Vulnerability Development mailing list archives
Re: The NSA's Security-Enhanced Linux
From: "Michael H. Warfield" <mhw () WITTSEND COM>
Date: Fri, 22 Dec 2000 15:56:04 -0500
On Fri, Dec 22, 2000 at 12:46:32PM -0700, Scott D. Yelich wrote:
On Fri, 22 Dec 2000, Michael H. Warfield wrote:Huh? What was this? A troll? Must have been. Nobody could be that clueless... Ok... Let's nibble...
no. There is no need to insult. I was not trolling and I am seriously interested in the question I posed. You really did not address it, completely.
I'll withdraw the insult since there seems to be the possibility that a misinterpreted at least one of your statements (gee, that only happens about once or twice a day... ;-) ).
The government seem to feel that it makes a lot MORE sense to trust something that they have the sources for and that they don't have to be held captive to a vendors path and fixes and support (or lack thereof). My God! Look at the mess Microsoft had in the version 1 security service provider. That wasn't getting fixed until the Samba team started kicking over those rocks and exposed it for the joke that it was...
Linux vs mickeysoft? Well, I agree with you there. But, then, I guess that's why the government and military has standardized on windows, eh? Don't we all know how well mickeysoft likes the Samba team and its product? Why even dream of interopability when you can't even get compatibility between components of the same operating system. Lets just not go there, ok?
Well... MS and the Samba Team (I'm a member and helped Luke with that little cracking project) are at an tenuous truce. They have to admit that the results have improved their product and they even provided us with the specs to the SSP version 2 at a CIFS conference. We're not their favorite people, for sure, but they do respect us and invite us to those conferences (honored guests, no less). Yes, and one day the horse may sing...
I'm seriously not advocating windows or linux. I'm simply asking if anyone views the selinux as anything more than a demo. That is, should it be trusted? The docs seem to indicate that it's mostly a proof of concept demo. Will it one day mutate into something that is trustable?
Trusted? No. It should be verified and anything worth while should be incorporated into the Linux system to improve it. I don't think anyone is saying to "trust it". Most of us are saying, great, more contributions to the code base. Let's take advantage of their hard work and see what they've done. I don't expect anyone to "trust" the code that I write in either a closed source or open source environment. Quite often they do, but I would just as soon see it code reviewed and evaluated. Your original comment left me with the impression that you were amazed than anyone would trust Linux (not the government or the NSA or selinux). Now you are saying that you are "simply asking if anyone views the selinux as anything more than a demo". That's not what I got out of reading your first message. To answer THAT question, I would reply, yes, it is much more than a demo. It is a proof of concept with working code attached. We don't trusted it or use it, but we can experiment with it, test it, improve upon it, and incorporate the good things we like into the mainstream code. That's one hell of a lot more than a demo in my book. My original remark was to point out "and the alternatives are?" Closed source alternatives are worse. Hardened systems (like the Harris Blackhawk series) are outragiously expensive and derive more security through their scarcity (IMHO) than anything else. Could you fix a Blackhawk system if someone discovered a way to break into it? Could you afford one? (Point to note... I'm not sure if the Blackhawks, which were B1 evaluated systems, are still in production, they were when I worked at Harris/Lanier a little over 10 years ago.) I've been involved in fixing several Linux problems. So you can't trust closed source systems and probably can neither afford nor trust top of the line "hardened" systems. What's left... FreeBSD is no more secure than Linux and OpenBSD just had a remote root exploit exposed and OpenBSD is not top flight as far as performance and scalability goes. The manpower that is going into Linux development is an order of magnitude higher than either of those two projects. Linux sounds like a sensible choice here. If this HAD been a closed source project by the NSA, THEN it really would be nothing more than a demo, because WE would not be able to do anything more with it than run it as a demo. That's not the case here were we have the sources.
Did people trust the FBI DDoS scanner? Will they trust NSA code? Yeah, sure, the FBI refused to release the source for their code and its execution was traced inside and out -- but I'd still wonder.
