment (and the alternatives like gnash are still shitty at the moment) this is a likely vector, an almost universal one which doesn’t require a particular closed graphics card driver. Since it’s so common and since it kisses the web, my magic tin foil hat believes this to be a possible favorite back door target.
[3] Opera, web browser: I love how many people, even the site itself (at times?) claim this is the most secure browser or one of the most secure. How can any of us validate this statement, the fucking thing is closed source! I avoid this and many other proprietary applications on systems I value like the plague. If it’s not open, use it on a system disconnected from the rest and with nothing on it you value. Because we cannot audit these programs for ourselves, it doesn’t matter if we’re running Linux or not, they are possible attack vectors.
[4] RealPlayer: Any former Windows user should know enough to avoid this turd, based on the history of the company alone. Oh, but it’s so much sleeker leaner and without ads now! Sure it is, but you still cannot audit the source, can you? Until then, it doesn’t matter how sexy they make it. For this reason many people use mplayer and codecs or VLC media player.
[5] AVG AntiVirus: There are a number of antivirus programs which are proprietary and closed available for Linux from a few different companies, so I’m not singling AVG out here from the rest of them, just as an example since it’s one of the most popular. Do you really want to give a closed program access to all of your files? Especially with the history of malware using AntiVirus programs to attack and infect your system? The choice is yours.
I’m not condemning any of the above mentioned programs, but I’m pointing out some simple cautions, you may search the net for more information on your own, especially of mention of bad times for some of these programs in security as they existed on windows and still exist. History has shown that most proprietary applications hold most of the longest standing backdoors and other issues, often put there on purpose by its master or the developer’s government puppet master.
The next time you twirl your hair and spin on your heel with a heart spinning above your head and tell your Windows or Mac friends, “I don’t have to worry about X,Y,Z, I use Linux!” please be sure you are aware of the danger or potential danger of using proprietary applications on your system. You may rail against this all you like, but unless you can audit these programs for yourself and share with the community the findings with each version, please save the dribble.
Anonymous • April 9, 2008 7:18 AM
Fedora is probably a better distro to try the latest and greatest SELinux out since it moves faster than RHEL. Ubuntu recently announced that they were providing it as an optional feature (http://ubuntu-tutorials.com/2008/03/18/how-to-install-selinux-on-ubuntu-804-hardy-heron/).
Dan Walsh has been doing a lot of work on it for Redhat / Fedora. He has developed an xguest policy that allows you to give guests access to your machine while allowing them to do only a few limited things. He has also started work on confining Firefox, though that has a ways to go yet. You might find his blog interesting: http://danwalsh.livejournal.com/
SElinux can only be trusted as much as you trust the guy who takes care of the system. If you can’t trust the administrator to ensure that the security policy is enforced it’s worthless.
Dale Pontius • April 9, 2008 10:22 AM
A qualified No, with two objections.
First:
Though they say SELinux is not a silver bullet, in many respects it is not just A silver bullet, it is THE silver bullet, no other bullets need apply.
By that I mean that as delivered, for its “affected domain” SELinux tends to be incompatible with other options. You’ve got to do this and that the SELinux way, or it won’t work. Or at the very least, you’ve got to redo the labeling. For a system so complex that many are reluctant to deploy it as-delivered, to make it work on my systems I would have to start by redoing the labeling code.
What’s my problem? I’ve used bind-mounts to reorganize my disk structure into read-mostly and read-write volumes. I also take every service I can and run it as non-root inside a chroot. The standard SELinux labeling doesn’t handle bind-mounts, and I don’t believe it is set up to work with the chroots. I like layers, and don’t want to give that up in order to have 1 layer – SELinux.
Two:
SELinux works by removing permissions. It does it pervasively, but that engenders the attitude that you can just count on SELinux. So instead of taking the extra effort to run a service non-root, just run the service as root and count on SELinux for the “security layer.”
Philosophically, I’m far more interested in the capabilities work that keeps popping its head up, that lets you run your service as an ordinary user, and give it the extra set of capabilities it needs, like binding to a privileged port. I like the idea of “give none, then add as needed” rather than “give all, then take away all but what is needed.”
A non E. Mouse • April 9, 2008 3:55 PM
Mace Moneta • April 9, 2008 4:05 PM
@Dale Pontius: You’d like Fedora. Services are not run as root, and some are chrooted.
SELinux in Fedora has two policies, strict and targetted.
The one you say you don’t like is ‘targetted’ and is most suitable for desktop use. The one that works the way you want is ‘strict’ and is most suitable for server use.
Bind mounts should not be a problem if the directories and files are properly labeled.
Wiredidiot • April 10, 2008 8:23 AM
If it’s from the govt….I wouldn’t trust it.
Isn’t that sad?
Dale Pontius • April 10, 2008 9:35 AM
@Mace Moneta
From what I understand, the labeling does not work properly through the bind mount. In other words, you have to re-work the labeling in order to properly label things in their original, non bind mounted location.
I’ve fiddled with SELinux, though it was back in the days of strict-only, before targeted was available. I always bounced off, so it’s got a bit of a bad taste for me. Maybe it would be easier now, starting with targeted. But I’m still not fond of the idea of having to start with the unusual need to tweak the relabeling, when I’ve basically failed at SELinux more than once, already.
done • April 11, 2008 7:46 AM
Anyone can propose a patch to the developpement team of the standard vanilla linux kernel, think of it !
