Results 1 to 4 of 4

Thread: SELinux aims for security certification and credib

  1. #1
    Moderator
    Kind Mastermind
    stryder144's Avatar
    Join Date
    Aug 2001
    Location
    Denver, CO
    Posts
    2,924

    SELinux aims for security certification and credib

    The Cyberspace Policy Institute at The George Washington University is launching an effort to get international security ratings for the U.S. National Security Agency-driven Security Enhanced Linux project, a move that organizers hope will make Linux more attractive to cautious technology purchasers, including government agencies.
    This is the beginning of an interesting article about SELinux and the drive to get it certified. I find SELinux to be a very interesting addition to Redhat and have been watching it since it came out.

    Any thoughts on SELinux?

  2. #2

    Re: SELinux aims for security certification and cr

    I have high hopes for SELinux but don't see it obtaining them. The kernel can only be used (wellm only supose to be used) by US citizens because of the crypto patch and what not applied to the kernel. While I think it is a good idea I think they should send the patches and systems to Linus so it can be merged into the stock kernel instead of trying to maintain their fork.

  3. #3

    Re: SELinux aims for security certification and cr


    I have high hopes for SELinux but don't see it obtaining them. The kernel can only be used (wellm only supose to be used) by US citizens because of the crypto patch and what not applied to the kernel. While I think it is a good idea I think they should send the patches and systems to Linus so it can be merged into the stock kernel instead of trying to maintain their fork.
    *sigh* Another misinformed person. It's not your fault though, probably more of NSA's fault for not being clear enough for what they are doing.

    First, SELinux is a way to program your own security into the kernel. Think of it as way of allowing for people to insert security plugins into the kernel. If you are familiar with access control lists (ACLs), this is somewhat like that, only better. Instead of saying that these users can perform these operations on these directories or files, you can program exactly what a user(s) can do with those files or directories. So basically you can do something like telling httpd exactly what directories it has access to, what files it can read from, what files it can write to, what functions in its code it can use, and how it's supposed to serve out its web pages, and that's it. If someone hacked httpd, they wouldn't have a shell account because httpd wasn't given that access. Even if they had a shell, they'd have a very limited number of access, read, and write permissions.

    Linus wants to put in some sort of pluggable security mechanisms, but this isn't the only effort out there, it's just the most popular right now (even HP has something like it, but not too many people are optimistic about it.) The NSA has been sending people to the various Linux Kernel Summits, With that in mind, it might be safe to say that this is the type of security that Linus is considering.

  4. #4
    Moderator
    Kind Mastermind
    stryder144's Avatar
    Join Date
    Aug 2001
    Location
    Denver, CO
    Posts
    2,924

    Re: SELinux aims for security certification and cr

    I have high hopes for SELinux but don't see it obtaining them. The kernel can only be used (wellm only supose to be used) by US citizens because of the crypto patch and what not applied to the kernel. While I think it is a good idea I think they should send the patches and systems to Linus so it can be merged into the stock kernel instead of trying to maintain their fork.
    To dispell a misconception or two, here is a quote from the following nsa website: *http://www.nsa.gov/selinux/faq.html

    19. *What are the licensing restriction on it?
    * * * *All source code found on this site is released under
    * * * *the same terms and conditions as the original sources. *
    * * * *For example, the patches to the Linux kernel, patches to
    * * * *many existing utilities, and new programs and libraries
    * * * *available here are released under the terms and *
    * * * *conditions of the GNU General Public License (GPL).
    * * * *The patches to some existing utilities and libraries
    * * * *available here are released under the terms and *
    * * * *conditions of the BSD license.
    20. *Are there any export controls on it?
    * * * There are no additional export controls for Security-
    enhanced Linux over any other version of Linux.
    So, as you can plainly see, the NSA is playing nice with the international Linux community. *The NSA isn't really forking the kernel anymore than Alan Cox or any of the other kernel hackers who release patched versions of the kernel are. *They are providing a research tool for the general community to use and improve. *Heck, it would be nice to see it folded into the kernel at a later date. *

    Also, I didn't see anything in the faq talking about crypto. *Where did you see crypto, Ashcrow?

    I would like to dink around with an encrypted file system running in conjunction with either a bastille hardened system or an SELinux patched system. *See how it works and holds up to normal, everyday use. *Anyone have any experience with the encrypted file system?

Similar Threads

  1. I need your knowledge on SeLinux
    By jmn0729 in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 02-25-2008, 03:11 PM
  2. SElinux and DNS
    By paleogryph in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 01-19-2006, 10:08 PM
  3. Novell aims Linux at corporate desktops
    By in forum General Chat
    Replies: 1
    Last Post: 11-09-2004, 02:51 PM
  4. SELinux
    By ferreter in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 12-03-2002, 01:38 AM
  5. SELinux
    By ndogg in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 05-21-2002, 11:33 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •