Let's take the NSA head on!

[70983]

Alright, all you computer-saavy geeks out there need to start writing your own operating systems.  I think everyone in the movement who can, should write their own OS to keep the NSA trash from being able to snoop around.  NO BACKDOORS.  And trust me, as soon as I learn how, i will write my own OS.

Linux kernel to have NSA inside?
By JT Smith on March 23, 2001 (8:00:00 AM)
 Share     Print     Comments   

- By Joab Jackson -
Later this month, when Linus Torvalds and the other movers and shakers gather for the Linux kernel summit to map out the development course for Linux kernel 2.5, they'll be hit with a proposed modification from an unlikely party -- the U.S. National Security Agency. There, Peter Loscocco, of NSA's Information and Assurance Research group, will propose a mandatory access control (MAC) architecture for the Linux kernel, a piece of code that could go a long way toward making the Penguin OS the obvious choice for security-minded businesses and government agencies.
But will normally open-minded Linux devotees accept code from America's premier spy agency?
This month, members of the Maryland Columbia Area Linux Users Group (CALUG) got a peek at Security-Enhanced Linux (SELinux), as the modified-by-NSA version of Linux is called. CALUG coordinator Randy Schrickel, who does some consulting for NSA himself, knew a bit about NSA's work. And because NSA's headquarters at Fort Meade is near Columbia, Schrickel called the agency to ask if someone would be willing to come to the group's meeting to talk about it.

It was a treat. That night, in a second-floor room in an otherwise empty office building, Loscocco, wearing most unspy-like jeans and a faded red shirt, and the likewise casually attired Steven Smalley, of NSA contractor NAI Labs' Secure Executions Environments group, gave an account of how their system worked.

SELinux, they explained, goes way beyond the firewalls and file permissions that now guard *nix boxes. These kinds of everyday security measures fall under the rubric of discretionary access control (DAC). The problem with DAC is that such protocols determine security levels only by the identity of the users, not by the actions they are trying to execute. Under this general level of protection, a cracker can "own" a system only by sussing out a sysadmin's password, or a Trojan horse, but once inside the system, can do far more damage as the OS has implicitly trusted the executable to do the right thing.

A well-tuned MAC-enhanced system eliminates these possibilities. "The mandatory access controls can confine the actions of any process so that the potential damage that can be done by exploiting a flaw in an application can be strictly limited," Smalley writes on the SE mailing list. SE protects raw data and the kernel against any potential damage that can be caused through an exploitation of a flaw in a process that requires privileges. It also keeps ordinary user processes from interfering with system processes or administrator processes. MAC checks permissions of every process, file, and socket being used against a matrix of allowable actions. (For more detail, see Larry Loeb's analysis on IBM's DeveloperWorks site, part one and part two. Or, if you really have some time to kill, read NSA's own backgrounders on the Linux implementation and the architecture itself.

Smalley gave an example of how SE would toughen up a Web server: While now it may be possible to drop some malicious code through a CGI interface, with some sort of MAC protection CGI commands could only access a small subset of previously-defined actions, actions the sysadmin had already set as permissible. A CGI command couldn't execute at the level of the server itself, so a process couldn't fork off and cause damage.

SELinux stems from NSA studies first done back in 1993 on developing a secure MAC architecture -- eventually the work led to an enhanced security architecture, called Flask, the specifications of which were released in 1999. NSA started applying Flask to Linux in the summer of 1999, and the first version of SELinux was released last December. The basic architecture itself is platform independent, Loscocco explains, and, in fact, the folks from TrustedBSD have already contacted NSA about possible use to leverage some of this work for their own MAC controls, which aren't as flexible.

SELinux is not a separate software program, nor is it even a separate Linux distro. Rather, the NSA team hopes to have it built into the kernel itself. The security levels for users, programs, and processes are set by the system administrator through a kernel subsystem called a "security server," which acts as an interface to check all policy decisions. It provides control over execute permissions, file control permissions, socket controls, and other process management services like fork, getsid and sched. The policies are customizable: They can be set at low-level fine-grain levels or across higher system-wide levels. Even previously omniscient root accounts aren't granted de-facto rights to all operations.

