NSA makes Linux more secure
Jason Wright
jason at thought.net
Wed Mar 24 14:09:02 CST 2004
On Wednesday, March 24, 2004, at 10:27 AM, Paul L Rinaldo wrote:
> http://www.nsa.gov/selinux/index.cfm
The selinux project has been around for awhile. I'm not sure it makes
things any more secure, but it does add a TON of extra baggage:
security labels, mandatory access controls, and that sort of thing.
This is stuff normally found in "trusted" versions of other OS's like
Trusted Solaris, Argus, TrustedBSD, etc.
A funny note: the last time I looked at Argus, they had just held a
capture the flag contest with their operating system as the target. It
was hacked in record time through a bug in the underlying software.
Moral: additional security controls don't necessarily mean better
security.
The approach the NSA guys took was kind of interesting though. They
use hooks to insert themselves into the relevant parts of the tree and
assert the policy from there. It's neat to have this policy stuff as a
module that can be loaded "later."
--Jason L. Wright
More information about the Tacos
mailing list