Red Hat will ship an enhanced security model in the next version of Red Hat Enterprise Linux, CRN has learned. Red Hat Enterprise Linux 4.0, due out in 2005, will include support for Security-Enhanced Linux (SE Linux), according to a spokeswoman from the Raleigh, N.C.-based commercial Linux vendor.
Red Hat Plans Security Enhanced Linux Version
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
You’ll have to check the mailing lists, but I recall that Fedora Core 2 was going to include the SE Linux changes as well. Makes sense considering Fedora releases are what RHEL is going to be based on.
No rants on who makes the most secure whatever, but this is good to see and hopefully other distro makers will follow Red Hat’s lead. The way its done with SE is just flat out better than the way most linux distros operate now. Minority distro specializing in security obviously excluded. It would be nice to see the SE Linux methods become standard across all Linux distros. Lindows users will undoubtably continue to run as root 24×7.
btw if you not familiar with this whole SE thing from the article:
“According to the NSA Web site on SE Linux, the SE Linux kernel solves this problem because it has “no concept of a ‘root’ superuser and does not share the well-known shortcomings of the traditional Linux security mechanisms.”
Instead, SE Linux enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs, according to the NSA. When confined in this way, the ability of user programs and system daemons to cause harm when compromised is reduced or eliminated.”
The article says there’s no root account because a user/app is confined to specific areas of the system. But someone has to have write-access to the security policies, and wouldn’t that be root access?
Is in the 2.6 kernel as standard. You can enjoy it right now…with some additional tools, or noone has to follow redhat’s lead, because since it can be tunrned on/off from the 2.6 kernel, any distro can use it. No offence (redhat/fedora is the distro I use besides slackware), but redhat’s security track record is bad. Mostly because of bad defaults and the medium being to integrated. On the other hand with a distro like slackware one can customize the system, even easier replace daemons and stuff. Not that you couldn’t do that in redhat, but 1) its more complicated and 2) your support nill’s out.
Hi
There is a sysadmin role that would be similar to the traditional root user stuff but the enhacement is that overall access control is segregated to particular domains.
ex) bind would have access only its configuration files. so if bind is exploited only the dns configuration can be affected and rest of the system would stay safe.
a well written policy could help to keep your system more robust from security holes.
Hi
forgot to add this important info
ssh [email protected]
root password is ‘gentoo’
You can poke around this system to get an idea of what selinux is
if you want more info read nsa.gov/selinux and post your doubts here
Please, provide proof of this.
but redhat’s security track record is bad.
c’mon you know this was going to illicit strong opinions. It’s
insecure cause by default what? X isn’t listening, Sendmail only gets connections from local host. Firewall is enabled. up2date runs via cron job. What is so bad exactly? portmap? that hasn’t been remotely exploited since what.. 1999? turning off services is the second thing I learned after how to load X on linux. I spider security bulitins from about 20 security sites so I know generally when an exploit is first announced and who’s first to release a patch, and Red Hat is usually first and always in the top 3. for instance the lates gaim exploit Red Hat and slackware had fixes available on the 26th
gentoo got to it on the 27th.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3981.html
Mandrake was on the 30th http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA…
SuSe was on the 29th
http://www.suse.de/de/security/2004_04_gaim.html
Debian was Feb 5th
http://www.debian.org/security/2004/dsa-434
Russell Coker is working on integrating SELinux into Debian. Check http://www.coker.com.au/selinux/ for all the details, and http://www.coker.com.au/selinux/play.html for info on how to access the demonstration machine.
The exec-shield (http://people.redhat.com/mingo/exec-shield/ANNOUNCE-exec-shield) kernel patch is also packaged (http://packages.debian.org/unstable/devel/kernel-patch-exec-shield) but I don’t believe there’s yet a pre-built kernel image that has it applied.
Steve Kemp is experimenting with compiling Debian packages with a SSP (Stack Smashing Protector) enabled GCC, in the hopes of getting the patch enabled by default in the Debian GCC packages. This done, package maintainers could begin enabling support in their packages for this feature. Go here (http://shellcode.org/Cat/) to check on his progress.
