Who maintains it? Who will maintain it in Ubuntu Linux?

SELinux is maintained by the US National Security Agency, and developed by many contributors and independent hackers all over the world, that give they effort, time and skills to make it better everyday, and add new features, always supervised by the NSA team in charge of SELinux upstream maintenance.
https://wiki.ubuntu.com/SELinux


"A third key?!
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders."

http://www.heise.de/tp/english/inhalt/te/5263/1.html

"The European Parliament reports have sparked Continent-wide anger. Questions
have been raised by officials in Denmark, Germany, Norway, and Holland,
while the Swedish government has launched an investigation into whether
Swedish companies have been victims of covert NSA surveillance.
In Italy, a Rome deputy district attorney has opened an inquiry to determine
whether NSA activities violate Italian privacy law.
More important, perhaps, the reports encouraged France and Germany to lift
their restrictions on the use and sale of strong encryption software, which
Washington has been trying to limit."

http://www.chiark.greenend.org.uk/pipermail/ukcrypto/1999-September/005968.html

"Germany's Bundiswehr is banning Microsoft software (and presumably other major American software packages) from use in critical environments due to concern over "back doors" suspected to have been placed for the use of U.S. spy agencies, particularly the NSA (National Security Agency).
China, last year, declared Linux, particularly the home grown Red Flag Linux, the official operating system for Chinese government and commerce due to similar security fears."

http://www.aaxnet.com/news/M010318.html
:confused: :rolleyes: :-?

????? I thought SELinux was owned by Red Hat...

Well by releasing some of what they use, the NSA has helped to make GNU/Linux more secure. Open source software, like politics, can make strange bedfellows.

Note to nonnative English speakers: The last line above is based on the expression that "politics make strange bedfellows". It means that people who would not normally associate with each other in politics do at times when it benefits them politcally. The expression is adapted from Shakespeare (http://www.bartleby.com/59/3/politicsmake.html).

I'm sure someone will have looked into the NSA code to see there's no "third key"...

"back doors" suspected to have been placed for the use of U.S. spy agencies, particularly the NSA (National Security Agency).


Not placed, found and exploited ;)

It's not just the bad guys who know their way around code 8)


By the way, I love China's Linux name: "Red Flag," it works well :mrgreen:

SELinux is open sourced though so it's quite easy to see what's going on there. The fact that 2K had the hidden third key is about as old as Linux not being ready for desktop argument.

I have lost trust in both Linux and especially Ubuntu.

I have lost trust in both Linux and especially Ubuntu.
Than just don't install SELinux. It doesn't come built in.

I have lost trust in both Linux and especially Ubuntu.

You clearly don't understand what this is about. The NSA has aided both Windows and *nix become more secure. The government uses both and needs them to be as secure as possible. The difference is that back doors are easily hidden in closed-source software. It's not nearly as easy in open-source software and any shady lines of code would've been flagged already.

ain't SELinux open sourced. then why not audit it to find for exploits?

SELinux would not be a good place to hide a back door. Now one of the remotely exploitable "bugs" in Windows would be perfect for hiding a back door.

What I do understand is that Bruce Schneier doesn't understand the what's or how's of the NSA's interlopings; and that's sufficient for me to be extremely wary.

Schneier: "I simply don't trust the NSA to do the right thing."
http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html

SELinux is opensource. The code is there for all to see.

Get over it and drop your paranoia, nothing to it.

mips,

Despite you very high bean count, your shoulderboards, and elaborate array of chest medals, I am not assured by your message that Ubuntu might be free of the spying eyes of the NSA. I am merely an average user, and wonder how many users out of 100 could ever find SELinux, much less comprehend what might reside in its guts, or figure out how susceptible it might be to the prying eyes of any state security agency.

We, here in the U.S., have been inundated by state spying of many sorts, and have real reason to question the security of our operating systems. The "paranoia" you have mentioned has long ago evaporated into real concern for many of us; and our trust has gone with it.

My "healthy paranoia" has spurred me to write to Mr. Ladislav Bodnar of DIstroWatch, inquiring as follows:

I am greatly concerned about the U.S. NSA involvement in computer operating systems, even though they protest that they are only interested in securing operating systems.

Which, if any, Linux distros would you recommend as not having had any relationship with the NSA, and that would be free of any NSA, or other state security agency, involvement?

Thank you.

I am curious as to how you might answer the above question?

Regards,
Barney

mips,

Despite you very high bean count, your shoulderboards, and elaborate array of chest medals, I am not assured by your message that Ubuntu might be free of the spying eyes of the NSA. I am merely an average user, and wonder how many users out of 100 could ever find SELinux, much less comprehend what might reside in its guts, or figure out how susceptible it might be to the prying eyes of any state security agency.

