Re: The NSA's Security-Enhanced Linux

[Neal Dias <NDias () SUNGLASSHUT COM>]

I'm sorry, maybe you're familiar with Scott and know something I don't, but
I didn't see any mention of OpenBSD anywhere in either of his posts?

And I'll agree with you about OpenBSD, however as I said, not "out of the
box", and after you crank up your IPfilters, then I would maybe consider it
"secure", not "trusted". And Scott's original question was whether or not
SeLinux would evolve into something "trustable". I was not aware that
OpenBSD was considered a "trusted" OS. And you are correct, of all the
"free" OS's out there, I would consider OpenBSD the most secure "out of the
box", however we weren't originally talking about free OS's, I think
Scott's reference to Pitbull illustrates that.

Also, ok, I'll agree, Sun is taking steps towards being open, and while
Sun's Foundation source has been recently made available to just about
anyone, quite frankly I overlooked the fact that you could obtain it in the
past with an academic site licence, which someone pointed out to me in
another email. My bad.

As M. Shubert pointed out, let's remember that the NSA was not touting
SeLinux as a "trusted" solution, but a "security enhanced" linux.

And Dom, I'll agree, by all means, lets check this out, see what it can do,
see what the community can do to improve it, and see what happens. To just
repeat Michael and M. Shubert here, and I think we would all agree on this,
no system is considered as "trusted" without documented auditing being
performed. Even then we keep a wary eye out for signs of trouble. Implicit
trust is something I would speculate most of us do not have in any system.
A certain amount of paranoia is inherent in what we do, some of you out
there more than others, and for good reason.

Well we've kicked this around quite a bit, we've covered Scott's original
question concerning SeLinux, as I said, the website answered most of those
questions. And speaking for myself, fired a couple shots in reply to his
olfactory displeasure with Linux. =)
At this point, we try it out, be thankful for the addition to the code
base, and see where it takes us.

Once again I would just say I'm pleased to see that the NSA decided to make
this available, it's certainly added another facet to an already
interesting OS. And while not everyone out there likes Linux or finds it
interesting, those of us who do, can be appreciative of the hard work the
NSA guys put into this project. Speaking of those guys, we've been bandying
this about, anyone out there that's involved in the project care to address
any of this?

Neal




                    Dom De Vitto
                    <dom () DEVITTO COM>         To:     VULN-DEV () SECURITYFOCUS COM
                    Sent by: VULN-DEV         cc:
                    List                      Subject:     Re: The NSA's Security-Enhanced Linux
                    <VULN-DEV@SECURITY
                    FOCUS.COM>


                    12/26/00 07:21 AM
                    Please respond to
                    Dom De Vitto





I think Scott's point uses OpenBSD as a baseline, which is darn secure
'out-of-the-box', compared to just about any other free OS.
(none of which, IIRC, have been and are regularily 100% security audited)

 | From: VULN-DEV List [mailto:]On Behalf Of Neal
 | Dias
 | Scott D. Yelich" <scott () SCOTTYELICH COM wrote:
 | >It frightens me to think that anyone would
 | >trust linux :-> but, alas, who knows.  Maybe is enough  sugar is
 | >poured on top, it just won't continue to smell so bad.
 |
 | That's a pretty strong statement wouldn't you say? Sounds to me as if
you
 | wouldn't advocate linux
 |  in ANY circumstance. Am I reading and interpreting it wrong? To say
that
 | something stinks, and
 | maybe adding features to it will improve the smell, sounds like you
think
 | it's "a bad thing" at its core.
 |
 | You seem to be back peddling here.
 |
 | >Did I ever mention out of the box security of Solaris, linux or
windows?
 | >It seems to me that most systems need quite a bit of "fixing" if not a
 | >whole heck of a lot of configuring.
 |
 | Actually you did:
 | "...is not attempting to be a demo -- such as Pitbull (solaris?)?"
 |
 | Any OS, including Solaris, if not properly configured is not an
 | OS I would
 | consider as "secure",
 | and that would include something like Pitbull. As far as I'm aware and
 | correct me if I'm wrong,
 | with proper configuration and documented auditing, Pitbull is a
 | secure and
 | trusted system, but
 | not "out of the box". I wouldn't "trust" ANYTHING "out of the box."

Ditto, but once I've done cranked up and enabled IPfilters, I trust my
OpenBSD boxes.

 | >Anyway, what closed OS are you referring to?  Solaris is hardly closed.
 | >At least, it's a whole heck of a lot more open than mickeysoft,
 | >until/unless some jokers release the code  they might have stolen
 | >from mickeysoft.

Scott point is wrong, solaris and SunOS are still largely based on
BSD/SysV,
And with SunOS at least, you could buy a source license from Sun.

 | Since when? Ok, Solaris IS opening up, but that is a recent
 | occurrence. It has traditionally been just as closed as any other OS,
 | and I would include it with MS in that category.

Again, as above, I don't believe that MS has ever allowed just anyone with
$10,000 to get a copy of the source, I wonder why.........not.

Sun's opening up of the source is a big step towards making the OS 'open',
and in fact isn't a big step away from 'open', if you consider that Linus
and
Theo both have the same kind of veto that Sun would have on any patches you
cared to supply.

[snip]
 |  "This work is not intended as a complete security solution for
 |  Linux..."
 |
 |  "...it is simply an example of how mandatory access controls
 |  that can confine the actions of any process, including a
 |  superuser process, can be added into Linux."
 |
 |  "There is still much work needed to develop a complete security
 |  solution."
 |
 |  "we feel we have presented a good starting point to bring
 |  valuable security features to Linux. We are looking forward to
 |  building upon this work with the Linux community."
 |
 |  "There is still significant work ahead to provide mandatory
 |  access controls for all kernel services and to provide a
 |  complete general purpose security policy configuration. "
 |
 |  "It is expected that research in the above-identified areas of
 |  technology will continue."
[snip]
 |  Seems to me from reading through the website that this is not a
 |  demo, and more than a proof of concept, it appears to be a
 |  continuing work with working source provided.
Exactly.

If you use Linux in a secure environment, and MAC would
be a nice addition, maybe you should try it out, and even try and
get the features in the core releases so everyone can help debug it.

[snip]
 |  Please note that I do not, nor have I ever, worked for any
 |  government agency, therefore my comments above concerning
 |  mentality and methods of operation should be construed strictly
 |  as personal  opinion, I am not speaking from experience, only
 |  observation.

Ahh, and though *I* believe you, from your snipped diagloue, even
if you do/did, you may not be allowed to say... ;-)

Dom