There’s also the Adamantix project (http://www.adamantix.org) which is attempting to create a highly secure Linux distribution based on Debian. They’ve elected to use RSBAC (http://www.rsbac.org) over SELinux, and PaX (http://pax.grsecurity.net) over exec-shield, and all their packages have been built using IBM’s SSP patch (http://www.trl.ibm.com/projects/security/ssp/). Though they’re not officially affiliated with Debian, much of their work is starting to make its way into the Unstable branch.
Sometimes Red Hat does something right. Really right. This would be one of those times. I doubt that SELinux is yet a match for say “Trusted Solaris” but given time and testing, it may someday be an equal.
Now if only (my prefered OS) FreeBSD would start making some useful default security policies for their TrustedBSD MAC framework, I’d be pretty happy.
isn’t stackguard suppose to be merged into GCC 3.x?
Why is Debian working with SSP?
This has already happened in Debian and Gentoo, maybe even other distributions, Red Hat is definitely not the first. There have been security options in the Gentoo kernel for a while now and they have a “Hardened Gentoo” project that uses SELinux and reinforces security in other areas as well. Check it out:
http://www.gentoo.org/proj/en/hardened/index.xml
Adamantix (which uses Debian packages as its base, as I mentioned above) has enabled the SSP patch throughout their distribution, so it’s already been field-tested to some degree. Also, since the Adamantix developers had apparently considered StackGuard before settling on SSP, I imagine that SSP was judged to be superior in some way.
For a proper answer rather than just an educated guess, however, you’d have to ask Steve Kemp and/or the Adamantix developers.
Out of interest, do you have a link to the info re: StackGuard being merged into the GCC mainline? Google didn’t turn up anything concrete for me.
Oh okay makes sence then if Adamantix has tested it. I have not used that distro. I just hope it doesn’t have performance or compatibility impact like PaX and other Sec implementations sometimes do.
stackguard didn’t turn up anything concrete for me either, which is why I asked and tried to not make it sounds as a statement.
from Stackguards home http://www.immunix.org/stackguard.html
“We are in the process of developing StackGuard 3, intended to be merged into the GCC 3.x mainline compiler. ”
But this is old news, they’ve not said anything since June I can find.
I don’t think he ment first to care about security just one of the first to add these things into mainline distro’s not Forks. Forks were for people who NEED the security. merging into the mainline means you don’t even know you’re using a secure distro. Trusted-debian/trusted-bsd/immunix/grsec/SElinux/etc all had various problems with compatibility/performance that is why they were given thier own specific line as to not interfear. When Debian/suse/red hat/everyone has DEFAULT security policies like this that is definatly a significant thing. Example PaX is a better implementation of stack protection than is exec-shield but exec-shield doesn’t hurt performance or compatibility so it had a better shot of being merged into the kernel.
Linux on the desktop will never be as secure as Windows until its filemanagers support more than user/group/other security. Windows has had this for over 10 years now.
I suggest you do a little research.
The current versions of Samba support and preserve Windows ACLs, and Access Control Functionality is incorporated into Linux distributions by SELinux itself, actually.
“I just hope it doesn’t have performance or compatibility impact”
It does, unfortunately.
The Adamantix FAQ (http://adamantix.org/faq.html – see question 8) puts it at a maximum of 8%. The severity is compounded by the fact that, unlike SELinux/RSBAC and PaX, the performance hit can’t be removed except by recompiling. However, they say it’s rarely anywhere near 8%, so perhaps it won’t be so bad. I’d love to see some proper benchmarks, though.
As for compatibility, I’d guess it might well be a problem on the less mainstream architectures, since it doesn’t look like SSP gets much testing on them at all (http://www.research.ibm.com/trl/projects/security/ssp/statuschart.h…). But then again, that page is badly out of date…
Linux on the desktop will never be as secure as Windows until its filemanagers support more than user/group/other security. Windows has had this for over 10 years now.
This sounds a bit like a troll, but I’ll answer anyway.
As it happens, the user/group/other security model works very well in 99% of situations. Meanwhile, there are still some basic security problems with file permissions in Windows, like the fact that a simple user can hose down a system by accessing/modifying files for which he shouldn’t have access, and the fact that certain user-generated process run with Administrator privileges.
