NSA makes Linux more secure

Jason Wright jason at thought.net
Wed Mar 24 14:09:02 CST 2004

On Wednesday, March 24, 2004, at 10:27 AM, Paul L Rinaldo wrote:

> http://www.nsa.gov/selinux/index.cfm

The selinux project has been around for awhile.  I'm not sure it makes 
things any more secure, but it does add a TON of extra baggage: 
security labels, mandatory access controls, and that sort of thing.  
This is stuff normally found in "trusted" versions of other OS's like 
Trusted Solaris, Argus, TrustedBSD, etc.

A funny note: the last time I looked at Argus, they had just held a 
capture the flag contest with their operating system as the target.  It 
was hacked in record time through a bug in the underlying software.  
Moral: additional security controls don't necessarily mean better 

The approach the NSA guys took was kind of interesting though.  They 
use hooks to insert themselves into the relevant parts of the tree and 
assert the policy from there.  It's neat to have this policy stuff as a 
module that can be loaded "later."

--Jason L. Wright

More information about the Tacos mailing list