Of course, with all SELinux's tune-ability, there is also the distinct possibility that a less-than-purely thought-out policy can wreak havoc. As Loscocco points out, "We give the sysadmin enough rope to hang themselves."

And, as the talk went on, the CALUGers in the group were quick to sniff out SE's other potential areas of grief for Linux developers and sysadmins, as Linux users are wont to do. For programmers, error messages would have to be a lot more thoroughly thought out under SELinux. How to handle a child process not returning data because the user didn't have appropriate permission? Also, as of now, only the ext2fs filesystem is recognized in SELInux. The policies on files in other filesystems, like Fat32 or XFS, still have to be set at a high level -- reducing flexibility. A third perceived shortcoming is that while the Flask architecture is itself platform independent, the Linux implementation is Intel x86 platform-specific -- although Loscocco pointed out that the code could easily be ported to other chips as well.

Then there is the old bugaboo of lag. As could be expected with any system that checks each and every process, there's bound to be some overhead, which may slow performance. When asked, Loscocco admitted that users would feel it in some cases. On most executions, he said. the overhead would be so small as to be almost unnoticeable -- on the order of 1 to 2 percent -- thanks to a vector access cache. But on smaller commands, it would be more noticeable. And one area where it really would be felt would be in networking, where Smalley admitted that the overhead could be as high as 10 percent.

While most of the meeting dealt with the technical implications of SELinux, eventually the talk drifted towards why the NSA was taking such an interest in Linux in the first place.

And with good reason. It's not often that the secrecy-minded NSA goes out on speaking engagements, much less offers help to renegade software movements. Loeb wrote that NSA introducing SELinux to the world is the "equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers."

Of course, the conspiracy-minded among us could find motives quite easily. And inevitably, someone in the back row asked the question that, however embarrassing it may have been to ask, nonetheless had to be asked: Is there some sort of back door written into SELinux? Meaning, did the NSA plant secret access points that it can use to gain entry into people's computers?

It is a good question. After all, just last week it was reported that Germany is banning Microsoft software from its sensitive posts, fearing that the NSA had already planted back doors in that company's products, although German officials later denied the reports. The concern was also voiced last September, when an ex-NSA analyst accused the agency of persuading some commercial software companies to add booby-hatches to their products. And a few years ago, when the government was hammering out a standard for creating electronic signatures, the NSA okayed a proposed digital signature but didn't identify a serious flaw that would allow a sophisticated party -- such as NSA -- to install a trapdoor (NSA denies this was the case). And let's not forget the supposed "NSAkey" that got Microsoft- and NSA-haters all in an indignant huff.

Loscocco's answer was simple -- and he was adamant that NSA's goal is not to "pollute Linux." Back doors can't be done with Open Source software like Linux, he said, at least not without being discovered. After all, anyone can examine the code to see what it does. Sooner or later, some inquisitive programmer would find it.

But would they? After all, we're talking about code written by America's greatest employer of mathematicians, and one of the world's biggest users of computers. If anyone could plant secret code in Open Source, it would be NSA. No slouches of the deep calculations are they.

Loeb, who has examined the code in detail, would agree that there is no sneaky business going on, although he wouldn't go as far as to verify that there were no back doors. "I have seen nothing in the code to indicate any computational effort to swipe data, but to really answer that, the code would have to be analyzed for dependencies that are not obvious," Loeb emails. "The thing is, the released version is sort of useless as is. It's a framework, much like a Linux distribution. You have to set the permissions and stuff. Doing that customization seems to cut off any way that 'They' could count on to transmit data out of the shell.

"But that's just my opinion. I can't truly prove it mathematically."

Actually, SELinux has more to do with NSA's other mission, the one fewer people know about. While its chief duty is monitoring foreign communications for political and economic items of interest, NSA has a second task of building communications systems that can't be cracked, listened in on, or otherwise compromised. As one CALUG member noted after the meeting, "The wars between nations today are economic ones." Especially since the Cold War, operatives cut loose from foreign spy agencies are now engaged in all manner of espionage for foreign companies and governments. So it is in the United States' best interest, the argument goes, that the government build crack-proof systems for U.S. corporations.