For those situations where the traditional user/group/other paradigm is less optimal, Linux has had support for Access Control Lists for a while now:
http://networking.earthweb.com/netsysm/article.php/3077971
Actually, I was referring to the fact that no open source file managers can modify ACLs. And I say that as someone who’s looked for that in a file manager for my Linux/FreeBSD systems.
Red Hat has actually gone and hired Russell Coker. I don’t know if he will be continuing his SELinux work on Debian. Check this for more details: http://www.nsa.gov/selinux/list-archive/4911.html
To the guy who said SELinux is already in 2.6 no need for Fedora: Yeah, you can turn it on in the kernel but it does absolutely nothing out of the box. Setting up SELinux system policy is a huge job and something I’d much rather have the good folks at RH do for me. They’re going to have to write a policy for every single package in Fedora. To the end user the whole thing has to be a “Want supercool security features? Y/n” during the install, or maybe not even that, just do it.
RedHat doesn’t mind its employees working on Debian in their own time, so I’m not quite sure why you leapt to that conclusion.
Besides, his Debian repositories have been updated since he posted that.
Russell Can do what he wants apparently, he offered to maintain and build a kernel for debian that includes exec-shield which was not directed by Red Hat.
http://lists.debian.org/debian-devel/2003/debian-devel-200311/msg00…
This has been known to anyone that has seen Fedora Core 2 plans and knows what Fedora represents to Red Hat. It is in no way something new.
Don’t get me wrong, its curtainly a good thing if they do it right, I have been using SELinux for a while and like it a lot. I just feel that the news of Red Hat integrating this into the mainstream distro is a little late on getting to press.
People should pay closer attention to Fedora if they want to know what the future has in store for Red Hat Enterprise Linux operating systems, and not act so surprised when Red Hat decides to state something about it.
>make current and future versions of Linux as secure as possible in light of all the security issues around Microsoft Windows, such as last week’s MyDoom virus…
Excuse me? MyDoom tricked user to execute an application- everything else after that did not require root or elevated priviledges for worm to stay on user box and spread itself.
A Linux variant of MyDoom could use user email address book to send copies of itself, could update user crontab to run itself every minute, and could easily connect to any remote SMTP server to spread itself. Where, tell me, MyDoom for Linux would need more than local user priviledges?
To put it opposite way: if Linux user can not be tricked to run worm binary- the current Linux is as safe from MyDoom variants as future Linuxes will be.
So, that was FUD- scaring Linux users to upgrade to SE Linux by referring to MyDoom on Windows.
>in a security test on a previous version of Red Hat Linux in 1999, it took only 45 seconds for a hacker to break into the system.
Well, correct me if I am wrong but I do not remember anyone from Linux backers spreading that critical information in 1999, 2000, 2001 or 2002.
What we were told is that Linux is inherently more secure from the day one. Apparently, 45 seconds in 1999 assumed to be secure enough (that was sarcasm).
Today is 2004- why can’t you finally tell us, folks, what version of Red Hat was that vulnerable, and how many servers on the Internet still run that version of Red Hat Linux because admins believed that Linux does not have bugs.
It is nice to see platform maturing. New Linux is the most secure Linux of all, and unnamed ‘previous’ version of Linux was finally admitted to be a total security disaster.
Boy, where I heard it before? Was it the M* that became laughing stock for calling its latest W* the most secure W* ever?
Excuse me? MyDoom tricked user to execute an application- everything else after that did not require root or elevated priviledges for worm to stay on user box and spread itself.
How about that backdoor access? Doesn’t installing require Administrator privileges? (Not a troll, I’m just asking the question.)
