Would You Use SELinux? 65
silent_tyr asks: "I am going to re-install my Linux box and being security conscious I am looking for a secure distribution. After a couple of Google searches I found a version called Secure Linux, which sounded ideal. So I followed this link, which turned out to be what I assume is a genuine NSA web-site. All in all, it looks like a good idea and I can play around with it as I wish, but eventually I will be using this machine as my base-system. So before I start I want to ask two questions:
1) Do you think that it is a good idea to trust the NSA not to put in back-door/spy-ware type code to enable them to snoop my personal information? 2) What other security-patched distro's can people recommend? I don't want to open up the floor for generic NSA-bashing, but I also don't want to have to work my way through every line of code before I install." There was a similar question that was asked a while ago, but there wasn't much to the discussion. For those of you who are running SELinux, what have your experiences been, so far?
Are you serious? (Score:2, Funny)
SELinux? (Score:4, Funny)
Re:SELinux? (Score:5, Insightful)
Since I live in the real world (tm) I just use Slackware. I reckon I can trust Pat not to fuck with my system :-).
Re:SELinux? (Score:2)
Dude, this is probably the best comment I've heard on slashdot
Re:SELinux? (Score:1)
Re:SELinux? (Score:1)
What? (Score:3, Interesting)
Do you think that it is a good idea to trust the NSA not to put in back-door/spy-ware type code to enable them to snoop my personal information?
Am I mistaken, or is SE Linux not a source distribution?
GPL'd source guarantees that nothing lives in your kernel that you cannot examine as much as you like for backdoors.
It's a powerful guarantee, one that cannot be made of many commercially produced operating systems, whether they are called "secure" or anything else.
Re:What? (Score:5, Informative)
Re:What? (Score:3, Insightful)
From the post:
I also don't want to have to work my way through every line of code before I install.
Re:What? (Score:1)
Re:What? (Score:5, Insightful)
Re:What? (Score:5, Insightful)
Re:What? (Score:1)
So you mean I can't just do:
Have to agree Winter. (Score:3, Insightful)
Additionally, all this is in the realm of seriously expert shit. If the NSA put in a backdoor like
if (connecting_socket->IP == 152.63.39.37) {
connecting_socket->priv_level = GODLIKE;
}
You're in luck.
In most oth
Re:What? (Score:1, Informative)
Am I mistaken, or is SE Linux not a source distribution?
How about reading the link you are given?
Security-enhanced Linux is being released under the same terms and conditions as the original sources. The release includes documentation and source code for both the system and some system utilities that were modified to make use of the new features. Participation with comments, constructive criticism, and/or improvements is welcome.
Re:What? (Score:4, Informative)
Not quite.
(1) It's not just your kernel...
(2) Sure, you could spend weeks browsing through the source by yourself (and probably not find any backdoors even if they do exist).
(3) Having a source distro in itself doesn't guarantee that said source hasn't been tampered with. I seem to remember there was something like this that came up a few months ago with sendmail where somebody (IIRC) had replaced the source tgz file on some servers. If people do not check MD5sums at the original point of distribution then sooner or later they're going to get their fingers burnt.
Re:What? (Score:5, Insightful)
you could spend weeks browsing through the source by yourself (and probably not find any backdoors even if they do exist).
Me (an average good C programmer) and hundreds of others (that are average good C programmers with good networking experience) would stand a reasonable chance of finding something.
In fact, if you are in the computer security business, uncovering a backdoor like this would be a real feather in your cap, look good on your resume, and help you drum up more business, so there's definitely motivation for people to look closely at the NSA code, not just for backdoors, but for any kind of flaw that could potentially compromise security.
Critical (almost hostile!) code review like that is going to do a lot better job than a more friendly limited internal review at Company X, where Marketing wants to ship the product yesterday.
check MD5sums at the original point of distribution
You bring up a good precaution, checking the MD5 sums, especially in light of the trojan distribution problem that happenned with (SSH?,SSL?) last year.
But I've always thought it was silly to check MD5 sums for tarballs from the same point of origin.