We, here in the U.S., have been inundated by state spying of many sorts, and have real reason to question the security of our operating systems. The "paranoia" you have mentioned has long ago evaporated into real concern for many of us; and our trust has gone with it.

My "healthy paranoia" has spurred me to write to Mr. Ladislav Bodnar of DIstroWatch, inquiring as follows:

I am greatly concerned about the U.S. NSA involvement in computer operating systems, even though they protest that they are only interested in securing operating systems.

Which, if any, Linux distros would you recommend as not having had any relationship with the NSA, and that would be free of any NSA, or other state security agency, involvement?

Thank you.

I am curious as to how you might answer the above question?

Regards,
Barney

Barney,

The NSA has had direct input that has helped secure the Linux kernel and SELinux (correct me if I'm wrong someone!) So this means that every Linux distro out there is using a kernel that has had NSA input, no distro is free of any NSA code.

However, since Linux and SELinux are open-source we can see what the NSA has done and can check if there is any code that could let the NSA, or anyone else, spy on us. Do you really think the kernel devs would accept something from the NSA that would spy on people? No.

There is _nothing_ to worry about, you're privacy is still safe, no one is spying on you. The problems comes with the NSA help "secure" closed-source programs, such as Windows. It is far far far easier for them to add code that could, and can, allow them access as no one will ever see what they have added (The public, I mean) and so they can spy on people without them knowing (Well it wouldn't be spying otherwise :P)

Barney,

I think AlexC_ has provided a pretty good answer above.

The beauty here is that the code is open source. Anyone can look at what modifications have been done etc. They will not alllow closed sourced code from the NSA into the kernel or selinux.

You are safe, no need to worry.

The problem only arises when folks like the nsa contribute to say windows. Here there is no peer review of the code and you have to take it as it comes.

I can understand some US citizens concerns about their gov agencies. things are not exactly a ok.

If you are really into security look at openbsd. These guys #1 aim is security. Their code is pretty well audited and cleaned of bugs. They do not allow any binary modules into their code. They are also the bunch that do ssh. They are sponsored by Darpa and the likes but reside outside the usa.

AlexC_ & mips,

Thanks for your prompt replies. I'll keep my fingers crossed and truck on with Ubuntu; no way would I go back to Windows.

Thanks, again,
Barney

I would be very interested to hear what the kernel devs themeselves have to say about this? Or even red hat? Anyone intereseted in posing this question, or know where someone else could ask? Personally I am sure that the NSA or anyother intellegency agency can find out w/e they want about me reguardless of what my OS is, you forget that they could also track your IP or find out what websites you've gone to via your ISP. I am not worried cause I have nothing to hide or be embarrased about and I am not worried about the government spying on me, it's the black hat hackers that I am worried about since they could take your social security numbers or your credit card numbers and seriously mess you up. (the gov. doesn't need to "spy" on you to get these).

So anyone up to emailing Linus to ask him about this?

I would be very interested to hear what the kernel devs themeselves have to say about this? Or even red hat? Anyone intereseted in posing this question, or know where someone else could ask? Personally I am sure that the NSA or anyother intellegency agency can find out w/e they want about me reguardless of what my OS is, you forget that they could also track your IP or find out what websites you've gone to via your ISP. I am not worried cause I have nothing to hide or be embarrased about and I am not worried about the government spying on me, it's the black hate hackers that I am worried about since they could take your social security numbers or your credit card numbers and seriously mess you up. (the gov. doesn't need to "spy" on you to get these).

So anyone up to emailing Linus to ask him about this?

The linux kernel is more secure because of the NSA's work, not less.

I would be very interested to hear what the kernel devs themeselves have to say about this? Or even red hat? Anyone intereseted in posing this question, or know where someone else could ask? Personally I am sure that the NSA or anyother intellegency agency can find out w/e they want about me reguardless of what my OS is, you forget that they could also track your IP or find out what websites you've gone to via your ISP. I am not worried cause I have nothing to hide or be embarrased about and I am not worried about the government spying on me, it's the black hate hackers that I am worried about since they could take your social security numbers or your credit card numbers and seriously mess you up. (the gov. doesn't need to "spy" on you to get these).

So anyone up to emailing Linus to ask him about this?

Apart from tracking your IP via your ISP, they can also crack your pc, I am sure. But anyway, I am not too concerned as I have nothing to hide. Also, the very fact that SElinux is opensource means that the guys who included it in the kernel must have analysed it well for any back doors, and if a backdoor was found, believe me, the uproar would be heard all over the net!

I would be very interested to hear what the kernel devs themeselves have to say about this? Or even red hat? Anyone intereseted in posing this question, or know where someone else could ask? Personally I am sure that the NSA or anyother intellegency agency can find out w/e they want about me reguardless of what my OS is, you forget that they could also track your IP or find out what websites you've gone to via your ISP. I am not worried cause I have nothing to hide or be embarrased about and I am not worried about the government spying on me, it's the black hat hackers that I am worried about since they could take your social security numbers or your credit card numbers and seriously mess you up. (the gov. doesn't need to "spy" on you to get these).