From the Symantec site:
When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
Only few internet trolls and idiots believe that Linux is inherently more secure. Everytime someone with little knowledge about Linux installs Linux, it is getting hacked few days later. The guy installs the ISOs from the internet, thinks everything is fresh. When he/she tries to upgrade the system, he/she has to download hundreds of megabytes of data to be upto date, worse than Windows. Few idiots will deny this fact, but something has to be done for this issue. Relying on recompilation is not going to make things easier for normal users. Some sort of a system that Windows offers has to be put in. This is obviously very hard to solve, but somebody has to do this if we want to see Linux on Desktops. Listening to idiots’ claims that Microsoft sucks and Linux rules do not solve these problems.
top – 14:10:58 up 22 days, 21:53, 0 users, load average: 3.80, 2.71, 1.82
Tasks: 15 total, 3 running, 11 sleeping, 1 stopped, 0 zombie
Cpu(s): 0.0% user, 100.0% system, 0.0% nice, 0.0% idle
Mem: 516412k total, 510760k used, 5652k free, 57112k buffers
Swap: 1196800k total, 5436k used, 1191364k free, 398764k cached
find: /home/httpd: Permission deniedHR S %CPU %MEM TIME+ COMMAND
13930 root 18 0 896 896 752 R 44.3 0.2 0:35.08 find
13920 root 18 0 896 896 752 D 28.0 0.2 1:45.40 find
and / is full!
cpu is at 100% and / also… not so good…
13964 root 19 0 896 896 752 R 38.0 0.2 0:15.66 find
13965 root 17 0 900 900 752 D 25.0 0.2 0:14.87 find
13933 root 18 0 900 900 752 R 20.3 0.2 1:03.44 find
13930 root 19 0 896 896 752 R 16.7 0.2 1:03.87 find
Hi
The 45 seconds was a obsolutely insecure system if you havent guessed it already and to be back on topic selinux could prevent a worm easily by segregating domains. please read the topic
if you like to play witha demo machine one with root password has been given above
Everytime someone with little knowledge about Linux installs Linux, it is getting hacked few days later.
Could you please give us your sources? I think you’re confusing this with an unpatched Windows machine that’s connected to the Internet being compromised in less than an hour.
The fact is, when you install a modern Linux distro, you are often offered the level of security you want. On higher security levels, very few (if any) network services are activated by default, so in fact there are few (if any) available ports to hack. This is in sharp contrast with Windows, which until recently had quite a few unnecessary services running out of the box that offered vulnerable entry points for hackers (such as RPC).
The guy installs the ISOs from the internet, thinks everything is fresh. When he/she tries to upgrade the system, he/she has to download hundreds of megabytes of data to be upto date, worse than Windows.
Well, this depends on the distro you’re installing. Note that most recent distros will download upgrades during installation, so that you won’t be vulnerable before getting a chance to upgrade. This is a Good Thing!
Relying on recompilation is not going to make things easier for normal users.
I don’t see what recompilation has to do with this. Installing upgraded packages or a new, more secure system does not involve recompilation.
Some sort of a system that Windows offers has to be put in.
Be more specific. What kind of system are you talking about?
You know, Windows’ security record is far from perfect – in fact, this was the motivation behind the Trustworthy Computing initiative. While the situation has improved, there are still quite a few security issues with Windows (mainly, malware of all kind). And, yes, you can install the latest patches so that your XP system is secure, but many people have indicated a drop in performance after patching up. This isn’t good.
A note to other posters: careful about this guy, he’ll claim to be a Linux user while bashing it and praising MS. If you disagree with him he’ll call you an idiot over and over again.
“Actually, I was referring to the fact that no open source file managers can modify ACLs. And I say that as someone who’s looked for that in a file manager for my Linux/FreeBSD systems.”
I’m not clear on why a developer would create such a feature. Graphical File Managers are usually built to work in their native environment. I don’t see any Microsoft tools that are built to work with the subtle features of HFS+, for example.
On the other hand there are command-line options for this. And I expect newer Samba interface tools will feature such options.
Regarding MS’s Linux lab, which is not top secret nor preparing bombs to drop on Linux developers (where do you come up with these ideas, Sam?):
http://www.theolympian.com/home/news/20030817/business/77908.shtml
By the way, did you know that it’s no longer necessary to know how to mount drives to burn CDs? In fact, it hasn’t been necessary to manually mount drives for a while, now. It’s all done automatically by the system.
I’ve got a proposition, why don’t we let bygones be bygones: you stop insulting me and attributing things to me that I didn’t say (such as the ridiculous notion that MS, though engaged in a corporate struggle against Linux, wants to bomb Linux developers), and I’ll keep my comments on the topic at hand. Specifically, I had a question for you: what system do you think is available for Windows that could enhance Linux’s security?
