Re: The NSA's Security-Enhanced Linux

["Michael H. Warfield" <mhw () WITTSEND COM>]

On Fri, Dec 22, 2000 at 12:46:32PM -0700, Scott D. Yelich wrote:
> On Fri, 22 Dec 2000, Michael H. Warfield wrote:
> >     Huh?  What was this?  A troll?  Must have been.  Nobody could
> > be that clueless...  Ok...  Let's nibble...

> no.  There is no need to insult.  I was not trolling and I am
> seriously interested in the question I posed.  You really did
> not address it, completely.

        I'll withdraw the insult since there seems to be the possibility
that a misinterpreted at least one of your statements (gee, that only
happens about once or twice a day...  ;-) ).

> >     The government seem to feel that it makes a lot MORE sense to
> > trust something that they have the sources for and that they don't
> > have to be held captive to a vendors path and fixes and support (or
> > lack thereof).
> >     My God!  Look at the mess Microsoft had in the version 1 security
> > service provider.  That wasn't getting fixed until the Samba team started
> > kicking over those rocks and exposed it for the joke that it was...

> Linux vs mickeysoft?  Well, I agree with you there.  But, then, I guess
> that's why the government and military has standardized on windows, eh?
> Don't we all know how well mickeysoft likes the Samba team and its
> product?  Why even dream of interopability when you can't even get
> compatibility between components of the same operating system.  Lets
> just not go there, ok?

        Well...  MS and the Samba Team (I'm a member and helped Luke
with that little cracking project) are at an tenuous truce.  They
have to admit that the results have improved their product and they
even provided us with the specs to the SSP version 2 at a CIFS
conference.  We're not their favorite people, for sure, but they do
respect us and invite us to those conferences (honored guests, no less).
Yes, and one day the horse may sing...

> I'm seriously not advocating windows or linux.  I'm simply asking if
> anyone views the selinux as anything more than a demo.  That is, should
> it be trusted?  The docs seem to indicate that it's mostly a proof of
> concept demo.  Will it one day mutate into something that is trustable?

        Trusted?  No.  It should be verified and anything worth while
should be incorporated into the Linux system to improve it.  I don't
think anyone is saying to "trust it".  Most of us are saying, great,
more contributions to the code base.  Let's take advantage of their
hard work and see what they've done.  I don't expect anyone to "trust"
the code that I write in either a closed source or open source environment.
Quite often they do, but I would just as soon see it code reviewed and
evaluated.

        Your original comment left me with the impression that you were
amazed than anyone would trust Linux (not the government or the NSA
or selinux).  Now you are saying that you are "simply asking if anyone
views the selinux as anything more than a demo".  That's not what I
got out of reading your first message.  To answer THAT question, I
would reply, yes, it is much more than a demo.  It is a proof of
concept with working code attached.  We don't trusted it or use it,
but we can experiment with it, test it, improve upon it, and incorporate
the good things we like into the mainstream code.  That's one hell of
a lot more than a demo in my book.

        My original remark was to point out "and the alternatives are?"
Closed source alternatives are worse.  Hardened systems (like the
Harris Blackhawk series) are outragiously expensive and derive more
security through their scarcity (IMHO) than anything else.  Could
you fix a Blackhawk system if someone discovered a way to break into
it?  Could you afford one?  (Point to note...  I'm not sure if the
Blackhawks, which were B1 evaluated systems, are still in production,
they were when I worked at Harris/Lanier a little over 10 years ago.)
I've been involved in fixing several Linux problems.

        So you can't trust closed source systems and probably can neither
afford nor trust top of the line "hardened" systems.  What's left...
FreeBSD is no more secure than Linux and OpenBSD just had a remote
root exploit exposed and OpenBSD is not top flight as far as performance
and scalability goes.  The manpower that is going into Linux development
is an order of magnitude higher than either of those two projects.
Linux sounds like a sensible choice here.

        If this HAD been a closed source project by the NSA, THEN it really
would be nothing more than a demo, because WE would not be able to do
anything more with it than run it as a demo.  That's not the case here
were we have the sources.