So anyone up to emailing Linus to ask him about this?

You sound like it wasn't publicised before that the NSA had helped SELinux, it's no news anymore for a long time by now. In Linux (and most open-source programs), there's a lot of peer review, and hey, if you don't trust anything of it, learn how to program and review it yourself and compile everything from scratch. Fact is: either you learn a lot of difficult stuff, or you trust at least the one who is compiling the stuff for you. In this case I'd opt for an organisation that compiles open-source stuff, since the other one doesn't give anyone a possibility to check his code.

Barney,

The NSA has had direct input that has helped secure the Linux kernel and SELinux (correct me if I'm wrong someone!) So this means that every Linux distro out there is using a kernel that has had NSA input, no distro is free of any NSA code.

However, since Linux and SELinux are open-source we can see what the NSA has done and can check if there is any code that could let the NSA, or anyone else, spy on us. Do you really think the kernel devs would accept something from the NSA that would spy on people? No.

There is _nothing_ to worry about, you're privacy is still safe, no one is spying on you. The problems comes with the NSA help "secure" closed-source programs, such as Windows. It is far far far easier for them to add code that could, and can, allow them access as no one will ever see what they have added (The public, I mean) and so they can spy on people without them knowing (Well it wouldn't be spying otherwise :P)

US govt uses windows themselves, you'd they'd be that stupid to build in a hidden backdoor because it could easily be turned against them too!

You sound like it wasn't publicised before that the NSA had helped SELinux, it's no news anymore for a long time by now. In Linux (and most open-source programs), there's a lot of peer review, and hey, if you don't trust anything of it, learn how to program and review it yourself and compile everything from scratch. Fact is: either you learn a lot of difficult stuff, or you trust at least the one who is compiling the stuff for you. In this case I'd opt for an organisation that compiles open-source stuff, since the other one doesn't give anyone a possibility to check his code.

Oh ofcourse I knew, it's one of the points I used to brag about linux's security to friends of mine. The fact is the NSA has no reason to sit there and send us spyware or w/e,(the website states that they are committed to helping secure the internet or something to that extent.) it's counter-productive for them. I think the NSA's involvement only worries other governments who may not trust US intellegence agencys. In any case that's not my problem.

The main point of my post was to say that I would be curious to hear the developers' recation to this story.

I am curious Terracotta, what part of my post led you to beleive that I had no clue about the NSA's involvement?

Barney,

The NSA has had direct input that has helped secure the Linux kernel and SELinux (correct me if I'm wrong someone!) So this means that every Linux distro out there is using a kernel that has had NSA input, no distro is free of any NSA code.

However, since Linux and SELinux are open-source we can see what the NSA has done and can check if there is any code that could let the NSA, or anyone else, spy on us. Do you really think the kernel devs would accept something from the NSA that would spy on people? No.

There is _nothing_ to worry about, you're privacy is still safe, no one is spying on you. The problems comes with the NSA help "secure" closed-source programs, such as Windows. It is far far far easier for them to add code that could, and can, allow them access as no one will ever see what they have added (The public, I mean) and so they can spy on people without them knowing (Well it wouldn't be spying otherwise :P)

Alex, you are absolutely correct.

SELinux, and Operating Systems generally, have been made more secure by the tech heads at the NSA. DARPA as well.

Do not forget: the military and the intelligence community are integral to the development of the network, the internet, operating systems....

Granted, they are not white knights here, their job is to keep America safe, but they have decided that making the code open source ultimately makes all systems more secure-they are doing the right thing by open source.

They have stipulated that Windows run processes that link into their systems...essentially spying on the users-it's a process that cannot be terminated as well, AFAIK. They have not stipulated anything of the sort with open source systems.

Maybe there is a back-door, but SELinux has been around for quite some time, so I'm sure the kernel gurus would find it if it were there.

US govt uses windows themselves, you'd they'd be that stupid to build in a hidden backdoor because it could easily be turned against them too!

Do you just love pulling random facts out of the air and spreading them around? Last time it was 3/4 of the Linux population use KDE and now it's the entire US government use Windows? Please, do some research before posting things like this.

If, the US Government did use Windows they would have nothing to worry about. It's the government and NSA that could, can and most probably have spied on Windows PC's - not the general public spying on the government! So why would they want to spy on them selves?

AlexC_ - Counter Intel? It all sounds a bit spy novel, but heck, it happens.

Do you just love pulling random facts out of the air and spreading them around?

Some people are best ignored, only problem is other might believe them.