And who better to do that than NSA itself, which knows a thing or two about compromising systems? The agency's Web site has a whole slew of security-related technologies ready for some enterprising companies to take out into the marketplace -- from disk sanitization to a wafer-coating technique that prevents reverse engineering of chips. And this is nothing new. Back in the '70s, when IBM was working on what would soon become the government Data Encryption Standard (DES), NSA brainboxes quietly stepped in to assist Big Blue in refining its design. Turns out they'd been secretly working on something similar for years.

But SELinux is the NSA's first outreach effort in Open Source.

SElinux seems to be the result of standard-issue technology transfer -- the U.S. government's ongoing attempt to get its own research into the marketplace to advance the frontiers of technology and, not incidentally, bring down the costs of the government systems those technologies are employed in. Loscocco pointed out that night how the NSA, like a lot of government agencies, is interested in using Linux itself to cut costs. Many of the Department of Defense's computers are required to have MAC implementations, and SELinux addresses that need.

"They need a secure OS internally," emails Loeb. "They want something they can put on cheap boxes that will still give them the security they need and currently implement on lots of disparate hardware. I think [SELinux] is really an admission that the world has changed. They need MAC, but only if it works can they use it on PCs"

In fact, Loscocco and Smalley told the CALUG group that it really isn't NSA's chef goal to have SELinux itself implemented in the kernel -- just that particular MAC security server architecture. After all, Loscocco is pretty confident that a MAC of some sort will be implemented in the future. It would seem that development is heading in that direction. In fact, there are about five other MAC designs competing for Torvalds' attention. One is Linux Intrusion Detection System (LIDS). Kernel contributor Malcolm Beattie has an alpha MAC release as well.

Both Loscocco and Smalley seemed earnest about what they were doing, and in doing so, they are testing the Open Source philosophy. After all, one of the tenets of Open Source, at least according to the Open Source Initiative is that "in order to get the maximum benefit from the process, the maximum diversity of persons and groups should be equally eligible to contribute to open sources. Therefore we forbid any open-source license from locking anybody out of the process." And would that include America's premier spy agency?

Later this month, NSA will present the Linux-gatekeepers with a tough choice. In the long run, NSA's contributions could strengthen Linux immeasurably, but will vocal Linux adherents really want a kernel with "NSA inside"?

And if not, will it just be from blind prejudice?

[Mukta]

The Linux community will never accept it and if they do there will be off-shoots of "NSA-Free" linux distributions.

[70983]

well, that story was from 2001  though

so SELinux could possibly already be in the kernel itself

[70983]

so is it even safe to use linux?

[70983]

http://www.nsa.gov/selinux/info/faq.cfm#I4

What does your release include?
The NSA SELinux release includes the core SELinux userland code. SELinux support is already included in the mainline Linux 2.6 kernel available from kernel.org. The core SELinux userland code consists of a library for binary policy manipulation (libsepol), a policy compiler (checkpolicy), a library for security-aware applications (libselinux), a library for policy management tools (libsemanage), and several policy-related utilities (policycoreutils).

In addition to a SELinux-enabled kernel and the core SELinux userland code, you will need a policy and certain SELinux-patched userspace packages to use SELinux. A policy may be obtained from the SELinux reference policy project.

SELinux is already in the freakin KERNEL!!! Linux is now a NSA Scam it says it on their own website

Linux, Windows, DOS, Mac,  THEY ARE ALL TRACKED BY THE NSA!

[70983]

Will no one listen to me?  dont be fooled by linux

Just because you dont have ubuntu 8.04 doesnt mean you are safe from NSA

they are in the kernel

[70983]

It even says so on WIKI FREAKIN PEDIA!

http://en.wikipedia.org/wiki/SELinux

Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies, including U.S. Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel.

