LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-29-2004, 08:27 PM   #1
r_jensen11
Senior Member
 
Registered: Apr 2003
Location: Minnesota, USA
Distribution: Slack 10.0 w/2.4.26
Posts: 1,032

Rep: Reputation: 45
Linux: NSA style...


Anyone concerned about us getting "help" from the NSA with the security of the kernel? I know that it's all open-sourced, so we can see what they add in to the kernel, but how many people check it? I'm just a little anxious of anyone from NSA spying on my computer before I upgrade to SE, or whatever the newer kernels are called.
 
Old 02-29-2004, 09:30 PM   #2
vectordrake
Senior Member
 
Registered: Nov 2003
Location: NB,Canada
Distribution: Something alpha or beta, binary or source...
Posts: 2,280
Blog Entries: 4

Rep: Reputation: 47
Linus and his tight band of cohorts audit every piece of code that passes their way. Without their say-so, there will be no contribution. Don't worry about it. Nothing gets in the kernel unless it passes Linus
 
Old 02-29-2004, 09:59 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
From my understanding, the NSA is only releasing the SELinux source, so the code is fully reviewable. But so was the do_brk and mremap code that was found to be exploitable. I doubt intentionally exploitable code would slip past an audit. Call me paranoid, but I'd still rather not download my next distro from the same people who brought us echelon.
 
Old 03-01-2004, 07:10 AM   #4
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
yea, same feeling, i think i might have to take a look at the codes myself before i use them, a nice long look
 
Old 03-01-2004, 10:14 AM   #5
lone_nut
Member
 
Registered: Dec 2003
Location: Denmark
Distribution: Mandrake
Posts: 179

Rep: Reputation: 30
Well I have to agree. It might stick with kernel 2.4. in 5 years or so the new discovered exploits will not affect the 2.4 kernel. And I trust this computer to run for minimum 10 years. Before not being able to run anymore (I know it will be slow, but i can always buy me another computer also).
 
Old 03-01-2004, 11:49 AM   #6
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
Quote:
but I'd still rather not download my next distro from the same people who brought us echelon.
SELinux is not a distro.

What's to be so paranoid? We're talking about the most paranoid people in this country, and I think they would have much more important things to do than incorporate some malicious code into the kernel to their benefit.

Personally I don't think I'll be installing it on my favorite box until I feel that it is satisfactory enough to do so. In the meantime, I'll play with it on my "play" box because the access controls are very interesting. I wouldn't suggest installing this thing to your best PC yet...

Just my opinion though..
 
Old 03-01-2004, 01:25 PM   #7
moonloader
Member
 
Registered: Nov 2003
Location: linuxquestions.org
Distribution: Linux and BSD
Posts: 229

Rep: Reputation: 30
they say it is secure kernel,but I don't trust,I think it is a food for the fishs
 
Old 03-01-2004, 02:32 PM   #8
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
try it out on a box you don't care for or not connected to your LAN.

Until then, lets not make assumptions based on opinion.
 
Old 03-01-2004, 03:16 PM   #9
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
SELinux is not a distro.

Maybe you should call the NSA and tell them that, because they have on their website:

Quote:
5. What does your distribution include?

Security-enhanced Linux includes patches to the Linux kernel and patches to a number of standard tools and utilities. It also includes a number of new utilities, support files, and documentation. By far the easiest way to build and install Security-enhanced Linux currently is to duplicate our source trees (lsm-2.4 and selinux) and follow the instructions in selinux/README. We have provided compressed archives of our source trees, as well as several ways to build it by acquiring only our modifications from our web site (http://www.nsa.gov/selinux/). As time permits, we intend to create or modify the RPM spec files as appropriate and provide SRPM format files.
See http://www.nsa.gov/selinux/faq.cfm#I5 for the entire FAQ.

What's to be so paranoid? We're talking about the most paranoid people in this country, and I think they would have much more important things to do than incorporate some malicious code into the kernel to their benefit.

I'm sure they probably could find some spare time from their normal job of spying on the entire planet (including the monitoring of cell and telephone conversations around the globe) to fit it into their schedule. Nobody said you can't install it; in fact feel free to. Just not my cup of tea. Personally I would recommend something more along the lines of Tinfoil Hat Linux. But that's just my opinion.
 
Old 03-01-2004, 03:31 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
try it out on a box you don't care for or not connected to your LAN.
Until then, lets not make assumptions based on opinion.


I agree. Spread FUD and prepare to be slashed.
 
Old 03-01-2004, 04:15 PM   #11
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
Quote:
Maybe you should call the NSA and tell them that, because they have on their website:]
Sorry to burst your bubble but it's not.
It's simply a kernel hardening system.

