Linux Gets Security Boost from NSA

The U.S. National Security Agency (NSA), also known as the codemakers and codebreakers cryptologic division within the Department of Defense, has helped to harden Linux with newly-released Security Enhanced Linux (SELinux) kernel modifications.

The latest release, which updates the base kernel to 2.6.3 and 2.4.24, contains numerous significant improvements to security in the open source operating system. The SELinux improvements mark a major breakthrough for Linux. Because of the NSA's contributions to the kernel, the new security features will now show up in mainstream distributions of Linux.

"Conditional policies are significant and also networking hooks were added, which makes SElinux all that much more powerful," Joshua Brindle, hardened Gentoo Linux Project Leader and a listed contributor to NSA's SELinux, told internetnews.com.

"They also exported AVC (define) controls to userland to facilitate strong X-based access control and privilege separation," he added.

SELinux was released by the NSA under the GNU GPL open source license. SELinux is essentially a Linux Kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls.

"SELinux is important because mandatory access controls are essential to limiting access to daemons and users to only what they need. It also solves the age-old almighty powerful superuser problem in Linux," Gentoo's Brindle told internetnews.com.

"We stress however that it isn't an end-all solution, that it must be combined with additional layers of protection."

The link for this article located at InternetNews.com is no longer available.