Guess what…Linux is not inherently more secure than Windows, and vice-versa. However, when properly locked down, both can be very secure. SELinux gives those of the penguin persuasion yet another tool to lock their boxes down.
<ontopic>
From what little I know about SELinux, it appears to be a very good idea. The ability to offer fine-grained access controls.
</ontopic>
Anyway, the reason why Linux is often considered to be more secure than Windows is that people who install it are more likely to take the time to secure it properly and not run as ‘root’ or ‘administrator’ full-time. However, any *DECENT* server admin should be able to make *BOTH* platforms relatively secure. Another thing Linux has going for it is that patches tend to get released for it sooner than Windows. (Not ALWAYS the case, but that is the tendency.)
“From what little I know about SELinux, it appears to be a very good idea. The ability to offer fine-grained access controls.”
That’s only a part of it, and a small one at that. The biggest reason is because the access controls are mandatory. Type Enforcement and Role Based Access Controls together make for wonderful security, from what I’ve read. I can’t wait to use the SEBSD (a more or less direct port) module in FreeBSD (I’ve not had the time of late).
I can’t wait to use the SEBSD (a more or less direct port) module in FreeBSD (I’ve not had the time of late).
This is available for FreeBSD too?!!!!
*cleans up drool*
I’m going to have to look up more information about that one. I happen to be one of those overly-paranoid security types, and the more I read about this, the more exciting it is for me. I know, I know, I need to get a hobby.
Thanks Kingston.
One afterthought for the above post…why doesn’t OpenBSD have these features, or is it in the works? This seems like the kind of thing that Theo would be all over. Maybe that SEBSD thing you spoke of works for Open- and NetBSD as well?
“why doesn’t OpenBSD have these features, or is it in the works?”
Not so far as I know. I’m looking for the link, but I recall reading an email from de Raadt saying that he’ll not incorporate it as it leads to a system that “can’t be administrated.”
As for SEBSD, here’s the most relevant link:
http://www.trustedbsd.org/sebsd.html
It’s in development, but no more unstable than SELinux itselft I’ve heard. I wish I could say for sure though.
SEBSD currently only works for FreeBSD, but there’s also a port of the TrustedBSD MAC framework to Darwin.
http://www.trustedbsd.org/sedarwin.html
I can see one for DragonFly in the near future, though probably not by the DragonFly folks (Matt seems hell-bent on using his (admittedly cool) VFS work for extended security capabilities).
Hope that helps…
Before I forget, here is some information about some of the technology involved from the Secure Computing people (they developed and (ick) hold patents on the Type Enforcement components of SELinux/SEBSD/SEDarwin)
http://www.securecomputing.com/index.cfm?sKey=738
It’s informative at any rate, and worth reading.
I couldn’t understand the question exactly, but I like Microsoft update system. It checks for updates, critical stuff and then alerts me. That’s something nice.
You have that in recent Linux distros. In Mandrake it’s called MandrakeUpdate and it checks for vulnerability and bug-related updates on official repositories, asks if they should be install, then downloads it and installs it upon confirmation. Very useful.
The problem though is that, who is going to serve the updates? Which servers? Who is going to pay the bills. Furthermore, who is going to make this whole thing work.
There are a variety of servers available to the distro makers. May I suggest that you give Mandrake a try? It seems a lot of your concerns are being adressed by the latest versions of the distro.
Here are some tips for being more to the point. Microsoft’s software runs only on Windows. The guys do not make the extra effort to make sure that the software you build for Windows runs on different platforms.
Actually, that’s not quite true: some MS software does run on other platforms, i.e. Macintosh. You can also run MS Office and a couple of other MS products on Linux through Wine/Crossover Office. But you’re right that they’re purposefully not publishing it on Linux, saying that it would be “too complicated” or some other nonsense.
Now, I understand that you seem to be passionate about these things, but let me give you some advice:
a) don’t be so quick to call people idiots, as you may find that it greatly hampers your credibility
b) try not to mix international politics and computing on this site, as you’ll be quickly modded down