ALL YOU LINUX BUFFS OUT THERE, IT IS NOT SAFE.  SELinux is in the kernel itself, therefore all Linux running on kernel 2.6 or greater IS ABLE TO BE TRACKED BY THE NSA USING THEIR BACKDOORS.  Our only option is to write our own OSes, unless any of you know of another one that is not connected to the NSA

[zdux0012]

SELinux's code is available and to date a backdoor has never been found.
That said it is easily to disable and to exclude altogether.
Get Debian or Ubuntu

[wvoutlaw2002]

SELinux's code is available and to date a backdoor has never been found.
That said it is easily to disable and to exclude altogether.
Get Debian or Ubuntu

SELinux compatability is built into the 2.6 Linux kernel. That includes Ubuntu.

Maybe it's best to move to a Linux distro which uses the 2.4 Linux kernel. The last distros I recall using the 2.4 Linux kernel were Slackware 10, Xandros 2.0/2.5, and Linspire 4.5.

CORRECTION: Slackware 11 uses the 2.4 Linux kernel by default. Slackware 12 uses the 2.6 kernel. Downloading the Slackware 11 DVD ISO right now. Will test it in VirtualBox once downloaded.

[70983]

SELinux compatability is built into the 2.6 Linux kernel. That includes Ubuntu.

Maybe it's best to move to a Linux distro which uses the 2.4 Linux kernel. The last distros I recall using the 2.4 Linux kernel were Slackware 10, Xandros 2.0/2.5, and Linspire 4.5.

CORRECTION: Slackware 11 uses the 2.4 Linux kernel by default. Slackware 12 uses the 2.6 kernel. Downloading the Slackware 11 DVD ISO right now. Will test it in VirtualBox once downloaded.

thanks man,for some reason i get the feeling that many users on this forum are being willfully ignorant of this

[70983]

How NSA access was built into Windows
Duncan Campbell 04.09.1999

Careless mistake reveals subversion of Windows by NSA.
   

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.

Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.

A second key

Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.

A third key?!

But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.

Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by NSA's burgeoning corps of "information warriors".

According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.

"For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying", he added. "The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers".

"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.

Can the loophole be turned round against the snoopers?

Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.

Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.

According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."

[70983]

SELinux compatability is built into the 2.6 Linux kernel. That includes Ubuntu.

Maybe it's best to move to a Linux distro which uses the 2.4 Linux kernel. The last distros I recall using the 2.4 Linux kernel were Slackware 10, Xandros 2.0/2.5, and Linspire 4.5.

CORRECTION: Slackware 11 uses the 2.4 Linux kernel by default. Slackware 12 uses the 2.6 kernel. Downloading the Slackware 11 DVD ISO right now. Will test it in VirtualBox once downloaded.

ok but youre forgetting that linspire and xandros basically sold out to microsoft, which runs under the eye of Sauron (NSA)

slackware looks like the only option, unless there are other distros that use a kernel before 2.6

[70983]

http://www.ibm.com/developerworks/linux/library/l-selinux/

[wvoutlaw2002]

ok but youre forgetting that linspire and xandros basically sold out to microsoft, which runs under the eye of Sauron (NSA)

slackware looks like the only option, unless there are other distros that use a kernel before 2.6

Only other big-name distros that I remember to use the 2.4 kernel were Red Hat 9, SuSE 9 (or was it SuSE 8?), and Mandrake 10. And SuSE 9 (or SuSE , Xandros 2.0, and Linspire 4.5 all came out before they sold out to Microsoft, so they should still be safe from the NSA.

But all versions of Slackware prior to version 12 should be safe. (Slackware 12 uses the 2.6 kernel.)

[70983]

what about an older version of ubuntu?  would that use the 2.4 kernel

[wvoutlaw2002]

what about an older version of ubuntu?  would that use the 2.4 kernel

Ubuntu's always used the 2.6 kernel as default, but I think they have the 2.4 kernel available for download in their repositories for some of their older releases (up to Dapper, I think).

[liko]

The Linux community will never accept it and if they do there will be off-shoots of "NSA-Free" linux distributions.

I damn hope so!