Quote:
I'm sure they probably could find some spare time from their normal job of spying on the entire planet (including the monitoring of cell and telephone conversations around the globe) to fit it into their schedule. Nobody said you can't install it; in fact feel free to. Just not my cup of tea. Personally I would recommend something more along the lines of Tinfoil Hat Linux. But that's just my opinion. [/B]
Well if that's your point of view, I'm sure your'e too paranoid to use your cell phone, house phone, or any other electronic device. If you do, then that statement is irrelevant...
 
Old 03-01-2004, 08:15 PM   #12
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Sorry to burst your bubble but it's not.
It's simply a kernel hardening system.


Dig around at the SELinux site. They offer a pre-patched kernel as well as a set of administration utilites and daemons for download, so calling it a kernel hardening system isn't entirely correct either.

Actually most of this whole conversation is moot because a significant portion of the SELinux modules/patches/concepts are already incorporated into the 2.6 kernel. Will I use that, yes. Will I download a pre-patched kernel directly from the NSA, no. Is that based on any kind of fact, absolutely not.

If I actually had something to be paranoid about, you could be sure I wouldn't talk about it on a cell phone or email.
 
Old 03-02-2004, 12:35 AM   #13
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
Quote:
Originally posted by Capt_Caveman
Sorry to burst your bubble but it's not.
It's simply a kernel hardening system.


Dig around at the SELinux site. They offer a pre-patched kernel as well as a set of administration utilities and daemons for download, so calling it a kernel hardening system isn't entirely correct either.

Actually most of this whole conversation is moot because a significant portion of the SELinux modules/patches/concepts are already incorporated into the 2.6 kernel. Will I use that, yes. Will I download a pre-patched kernel directly from the NSA, no. Is that based on any kind of fact, absolutely not.

If I actually had something to be paranoid about, you could be sure I wouldn't talk about it on a cell phone or email.
I have read you post very carefully, and though I agree, I see a Gerrymandering deal with where you can draw your paranoia lines and feel secure in our Agents in services we need... I never fear my Internet use or my cell phone -- why should I?? I am alongside with what's good. Isn't that enough?
 
Old 03-02-2004, 09:14 AM   #14
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
i dont sue cell phone (they are proven to microwave your brane, long term DOES lead to hight risk for brain cancer), i dont use phones unelss i ahve to (government does monitor all the phone lines and records conversation with key words, NSA does admit to that, (i think it was them?)),

as far as im concerned the only remotly secure conversation is in person, and when need be to sue comunications, ONLY USE CABLES!, once your online its smooth sailing as they cant monitor every internet activitiy, just too much for any computer to handle

should i also say i dont like going outside?

and i dont think im paraniod, im very cusious, so cusious i used to sleep with a knife close to my bed (until my mom got rid of it! ERR)

Quote:
What's to be so paranoid? We're talking about the most paranoid people in this country, and I think they would have much more important things to do than incorporate some malicious code into the kernel to their benefit.
ok, they take the time to monitor the phone call calls in the US, and monitor all satalite comunications, and can even listen in on walkie talkies bought at a kids store for $3,
will they take the time to try and sabatoge a system were anyone can get and use what they call "illegal" encryption ? (i dont see why they are concerned, they ahve techonology thats always at elast 1 step ahead, they block any and all new technologies wich they arnt ready to deal with and teh government can and does kill people off it doesent like

i think the NSA is onea the most likly organizations to try and sabatoge all puplic versons of linux in one way or another, they are like the church of the new age (no offence to ya christian folks)

Last edited by SciYro; 03-02-2004 at 09:16 AM.
 
Old 03-02-2004, 10:11 AM   #15
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
You obviously don't know what you are talking about, so just stop now.

It's better to keep your mouth shut, than to open it and remove all doubt.

The pre-patched kernel they are releasing is OPEN SOURCE. I don't think I should have to repeat that, and I will fight the urge to do so. If you know anything about programming, then you can skim over SELinux's code for anything suspicious.

OTHERWISE, let's not turn this into an organization bashing thread based on personal paranoid logic, and absurd assumptions based on facts that none of you will go into detail about.
An organization that while spying on it's own country, for obvious reasons, does one hell of a job of attempting to preserve our rights and freedoms along with the rest of our government.

Let's just keep in my mind that we are all on the same team here.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The NSA linux version x86 Intel suse91pro Linux - Security 2 04-30-2005 03:00 PM
NSA Releases High Security Version Of Linux jeremy Linux - Security 3 03-28-2005 08:24 AM
VIM-style wrapping to OpenOffice style schmmd Linux - Software 1 12-21-2004 07:50 PM
NSA involved with Linux? vincebs General 16 02-26-2004 06:27 AM
Anyone ever use Security Enhanced Linux from the NSA? Whitehat Linux - General 6 01-07-2004 12:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration