SELinux and the NSA - should we be worried?
A friend of mine years ago said, "Just because I'm paranoid doesn't mean people really aren't out to get me."
I just read yet another article about the US National Security Agency and the company named RSA. The NSA apparently paid $10 million to the RSA to subvert one of RSA's security algorithms. And the NSA subverted it further by working with RSA later to "improve" it.
Here is a link to the Reuters article:
http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331
That's one of the things the NSA does - they work with private companies to improve overall security. Except, at least with RSA, the NSA got caught inserting back doors and subverting the very security systems they were supposed to enhance.
And that leads to the Linux community. SELinux is an implementation of mandatory access control. Apply labels to objects and only subjects with matching labels can access those objects. Don't we tell the world that the open source community developed SELinux with assistance from the NSA?
Given the recent sensational disclosures about the NSA, I wonder if the SELinux experts are digging for similar back doors to what the NSA introduced to RSA? I like to tell open source skeptics that such things as NSA shenanigans can't happen with open source because too many people from too many organizations have their fingers in the development and the development process is transparent. But wouldn't it be awful if we find out the NSA figured out a way to introduce some sort of back door with SELinux? But if so, would it not also be better if the community found and fixed such problems before they show up in the next sensational revelation?
- Greg
Responses
On the bright side, SELinux is focused for on-host file security, not network connectivity. The NSA's on-going quest to have clipper-chip style access to encrypted communication channels, where privileged high-resource organizations like the NSA can decrypt everything but hardly anyone else can, is not implicated. The NSA's goal for SELinux was to have commercial, off-the-shelf technology capable of supporting secure, compartmentalized information processing, as needed by the NSA, CIA and DOD. In short, to let the spies get off obsolete 20-year old technology and take advantage of Moore's law like everyone else. It was not in their interest to subvert this, so SELinux is probably as safe as any other open security technology.
Since a very traditional source of weakness in cryptographic systems is bad pseudo-random number generators (see e.g. the 1979 Ken Thompson unix password anecdote in CACM v22,n11,pp596), it is unsurprising that the NSA tried to subvert those at RSA. It is equally unsurprising that the Linux kernel folks welcome stirring new-fangled Intel hardware randomness into the /dev/random pool, but don't trust it enough to let it be a sole source.
The bigger problem is that you have to factor state-level adversaries including the US, Russia, China, France, Israel into the set of actors attacking the firmware in your network devices and hosts. Linux, Open SSH, and TLS v1.2 are the least of your worries.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