Here is just one link, http://www.terrybollinger.com/index.html#dodfoss

I am merely an average user, and wonder how many users out of 100 could ever find SELinux, much less comprehend what might reside in its guts, or figure out how susceptible it might be to the prying eyes of any state security agency.


Who cares how many average users out of 100 could do this - the point is that people who ARE interested in this and ARE capable of investigating this code HAVE done so and nobody has come out and stated there are any NSA backdoors.

My computer is more secure due to the NSA's involvement in this work and quite frankly, I have no reason to worry about the NSA or any other foreign intelligency agency snooping on my computer when there are much greater threats for me to concearn myself with.

So you are trying to tell me that the NSA can acces my computer whenever they want?
*unplugs l.a.n cable*
Without the internet I don't think so...
I never knew that the NSA used Linux!

So you are trying to tell me that the NSA can acces my computer whenever they want?


We are telling you that the NSA *CANNOT* access your computer whenever they want - that's the point of the thread.

We are telling you that the NSA *CANNOT* access your computer whenever they want - that's the point of the thread.

Cannot if you are using Linux, most probably can if you use Windows.

I never knew that the NSA used Linux!

That and flavours of BSD and Unix as well.

I remember a article/white paper by a US gov. dept. from years ago where they stated that the only way to reach a certain security level with a windows server (think it was NT) was to unplug it from the network.

is selinux needed to run a secure ubuntu machine? If not, can it be taken out without damaging the machine? If not...why not?:-k

I see on the web tons of bravado, posturing and just plain rude jackass behavior when questions like this are asked. Wow! what courage. Hiding in your anonomous lair...waiting to show the world ( or at least a forum or 2 ) how much of a fool you really are.:p

Questions are not dumb nor should they be handled with such ignorance. If there is nothing but insults and crap issuing from your pie hole....shut it. Please.;)


dawhislter

Do you just love pulling random facts out of the air and spreading them around? Last time it was 3/4 of the Linux population use KDE and now it's the entire US government use Windows? Please, do some research before posting things like this.

If, the US Government did use Windows they would have nothing to worry about. It's the government and NSA that could, can and most probably have spied on Windows PC's - not the general public spying on the government! So why would they want to spy on them selves?

If you read what you quoted, he didn't say the "entire US Government" uses Windows. He said, "US govt uses Windows themselves". He's correct. They use Linux and BSD too, to be sure, but they also use Windows. I have two Linux boxes and a Windows box. That means I "use Windows", but it doesn't mean that I don't use Linux.

is selinux needed to run a secure ubuntu machine? If not, can it be taken out without damaging the machine? If not...why not?:-k

I see on the web tons of bravado, posturing and just plain rude jackass behavior when questions like this are asked. Wow! what courage. Hiding in your anonomous lair...waiting to show the world ( or at least a forum or 2 ) how much of a fool you really are.:p

Questions are not dumb nor should they be handled with such ignorance. If there is nothing but insults and crap issuing from your pie hole....shut it. Please.;)


dawhislter

AFAIK, SELinux is not in Ubuntu. Anyway if it was, it would _not_ matter. Read my post I made a page back:

Barney,

The NSA has had direct input that has helped secure the Linux kernel and SELinux (correct me if I'm wrong someone!) So this means that every Linux distro out there is using a kernel that has had NSA input, no distro is free of any NSA code.

However, since Linux and SELinux are open-source we can see what the NSA has done and can check if there is any code that could let the NSA, or anyone else, spy on us. Do you really think the kernel devs would accept something from the NSA that would spy on people? No.

There is _nothing_ to worry about, you're privacy is still safe, no one is spying on you. The problems comes with the NSA help "secure" closed-source programs, such as Windows. It is far far far easier for them to add code that could, and can, allow them access as no one will ever see what they have added (The public, I mean) and so they can spy on people without them knowing (Well it wouldn't be spying otherwise :P)

This thread has got so many people worried over nothing. SELinux and Linux are open source, they are both peer-reviewed by many many expiranced programmers around the world. Do you think they would accept something from the NSA that would put your privacy at risk? NO.

Edit: @irish_flu, woops misread that, sorry ffi. But my point still stands, why would the US government want to spy on them selves =)

Thanks AlexC,


I understand that it is NOT something to worry about however doesnt it seem that these threads go on for too long over tangents from the original questions?

Personal feelings and opinions aside these forums would be a lot less of a hassel and more helpful if we would all just stay on track.

The formula would be...

Ask question,

Receive pertenant answers,

Understand, learn, grow,

Help the next person wanting to learn.

:)

Thanks for the help youve given...Ive learned alot.


dawhistler

Edit: @irish_flu, woops misread that, sorry ffi. But my point still stands, why would the US government want to spy on them selves =)

There's no need to be sorry friend, I was just pointing it out. :)