If I were a trojan writer, I'd change the webpage so that the MD5 sum displayed was in sync with my malware.
Getting independent verification of the MD5 sum from a different source is better; checking a PGP signature is better still.
Finally, from a political perspective, it would Look Bad if someone managed to hack into nsa.gov and replace chunks of their site. I'd expect NSA sysadmins to pay closer attention to securing their site than average sites.
Re:What? (Score:1)
Re:What? (Score:1)
GPL'd source guarantees that nothing lives in your kernel that you cannot examine as much as you like for backdoors.
...and you think the NSA couldn't code a backdoor that would go unseen by the average linux user?
Re:What? (Score:3, Interesting)
Not when you can't trust the compiler (Score:4, Insightful)
The moral is obvious.
You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.
Re:What? (Score:4, Funny)
Re:What? (Score:1)
EnGarde Linux (Score:5, Informative)
Also, LinuxSecurity [linuxsecurity.com].com is a very helpful and informative site.
Alternative options (Score:5, Informative)
grsecurity [grsecurity.net]
LIDS [lids.org]
As far as the NSA planting a back door into SELinux, I really doubt it. A backdoor in open source code would be discovered eventually, and the NSA would have a very hard time denying it.
It seems much more likely that they would put back doors into closed source products, which do not receive as much scrunity.
Re:Alternative options (Score:2)
Re:Alternative options (Score:2)
I second the recommendation for LIDS. I've been using it for the last couple of years.
It's a bit of a pain to install, but it's worth it. Even a root compromise in, say, named means that the black hats can only touch the files that I've explicitly said named can touch.
I've never heard of anybody getting around it, but even if they eventually could, I'd still keep it. It seems the quality of hackers has dropped off since my youth; the breakins I've taken a look at have often been stopped by very mino
Regarding NSA backdoors (Score:5, Insightful)
But as to NSA backdoors, honestly, how much intel would they gather from the handful of people who would install SELinux? Wouldn't it make way more sense to crack into Microsoft's source code (if a Russian hacker could do it, well, I'm sure they can) and do it in a closed-source, widely adopted OS?
Hey, I'm as much a conspiracy theorist as the next mildly-intelligent person who sees strings pulling the marionettes in our government. But it ultimately comes down to a resource allocation issue. Why bother when there's so much more to be gained with the same (or less, if you consider the need to somehow disguise the backdoor in open code!
Now about those microwave towers...
NSA already has your keys (Score:4, Interesting)
Seriously I work in the security field, and have worked closely with all kinds of govt. operatives from local, state national and even foreign groups in my various and sundry dealings. Nobody and I mean NOBODY has the smarts/ ability / computational facilities as the NSA. The only other group I hold in such extreme regard is Mosad [globalsecurity.org]
Re:NSA already has your keys (Score:4, Interesting)
That's very nice to say, but there's a WORLD of difference between being incredibly competent and being incredibly trustworthy.
I in no way intend to imply that the two are mutually exclusive, but there is no correlation between the two. And what's important in this case is the trustworthy aspect. I, like many Americans, don't have that much trust in the government. It's one of the great things about our country. (Skepticism, that is; it keeps us on our toes...)
Re:NSA already has your keys (Score:3, Insightful)
Lets be honest I know that Mossad could come up with legal documents proving you are my 3 year old daughter.
AND I know that the NSA could show my direct email correspondence to Lenin himself.
AND I, especially being in the security business, am paid to be paranoid ( which I would be even if I wasn't in the security field) after all just because you are paranoid doesn't mean they aren't really after you. What I am saying is there are 30 big ugly guys standing outsi
Yeah, go ahead. (Score:5, Insightful)
IMO, the bigger question is: "will the extra security measures get in the way of doing what you need to do?" And probably the corollary: "If you're going to have to disable any of those features, is it still worth using this distribution?"
self-defeating... (Score:5, Interesting)
Hum, so you ask us, who you don't know, which developers, who - in most cases - you nor we know either -, to trust? Maybe you are an NSA agent in search of backdoor-free distributions? Why should we trust you, sir?
