Next Meeting

Kevin E. Glosser keg at adelphia.net
Thu Apr 15 13:22:36 EDT 2004 

On Thu, 2004-04-15 at 08:19, Darin Perusich wrote:
> selinux is the linux equivalent of Trusted Solaris.

<anti-flame disclaimer>

I am not attempting to counter the information you have provided, simply
to gain more clarification, from a topic you seem to clearly have more
experience with than I do.

</anti-flame disclaimer>

In the SELinux FAQ the NSA labels it as a NON "trusted" solution...

"
  * Is Security-enhanced Linux a Trusted Operating System?

No. The phrase "Trusted Operating System" generally refers to an
operating system that provides sufficient support for multilevel
security and evidence of correctness to meet a particular set of
government requirements. Security-enhanced Linux incorporates useful
ideas from these systems but focuses upon mandatory access controls. It
is expected that this work would be combined with other efforts (e.g.,
auditing and documentation) to construct a "trusted" system. The initial
focus of Security-enhanced Linux development has been to create useful
functionality that delivers tangible protection benefits in a wide range
of real-world environments in order to demonstrate the technology.


  * Is it secure?

The notion of a secure system includes many attributes (e.g., physical
security, personnel security, etc.) and Security-enhanced Linux
addresses only a very narrow set of these attributes (i.e., mandatory
access controls in the operating system). Put another way, "secure
system" means safe enough to protect some real world information from
some real world adversary that the information owner and/or user care
about. Security-enhanced Linux is only a research prototype that is
intended to demonstrate mandatory controls in a modern operating system
like Linux and thus is very unlikely to meet any interesting definition
of secure system. We do believe that the technology demonstrated in
Security-enhanced Linux will be valuable to people that are building
secure systems. 
"

I'm not familiar with "Trusted Solaris", but is it possible it goes to a
level beyond what SELinux does?

>  it gives you the 
> ability to remove the all powerful root account and makes it a normal 
> user, gives you super granular control over all aspects of the system.

I don't know if "remove" is the best choice here. It seems to remove the
exploits that can occur from the idea of having an "all powerful"
account. Or is that what you are saying?

Can you clarify this point?

>  
> i looked into a year or so ago and found it to be crazy overkill, unless 
> you're doing super secret government or corporate stuff.

In the FAQ they do not describe it as worthy of government work. Again,
claiming this is not a "trusted" solution.

Also, this is being implemented in FC2. Now, it may be solely to get it
in a Redhat Entreprise edition later. However, in either case, it looks
like something that is coming.

My whole point of bringing it up, is wondering if this becomes an
accepted addition to Linux. Will ALL distro's add it? Will we have the
choice to use it?

Initially, there are 3 ways to use it in FC2(test2). You can run it in
enforcing mode, permissive mode, or disable it.

If, say tomorrow, every distro in existence released a SELinux version
running in enforcing mode, we'd all have something to adjust to. :)

Which is why I brought up the topic.

KEG

More information about the nflug mailing list