Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Linux Security Modules Project Update

timothy posted more than 12 years ago | from the tightly-locked-boxes dept.

Security 8

James Morris writes: "Here's an update on the Linux Security Modules project (LSM). In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel. This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities. Check out the newly re-vamped web site for downloads, documentation and general information."

Sorry! There are no comments related to the filter you selected.

before the paranoia-laden trolls arrive.... (2, Informative)

Anonymous Coward | more than 12 years ago | (#3651935)

-NSA SELinux is OPEN SOURCE! Scared about backdoors? Then read the code yourself. No time or ability? It (the code) has been audited by a third party, nothing questionable was found.

-NSA's mission is two-fold - (1) collect intelligence (2) develop secure systems suitable for military use. SE Linux falls under #2

-Why did this keep-everything-secret agency release it publicly? GNU General Public License.

-Who provides funding? American Taxdollars. Look at it as return on your income tax.

Re:before the paranoia-laden trolls arrive.... (0)

Anonymous Coward | more than 12 years ago | (#3653643)

Look at it as return on your income tax.

Let's see. $1 million for something that is not as good as OpenBSD and jail (total cost: $0.00).
I look at it as a waste of my income tax.

Re:before the paranoia-laden trolls arrive.... (0)

Anonymous Coward | more than 12 years ago | (#3655924)

You're a hypocrit. You think nothing of spending $1M on a new jail (cost more than that anyway) yet you think that SELinux is a waste of money? I don't know what OpenBSD is (Open BuSteD maybe?), perhaps some type of new way of humiliating people when they're arrested? Thats the problem with you Rush Limbaugh/Bill O'Reilley zealots, you just want more prisons and arrests -- cause that will solve the problem.

Hey, Mr. Reading Comprehension (0)

Anonymous Coward | more than 12 years ago | (#3660996)

Didn't you look at the cost? jail is free, well under your $1 million estimate.

OpenBSD for me. (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3652222)

Thanks, but no thanks LSM.

Government Using Linux More Often (1, Interesting)

Anonymous Coward | more than 12 years ago | (#3655534)

It seems like everyday more and more Governments are using Linux as a solution to their computing needs. Checkout what the NSA is working on [nsa.gov] for Linux (including source). EVEN the US government is using Linux ( micro$oft home base) is located !!
Here's an intresting article [wired.com] from Wired [wired.com] that covers Linux use expansion into governments. Finally the government is waking up to the fact that our tax dollars do not havto goto those greedy bastards.

Auditing (1)

RedPhoenix (124662) | more than 12 years ago | (#3655926)

Unfortunately, at this stage, LSM doesn't yet have the hooks to support C2-style auditing, although Crispin and I have exchanged a few ideas about this in the past.

For those that need this capability, have a look at SNARE - http://www.intersectalliance.com/projects/index.ht ml

Snare operates by intercepting system-calls at the moment, but the goal is to integrate into LSM in the future.

Re:Auditing (1)

RedPhoenix (124662) | more than 12 years ago | (#3656295)

Note though, that a facility to support auditing modules (like Snare hopefully!) is being worked on.
- see this thread for more information:

http://mail.wirex.com/pipermail/linux-security-m od ule/2001-June/thread.html#897
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?