[70983]

The only "NSA free" linux is one that doesnt use the 2.6 kernel

[wvoutlaw2002]

The only "NSA free" linux is one that doesnt use the 2.6 kernel

Yeah, and it seems that a lot of Linux advocates (could be Microsoft shills hired to give Linux a bad name) are all fine and dandy with SELinux support being built into the 2.6 kernel. Linux really is like the Libertarian party. Both started off as freedom alternatives, and both eventually sold out to the NWO. But of course that won't stop the Obama supports from calling Microsoft critics "right-wing Nazis" if Obama gets elected (and if Herr Hitlery is the running mate as expected from their secret meetings, then that's exactly what will happen). Maybe next year the "Get a Mac" ads will reverse roles with the liberal yuppie being Microsoft ("yeah Vista is cool, we have NSA enhancements for 'enhanced' 'security'") and the rich neocon being Apple or even Linux to associate Apple and/or with "evil right wingers". I guess we'll know when one day the Daily Kos zombies start fawning over Windows Vista and label pro-Linux diary entries as spam.

[wvoutlaw2002]

Okay I found a Linux distro which apparently uses the 2.4 Linux kernel. It's a lightweight Linux called Feather Linux. Looks like it includes the IceWM and Fluxbox window managers. I like Fluxbox better. I'm downloading it right now and will test it out in VirtualBox. The download is 119 MB.

http://featherlinux.berlios.de/

What is it?

Feather Linux is a Linux distribution which runs completely off a CD or a USB pendrive and takes up under 128Mb of space. It is a Knoppix remaster (based on Debian), and tries to include software which most people would use every day on their desktop.

What applications does it include?

As of version 0.7.5, it includes:
Kernel 2.4.27, Abiword, siag, Dillo, Firefox, Captive-NTFS, gaim, ethereal, vim, Sylpheed, XMMS and plugins, Imposter, IceWM, wavplay, mpg321, FreeNX, John the Ripper, Tcl, qemu, kismet, abcde, macchanger, screen, paketto, ogg123 and other Ogg Vorbis tools, axyFTP, fireftp, rox-filer, cdrecord, mkisofs, rdesktop, tcpdump, parted, partimage, xfsprogs, Rhapsody, didiwiki, torsmo, GNUpod, GRUB, dsniff, aircrack, madwifi, dnsmasq, foremost, antiword, e2undel, iftop, bbpager, utelnetd, minicom, index, gpart, socat, traceroute, SciTE, prozilla, Midnight Commander, Samba, elmo, tmsnc, apsfilter, gmplayer, mount.app, chntpw, tinycc, nano, Xzgv, Xpdf, naim, hdparm, usbview, index, recoverdm, mtr, cdparanoia, betaftpd, Chipmunk Basic, gqcam, e3, lua, cdparanoia, giFTcurs, mtools, emelfm2, vncdec, elhttp, quagga, ettercap, wavemon, iptables, recover, amap, hping2, cabextract, splitvt, pciutils, LinNeighborhood, nmap and nmapfe, portmap and nfs-common, aumix, CTorrent, VNCviewer, sqlite, SSH and SCP, DHCP client, xtdesktop, PPP and PPPoE support, NTFS resize support, an RSS reader, stress, cpuburn, the Monkey webserver, Xcalc, Fluxbox, evilwm, the XBase apps, and the various standard console and system tools.

[wvoutlaw2002]

Found another Linux distro which uses the 2.4 kernel. It's called DeLi Linux (stands for Desktop Light Linux). The latest version - 0.8 - uses Linux kernel 2.4.36-4. It uses the IceWM window manager. And requires just 32 MB RAM.

http://en.wikipedia.org/wiki/DeLi_Linux

http://www.delilinux.org/wiki/doku.php?id=download

[70983]

Your precious jewel Linux has been compromised for 7 years, you cannot hide the facts

http://www.citypaper.com/columns/story.asp?id=5515

NSA Inside?

