Re: nsa code ?

[Pedro Rosa <Pedro.Rosa@ksu.ru>]

Muggins the Mad wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Saturday 17 March 2001 22:22, you wrote:
> 
>> what do people here think about the nsa secure linux ?
> 
> 
> I downloaded it last night and spent a few hours looking at it.
> 
> If the implementation works as well as the design, then I think
> this is one of the most useful security additions I've seen. 
> 
> Having individual processes with their own permissions system
> is something I've been looking out for for a long time. The idea
> that you can configure netscape to only be able to read/write
> $HOME/.netscape and $HOME/downloads, for example, 
> suddenly makes an attack using netscape bugs a whole lot
> harder to do. (I use netscape as an example only, securing
> sendmail, ftpd, and similar servives is equally good).

That's an intersting example. Netscape is probably the most bug-plagued 
program in wide use. And one of the points is its reaction to such thing 
as permissions and UIDs. Frankly the selinux idea is great but what will 
happen with it if we get products at netscape's level? I saw this 
program eating the whole CPU because it can't write a file (either it 
was read-only or it belonged to someone else), reading several times 
/etc/passwd when, at start it had verified that the user is located in 
NIS/NIS+. The most killing is that netscape could fall in such conflicts 
but peacefully use a cache set on a third person with read/write 
permissions) while getting mad on writing into a file owned by a third 
party (with read-write permissions).

These are some of the plagues that ocurred to Netscape. And even the 
last 4.76 version is seriously broken in the mail system (it does not 
allow NIS+ authenticated users to use it). Now, how can we enforce 
security rules into such a system? Enforcing them may turn a relatively 
unstable program into a administrative Hell. Saying "force the developer 
to implement" is not exactly a solution. Well, Netscape, the company, is 
exactly the example of this. I know that a great amount of users wrote 
to Netscape, pointing to some serious problems, some of them that were 
seen on 3rd version. They are still there! So we may well wait for the 
day the sun rises from the West...

I see two scenarios in future. One, to play the "force the developer" 
and use PAM-style mechanisms that allow the use of such things like MAC 
(the developer will only be forced to implement a few anchors). The 
other is to bring a security "bubble" to programs that will allow them 
to work the way they like but  controlling the program's "environment" 
from certain security risks. The first can be made on linux, the second 
I doubt. However, the first and easier one, as shown above, can be 
beaten by a popular but stubborn developer.

One last note I say PAM-style but I don't claim PAM should be used for 
this. I mean that MAC should be inserted much in the way PAM is. Some of 
you may already have noted that the phrase "great but we have our own 
protocol.." already sounded. Cool, very good. Now we need that everyone 
just doesn't start to step on each other. That's why I speak for a 
PAM-style...


> 
> 
>> is anyone integrating this into a linux distribution ?
>> why not?
> 
> 
> Not that I'm aware of, although give it time. A decent security
> system (SE Linux, LIDS, and the like) will require quite a lot
> of changes to some of the "standard" UNIX tools. That
> much of a change requires not only a lot of programmer-hours 
> to do, but a terrific amount of time testing and just figuring
> out how to put things together. 
> 
> There is also the fear of trusting something coming from the NSA. 

Do you trust Linus Torvalds? Maybe he is an agent of Antarctica 
Federation, the only alien nation on Earth. Me joking? So why the 
penguins live in a land we cannot  make any use of?  Why they are so 
cute but you can't get one home? Why an OS with their cute picture is 
given instead of them?

> 
> However, I think that if they *really* wanted to infiltrate
> Linux they'd just have a pet "freelance" developer working 
> their way into some critical high-priority application. Me, I'd
> probably pick some binary-only application that large numbers
> of people use and "accidentally" leave a subtle bug that is 
> exploitable.   Netscape? Star Office? Nvidia video drivers anyone?

Well it is healthy to doubt that NSA has something in the sleeve... But 
don't forget that such organisations do have a double mission for the 
state and the people they defend - "to sniff and avoid being sniffed".  
I believe NSA went for the Linux trend because now it is well seen that 
the world is seriously changing winds. Security on Linux is a more 
pertinent question than with Windows as things here are growing much 
more complex than in M$ world. The basic structure of *NIX security is 
great but not enough and it has given always problems when permission 
demands get more complex. In fact we should recognize that, in Windows 
NT, security failed because some people made a whorehouse out of a great 
security scheme. I think that someone inside NSA thought that enough is 
enough and that the *NIX should get a little more mature with the system 
of permissions 

> 
> 
> 
> - - Muggins
> - --
> mugginsm@conformidel.com.
> GnuPG/PGP public key avaliable on request.
> Also seen at ICQ 8108509
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE6tABCEuXPAaSIr2ARAqpWAJ4vWIOOTWwS5LGHXg/hEbr2GMXVUgCfUmh9
> SFBCbpeN+Qh4TzsDZ54NzC0=
> =E1h5
> -----END PGP SIGNATURE-----
> -
> Securedistros: A common list for all secured Linux distributions
> Archive:       http://humbolt.nl.linux.org/lists/
> 
> 


-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/