> Did people trust the FBI DDoS scanner?  Will they trust NSA code? Yeah,
> sure, the FBI refused to release the source for their code and its
> execution was traced inside and out -- but I'd still wonder.

        I'm a member of InfraGuard.  It's been amusing to jerk the
chains of my FBI buddies over that one.  They just smile and nod their
heads and chant, yeah, we know, it wasn't our decision.  They know they
would have been miles ahead if they had released those sources.  Now
the NSA has just handed me a new clue-by-four to pound Harold and David
over at the FBI over the heads with.  :-)  Life is good.  :->  The best
things in life are free, like free shots at the expense of one government
agency provided courtesy of another one.  :-)  And they know it's coming
when they see me coming.  :-)=)

> In the eyes of the government and these agencies, it's the good guys
> (ie: them) vs the bad guys (ie: that'd be anyone who's not them, and
> perhaps even themselves).  To me, that's a very scary mentality.

        It's also one that's, fortunately, not universal.  You keep in
mind that the first job of any organization (like any other organism)
is to insure it's own survival, and you keep a copy of the Art of War
in your back pocket and the back of your mind, and then you wade in there
and deal with them.

> >     Solaris is rather precious, too...  Took Sun over a year to fix
> > the rsh hole that Alan Cox reported to them.  Took them over 9 months
> > to finally tell me that there would be no fix for the NISNuke problem
> > and that they recommended installing open source versions of the finger
> > daemon (they really made that recommendation).

> Did I ever mention out of the box security of Solaris, linux or windows?
> It seems to me that most systems need quite a bit of "fixing" if not a
> whole heck of a lot of configuring.

        Yeah as a matter of fact you did, or did I misread what you wrote?

        "It frightens me to think that anyone would trust linux :-> but,
alas, who knows."

        That sounds like a pretty generic statement to me.  Now...  I
now CAN see two interpretations out of it.  Were you meaning to say that
it frightens you that the government values Linux enough to develop a
trusted platform based on it or were you saying that it frightens you
that anyone would trust a trusted platform based on a government
developed security enhanced Linux?  Or were you meaning to say, what
it sounded like, that you thought that Linux had the crappiest security
and was worthless from a security standpoint?

> >     Frightens me that anyone would trust a closed source operating
> > system for security.  :->

> Exactly.  Lets hear it for the government, eh?

> Anyway, what closed OS are you referring to?  Solaris is hardly closed.

        Up until recently, Solaris was very closed.  I worked very closely
on Sparcs and Solaris and even was provided with some limited kernel code
and circuit diagrams to figure out a problem in the audio subsystem on the
Sparc 5s.  At that time, my buddy kernel jock at Sun advised me to keep
my SunOS CD's handy for repairing the damage whenever I got Solaris
device drivers crosswise and had to boot the machine from CD to repair
it.  The SunOS boot CD was much better for recovery than the Solaris
one was.  My drivers ultimately did some tricks with the keyboard queue
that even Sun wanted to know about and wanted to know how I figured out
without the kernel sources.  Things have gotten better, on that front,
and they are one hell of a lot better that MS.  But they are NOT
OpenSource.  At least, not yet, not fully.

> At least, it's a whole heck of a lot more open than mickeysoft,
> until/unless some jokers release the code they they might have stolen
> from mickeysoft.  On problem I see with this is that it would mostly be
> useless as one has to upgrade so often with windows, and who knows
> what's actually going on with the code.  mickeysoft will go the way  of
> apple, at some point in time.  Of course, with Bush as president, they
> almost get a reprieve to steal more from the consumer.  Anyway...

        We shall see...

> >     (A trolling we will go, a trolling we will go, a hie ho the
> > merry'o, a trolling we will go...)

> h0h0h0

> I am serious.  Were you?  Except for the clueless part, I refer you
> back to your first paragraph in your response.

        Dead serious.  From experience.

> Scott

        Mike
--
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!