So, why is the National Security Agency (NSA) taking such an interest in Linux? That was the unspoken question in the air March 14 at the monthly meeting of the Columbia Area Linux Users Group (CALUG). That night, in a second-floor room in an otherwise empty office building, NSA rep Peter Loscocco, wearing jeans and a faded red shirt, and the likewise casually attired Steven Smalley, of NSA contractor Network Associates, explained how the federal agency had modified a version of Linux to make it truly "secure."
This meeting was set up by CALUG coordinator Randy Schrickel, who does some consulting for NSA himself and already knew a bit about (Security-Enhanced Linux ), as the modified-by-NSA version is called. Since NSA's headquarters at Fort Meade is close-by Columbia, Schrickel called the agency to ask if someone would be willing to come to the group's meeting to talk about it.

Loscocco and Smalley agreed to stop by, and their talk was a treat. Both worked on SE Linux, and what they described that night seems to be, even as a prototype, some serious stuff. SE Linux goes way beyond the "firewalls," or virtual barriers, that keep intruders out of today's networked computers. As system administrators know all too well, firewalls don't entirely fireproof computers. Crackers still sneak in open ports, send viruses through e-mail, or dump damaging codes through Web-page forms, Trojan Horse-style. And once someone gains "root access" to a machine, they own it. In contrast, SE Linux checks every process the computer undertakes against a customizable matrix of allowable actions. It's security management for control freaks.

That NSA concerns itself with Linux at all might seem surprising at first blush. After all, the operating system and the federal agency occupy opposing ideological poles. Linux is all about openness: Only because its code is publicly available for programmers worldwide to improve upon can it grow and prosper. NSA is all about secrecy: Only by maintaining a cloak of absolute anonymity can it carry out its chief mission of monitoring foreign communications for information of interest to the feds.

But few are aware that NSA has a second mission, one that leads directly to projects such as SE Linux: building communications systems that can't be cracked, listened in on, or otherwise compromised. This is putatively for the Good of the Nation. Especially since the end of the Cold War--operatives cut loose from foreign spy agencies are now engaged in all manner of espionage for foreign companies and governments. (As one CALUG member noted after the meeting, "The wars between nations today are economic ones.") So it is in the country's best interest, the argument goes, for the government to build crack-proof computer systems for U.S. corporations.

And who better to do the building than NSA, which knows a thing or two about cracking systems? Back in the '70s, when IBM was working on what would soon become the government Data Encryption Standard (the super-strength algorithms subsequently used by banks and other organizations to protect sensitive information), the NSA stepped in to assist Big Blue. Turns out, the agency had been working on something similar for years.

Besides, Loscocco pointed out, NSA, like a lot of government agencies, is interested in using Linux to cut costs. NSA's work would go a long way toward making the operating system a lot more attractive to the general public.

While Linux advocates can rejoice that their favorite OS is now a big enough player to warrant attention from the premier U.S. spy agency, the resulting work does raise a serious question: Is there some sort of backdoor code written into SE Linux? Did NSA plant secret access points it can use to gain entry into people's computers?

It's a darn good question. Earlier this month, Germany announced it is ridding sensitive government offices of Microsoft software for fear that NSA has planted back doors in the company's products. Last September, an ex-NSA analyst accused the agency of persuading some commercial software companies to program booby hatches into their products to ease surveillance. And a few years ago, when the government was hammering out a standard for creating electronic signatures for online contracts, NSA approved a proposed digital signature but didn't identify a serious flaw that would allow a sophisticated party (say, NSA) to install a trapdoor.

When the question was put to Loscocco at the CALUG meeting, his answer was simple: Back doors can't be done with Linux--not without being discovered. Unlike commercial programs built on code that isn't public, Linux's innards are open for anyone to examine. It would be darn near impossible to hide some secret functionality in open-source software; sooner or later, some inquisitive programmer would find the planted opening.

Nothing up our sleeves, see?

Loscocco and Smalley seemed earnest about what they are doing. Later this month, Loscocco told the CALUGers, the two will be attending the Linux kernel summit, where choices are made about which contributions will be rolled into future versions of the Linux OS' core. There, they will make their case to incorporate NSA's features.

That's going to be a tough choice for Linux gatekeepers. In the long run, NSA's contributions could strengthen the OS immeasurably. But will Linux adherents really want their software to have "NSA Inside"?

[70983]

bump