I'm a member of InfraGuard. It's been amusing to jerk the chains of my FBI buddies over that one. They just smile and nod their heads and chant, yeah, we know, it wasn't our decision. They know they would have been miles ahead if they had released those sources. Now the NSA has just handed me a new clue-by-four to pound Harold and David over at the FBI over the heads with. :-) Life is good. :-> The best things in life are free, like free shots at the expense of one government agency provided courtesy of another one. :-) And they know it's coming when they see me coming. :-)=)
In the eyes of the government and these agencies, it's the good guys (ie: them) vs the bad guys (ie: that'd be anyone who's not them, and perhaps even themselves). To me, that's a very scary mentality.
It's also one that's, fortunately, not universal. You keep in mind that the first job of any organization (like any other organism) is to insure it's own survival, and you keep a copy of the Art of War in your back pocket and the back of your mind, and then you wade in there and deal with them.
Solaris is rather precious, too... Took Sun over a year to fix the rsh hole that Alan Cox reported to them. Took them over 9 months to finally tell me that there would be no fix for the NISNuke problem and that they recommended installing open source versions of the finger daemon (they really made that recommendation).
Did I ever mention out of the box security of Solaris, linux or windows? It seems to me that most systems need quite a bit of "fixing" if not a whole heck of a lot of configuring.
Yeah as a matter of fact you did, or did I misread what you wrote? "It frightens me to think that anyone would trust linux :-> but, alas, who knows." That sounds like a pretty generic statement to me. Now... I now CAN see two interpretations out of it. Were you meaning to say that it frightens you that the government values Linux enough to develop a trusted platform based on it or were you saying that it frightens you that anyone would trust a trusted platform based on a government developed security enhanced Linux? Or were you meaning to say, what it sounded like, that you thought that Linux had the crappiest security and was worthless from a security standpoint?
Frightens me that anyone would trust a closed source operating system for security. :->
Exactly. Lets hear it for the government, eh?
Anyway, what closed OS are you referring to? Solaris is hardly closed.
Up until recently, Solaris was very closed. I worked very closely on Sparcs and Solaris and even was provided with some limited kernel code and circuit diagrams to figure out a problem in the audio subsystem on the Sparc 5s. At that time, my buddy kernel jock at Sun advised me to keep my SunOS CD's handy for repairing the damage whenever I got Solaris device drivers crosswise and had to boot the machine from CD to repair it. The SunOS boot CD was much better for recovery than the Solaris one was. My drivers ultimately did some tricks with the keyboard queue that even Sun wanted to know about and wanted to know how I figured out without the kernel sources. Things have gotten better, on that front, and they are one hell of a lot better that MS. But they are NOT OpenSource. At least, not yet, not fully.
At least, it's a whole heck of a lot more open than mickeysoft, until/unless some jokers release the code they they might have stolen from mickeysoft. On problem I see with this is that it would mostly be useless as one has to upgrade so often with windows, and who knows what's actually going on with the code. mickeysoft will go the way of apple, at some point in time. Of course, with Bush as president, they almost get a reprieve to steal more from the consumer. Anyway...
We shall see...
(A trolling we will go, a trolling we will go, a hie ho the merry'o, a trolling we will go...)
h0h0h0
I am serious. Were you? Except for the clueless part, I refer you back to your first paragraph in your response.
Dead serious. From experience.
Scott
Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- The NSA's Security-Enhanced Linux Ralf-Philipp Weinmann (Dec 21)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 22)
- Re: The NSA's Security-Enhanced Linux Michael H. Warfield (Dec 22)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 22)
- Re: The NSA's Security-Enhanced Linux Michael H. Warfield (Dec 22)
- Re: The NSA's Security-Enhanced Linux Michael H. Warfield (Dec 22)
- Re: The NSA's Security-Enhanced Linux M Schubert (Dec 22)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 22)
- <Possible follow-ups>
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 22)
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 25)
- Re: The NSA's Security-Enhanced Linux Dom De Vitto (Dec 26)
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 27)
- Re: The NSA's Security-Enhanced Linux Timothy J. Miller (Dec 28)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 29)
- Re: The NSA's Security-Enhanced Linux M.Schubert (Dec 29)
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 29)
- Re: The NSA's Security-Enhanced Linux geoffrey (Dec 29)