So, the NSA has the opportunity to make a covert operation inserting a backdoor inside.
So SElinux is safer than linux kernel for those who know to configure it properly.
HAL • April 11, 2008 2:39 PM
“The reason we put UAC into the (Vista) platform was to annoy users–I’m serious,”
David Cross, a product unit manager at Microsoft
I guess the NSA said the hell with you guys, who needs this crap!?
CipherChaos • April 12, 2008 2:41 AM
Since it’s GPL, I don’t have a problem with it philosophically.
That being said, my systems – including the Tor-to-I2P gateway I run – don’t use any such thing.
I’m much more for good, old-fashioned, common-sense system hardening – the kind done by each sysadmin.
Terry Cloth • April 13, 2008 1:39 PM
@Guest12345: “all government created IP is public domain?”
If it is PD when written (I’m not sure), then as soon as someone gets their mitts on it and puts version G.0 under GPL (PD means you can do that), then any derivatives of /that/ particular version are themselves GPL. Someone else is welcome to take the original, PD, version and do what they will, but they can’t combine it with version G.0 or its derivatives without making /it/ GPL.
So, its PD-ness as released from NSA is moot.
@StrawberryCupcake: “relentless pushing on lkml by SELinux developers for the LSM (Linux security framework) hooks to be removed”
I have no opinion (nor am I competent to hold one) on this, but those looking for info may want to check out an LWN article:
``The future of the Linux Security Module API''
http://lwn.net/Articles/180194/
19 April 2006.
RevolvingIdiots • April 15, 2008 11:35 AM
Bruce, sure would be nice to have an article on 54, the Mans cyber initiative, directive 54, see 04-15-2008, slashdot article.
Point: 30 billion dollars, as a way to get the private sector involved? GRR.
The worst are full of passionate intensity [spending and looting] while the best lack all conviction [at seeing all this]
Oh well. POINT: reminds me of SELinux.
toto • May 11, 2012 1:17 AM
I have to suspect it’s much like the Greeks presenting a gift to the Trojans. Is it really worth the risk. Burn it.
kerhun • September 7, 2013 11:36 PM
Hi
I am wondering what the posters think after the current Snowden revelations?
Nanny Mouse • August 20, 2014 12:34 PM
Man, don’t a lot of you look like fools now with the Snowden information releases.
C U Anon • August 20, 2014 1:12 PM
Nanny Mouse :
Have you actualy read the comments or are you just trolling?
name.wirhheld.for.obvious.reasons • August 20, 2014 1:24 PM
@Nanny Mouse
As well you. Your contribution epitomizes the lack of integrity and foolishness that becomes hubris. It must be the skill set of arses possess that makes your comment possible. And, if you believe anyone that frequents this blog isn’t in the know, your attitude is only exceeded by your ignorance.
Nick P • August 20, 2014 6:00 PM
@ Nanny Mouse
Most of their comments are correct even post-Snowden, esp Jeff Craig. It’s a GPL tool to add MAC isolation to Linux which has proven benefits and which NSA uses internally. NSA still can crack the system because they hit layers it doesn’t protect. So, it provides benefit against accidental leaks and run of the mill malware without stopping NSA hackers. One of what I call their “win-win” approaches where it benefits both their functions: SIGINT; COMSEC.
If anything, it shows NSA work wasn’t all bad for us. It’s just not good enough (intentionally). The funny part is it was more secure than almost every commercial and open OS at the time. How developers build software practically does NSA’s work for them.
And more irony is the economics of 0-day hunting meant people using a commercial or OSS alternative might be more at risk as sploits go up with popularity. They avoided the security-enhanced, obscure product NSA pushed only to get hit by a NSA 0-day on an even easier target. Truth is, though, all the options were risky because they arent rated High Robustness. That’s minimum to beat a TLA and whole system must meet the standard.
nobo • August 28, 2014 2:03 PM
First of all, something NOBODY ever seems to mention: on any SELinux distro (which is pretty much all of them now), do
$ strace bash
OK? Even if you “disable” SELinux, that NSA code is tangled up in many, many of the applications you routinely run. Your library dependencies are tied up with that NSA code, and there’s NOTHING YOU CAN DO ABOUT IT.
As to FOSS code review, have YOU reviewed the code? And are YOU a strong enough coder to catch any and all backdoors? Have you won the OCC in the last decade? You that good?
No? So, what you’re really saying is, “oh, SOME OTHER GUY is going to review that code and make sure there are no backdoors, and THAT OTHER GUY is a super-programmer”.
Well, that guy isn’t there. It’s a handful of people, and the NSA.
As to the argument “yawn, NSA can hack so many other layers, why would they bother?”, I give you this:
http://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/
So, they would bother, because they want it ALL.
For home use, install a distro that doesn’t have this crap. When you’re in the workplace, oh well, the corporation will get exactly what it deserves, won’t it?
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
wiredog • April 8, 2008 1:33 PM
Why not?
It’s open source. GPL.
Sure, if you’re paranoid you can wait for others to vet it for backdoors. If you’re really paranoid you can code review it yourself.
Unlike other secure operating systems (with the exception of OpenBSD) all the code is there for you to play with.