Security Enhanced Linux courtesy of the NSA

I have to say I had no idea that Securit Enhanced Linux (SELinux) had anything to do with the NSA. Well, I'll put that down as today's lesson learned because yes indeed, they are the genesis of SELinux! Their handy, dandy FAQ answers all the major questions and you can either get the code from them or wander over to the SELinux SourceForge project and download it yourself.

The key question in the FAQ was Does NSA have plans to use it internally? to which they answer For obvious reasons, NSA does not comment on operational uses.. When I checked their list of things remaining to be done on the SELinux project it did seem like they are bent on making SELinux an OS solution with substantial utility for real world use. You have to believe that the NSA is riddled with Windows laptops and given the never ending list of well known weaknesses they have to figure that at least some security, especially if its in their hands, is better than well, none...

Would I use SELinux? Well, maybe, if I thought it was necessary. But you know people (tin foil hatters) tend to be naturally suspicious of government agencies and will presumably suspect that there is some critical security flaw in SELinux that the NSA isn't telling us about and they have fixed in their own code, but not what the public get. Remember SELinux isn't a trusted OS it doesn't have provable security, and its enhancements are specifically design only to deliver mandatory access controls. What does that really buy me?

Perhaps the most interesting thing I took away from the NSA website was on their background page. It's a reference to their paper called The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. I wish someone would point that out every time Microsoft, or for that matter any OS manufacturer, company or entity tells us their operatioing system, application or network is secure. Remember such assertions are usually the only thing that is backing up their privacy policy and preventing our personal data from escaping their database for a well earned vacation in Eastern Europe.

So, next time you hear someone talk about security just ask them about the inevitability of failure, and what they are doing to deal with it. If they don't know about it you can tell them about the paper published by their very own government funded NSA. Just remember, if it's not Uncle Sam that's out to get you -it's your own system that's going to collapse right under you.