Seriously, short of a full code audit, you can never be sure. Security is a process, and not something you can install. I thought that was commonplace around here.
So, use OpenBSD already... (Score:5, Interesting)
Does it -have- to be Linux?!?
SDF (the free shell-provider) switched -from-
Linux... after a security breech...
OpenBSD is claiming to have had:
"Only one remote hole in the default install,
in more than 7 years!"
That's not too bad IMO.
And... if you -really- itch for Linux...
you can always put it on a box -this-
side of an OpenBSD box (ie away from
the Internet...)
Differing security goals (Score:2)
More along the lines of breaking the dependancy to give elevated privs (admin) to get anything done on a machine.
The BSD's may have the features that a person needs in their applications.
Re:So, use OpenBSD already... (Score:1)
They switched to NetBSD which has no more security features that your standard linux distro.
Choices (Score:4, Insightful)
Linux is Linux (Score:2)
It's a modification of a standard distro, so... (Score:5, Insightful)
% man diff
SELinux Backdoor Found (Score:5, Funny)
excuse me, there's some at the door. brb.....
thers no suh thig as backdoor in seLinux, he was joking.
Yes. (Score:1)
Gentoo SELinux (Score:3, Informative)
See
http://www.gentoo.org/proj/en/harde
for details on installing.
Or dig on the mailing lists for a recent post to gentoo-dev about it for a lot more information.
Debian too (Score:4, Informative)
So, that's at least two major community-oriented distros that have found SELinux worth offering on at least an optional basis; two communities of sometimes-paranoid developers that have probably at least scanned for obvious backdoors. Given that, I suspect that SELinux can probably be considered reasonably safe. (At least as safe as anything else available with your system: when was the last time you reviewed KDE or GNOME for potential backdoors?)
You can ssh into a gentoo SELinux machine as root (Score:2)
Simply ssh into that machine as root (password is gentoo). It's uncanny. You can't see the apache processes with "ps". You can't do much, really. It's probably too secure to be useful as a workstation, more of a single-task production server.
I'm glad I tried it, but I certainly won't be using SELinux, I should try all those grsecurity options at the bottom of the kernel config some time though.
National SECURITY Agency (Score:2)
It coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the Government.
It's actually in their public duty to create something like SELinux. If you go to their front page, they have links to many guides on how to
Re:National SECURITY Agency (Score:2)
Man, I'm Jealous (Score:1)
If I did have stuff the NSA might be interested in, I sure would not put it on a computer that was connected to the internet.
Just mainly kernel patches (Score:2)
From their FAQ [nsa.gov]:
Yes... (Score:2)
Yes, given that...
Now, granted, a backdoor could exist, but it could equally well exist in any other distri
firewall (Score:1)
you assumed? (Score:2)
It is nsa.gov, and you had to ASSUME it was legit? do you think our spies have a sense of humor or something?
NSA and trusted systems (Score:1)
The NSA has done a lot of reputable work on building trusted systems - if I recall correctly, it was the NSA that published the Rainbow Series. I worked on an NSA-funded project to develop a trusted OS (Trusted Mach) for several years.
There seems to be several distinct groups within NSA. The infosec guys are generally ok; so are the foreign intel linguists. It
Easier, Better Way for NSA To Get a Linux Backdoor (Score:2)
If the NSA wants to get a backdoor into Linux, there are easier and more traditional ways to do it. A sufficient amount of money passed to the appropriate developers and commercial Linux vendors would do the trick quite nicely.
It will be fine (Score:1)
Chill. (Score:2)
Re:Sounds like you'd be better off elsewhere (Score:1)
Administration of SE Linux is still a hell (Score:1)
SE linux - Enter the pomygranite (Score:1)
Start with the assumption that all software has vulnerabilities.
Given enough resources everything is vulnerable.
Properly implemented SE linux reduces the risk of byzantine failure of the system.
Most people tend to think of layered security as being effective. SE linux allows the implementation of an encapsulated security policy, think of the internal structure of the pomygranite. IBMs gcc patch is also a good step in this direction however this merely eliminates a