.comment: The Distribution We Need

By: Dennis E. Powell
Wednesday, October 24, 2001 01:47:32 AM EST
URL: http://www.linuxplanet.com/linuxplanet/opinions/3860/1/

Redmond Issues a Mighty... "Waaahhh!"

It's all but impossible for anyone in the Linux sphere to have missed the laughably desperate whining coming from Microsoft Corporation to the effect that the multitude of truly dangerous security holes in Microsoft products are the fault of -- those who discovered them!

By this reasoning, the crime prevention bureaus of police departments ought to be arrested and jailed, because they make it their business to point out the kinds of things that make it easy for criminals, so that those of us who do not care to become targets for criminals can take the appropriate precautions.

(I don't mean to get off on a tangent, but this latest Redmondian outrage caused me to think back and try to figure out if anything they have ever done has been moral, ethical, truthful, or even good code, and in the post-DOS era I draw a total blank. I long thought that Windows came about when the boys decided they'd experiment a little and got some LSD and then watched Yellow Submarine. But I've abandoned that view -- LSD might make you crazy, but it does not rob you of your soul. And Microsoft, as exemplified by the latest tantrum, is as soulless a place as exists on the planet.)

There's more, though, to be said, and it's about Linux.

Cyberattacks have become commonplace, and the day is not far away when we'll encounter cyberterrorism, with very critical installations specifically targeted or with very broad attacks designed to cripple commerce. Security will become not just an important feature but the most important feature in an operating system. I've long held the view that anyone using Microsoft products connected to a network connected to the Internet to store critical data is prima facie guilty of malfeasance. I do not think the day is far away when a lawsuit will list the use of unsecure Microsoft software among the allegations justifying the payment of damages, and I think there is sufficient evidence to make it stick. In a danger-free world, you could get away with Microsoft software, but today you cannot, any more than you can sniff up the powder in the bottom of an envelope that came from location unknown.

The alternative is, really, Linux. But Linux, as distributed, is not all that it could be. Distributions have gotten much better about turning off unneeded services that used to be shipped on by default, and distributions are very good, as a rule, about getting out security updates.

We're in the midst of upgrade season right now; Red Hat 7.2, a worthy contender but for its insistence on putting things where they don't belong (desktops in /usr), has already found its way onto some machines, and SuSE 7.3 is said to exist somewhere, though not here yet, which is why I'm not writing about it this week in this space.

The spring round of upgrades promises to be even better, with KDE-3.0, 3.01, or 3.1, Qt-3.x, KOffice with good filters and WYSIWIG, a new and improved version of StarOffice, the latest barely functional Mozilla, and whatever the GNOMEs are doing, which should be 2.0 or better. (No, this is not a flame against GNOME -- I'm simply not following all that closely what they're up to -- so hold your water.)

And recent events cause me to think that by spring someone will have produced a hyper-secure Linux. Not that goofy H-P idea of a secure Linux for, what, $3,000, but plain old Linux, only tight as can be.

Yes, SELinux

As you probably know, the United States Government's National Security Agency early this year undertook a project called "Security-Enhanced Linux." There are some, whose tinfoil hats are on a little tight, who immediately assume that this means Linux with all kinds of back doors and things so that the government can spy on you. They avoid the fact that this is all entirely open source stuff, available to anybody and followed and audited by kernel developers. (In my experience, those who most fear this are those in whom the government would have the least interest. If there's a real concern, it's that bad guys could make use of SELinux -- but the government has a front door for those situations: they pull up in black sedans, grab their guns, and, armed with warrants, knock down the front door.)

In fact, what SELinux does is make it impossible for a wayward or misconfigured application to compromise the whole system. Through mandatory access controls, it provides tremendous granularity in security policy, giving applications only the bare minimum permissions needed to perform tasks. There are no SUID programs; nor is there a root user. And that's just the beginning.

It allows, indeed requires, that the system administrator establish a security policy, and at its tightest SELinux is pretty solid -- more so than that you'll find on any out-of-the-box Linux. It is the first and arguably biggest step toward Linux as a trusted system.

SELinux is to a truly secure operating system as Ext3 is to other journaling filesystems -- its design goals include compatibility with existing applications and, for the most part, existing system utilities; those that don't work are patched so that they will.

In short, it's a really good idea, put together by some of the best people in the business. Anyone can download and build it into an existing Linux system. It's designed against Red Hat, but that's little matter for what I have in mind.

Pause a moment and think. Think back a couple of months, before Security was spelled with a capital s. Was there any reason, any reason in the world, why anyone would not have wanted the most secure system possible? No, of course not (but for the few apps that, with the overly broad security policies we have available now, simply would not run on a very tight machine). There having never been a reason for a wide-open box, and now there being greater reason than ever for a box that's really locked down, seems to me that there is wisdom in distributions working toward adiption of SELinux as the standard kernel or at minimum an option at install.

Indeed, in many respects SELinux can be seen as a government grant to defeat Microsoft where it is weakest. It would be plain foolish for distributions not to avail themselves of the help.

The whole thing is open and documented, complete with suggestions of areas where additional work can be done to make the system even more secure. Given the number and variety of projects on which distributions have spent money to little effect, it seems they would jump at one that has slam-dunk merit.

I hope to see the SELinux kernel, further enhanced, in the spring round of distributions. There is good reason for it to become standard.

The Coming Flood of Spam

Among the unfortunate catch phrases of 2001 that we'll remember with some bitterness is "white powder." The U.S. and other countries have fallen into hysteria over everything from household dust on up. And mail. Especially mail.

Just as high-quality humor contains a grain of truth, so does sustainable hysteria, and in this case people have died, and in a pattern that makes things worse, more uncertain.

This has led bulk mailers to say that they will be relying more heavily on the Internet to distribute their advertising. This might be a wonderful thing for ad-poor Internet sites, but it probably means that we'll see a huge increase in the amount of spam we receive. (I've already gotten spam offering to sell Cipro; I'd like to track down the guy responsible, because about a minute later he'd be off combing through his pharmaceutical supply to see if he has anything that would fix a busted nose.)

The question is -- what to do about it? I deal with two ISPs. One, which I will not name, has yet to let a single item of spam find its way to my inbox, which suggests that it can be done. The other, Earthlink, would in my estimation allow absolutely anything through, and my sense is that most other ISPs would, too. I suspect, but do not know, that they actually sell spam rights.

It's possible to filter locally, but building the right rules to do so is a nontrivial task for many. This is another project that distributions ought to underwrite, because by next spring it will be a considerable selling point, too.

If the coming months and years unfold in anything like the way it seems they will, security and protection of data integrity will be the absolute baseline requirement of operating systems. Cookies will fall into further disfavor. Spam will become a potentially crippling annoyance. Producers of operating systems that do not provide these things will be sold only to the clueless, and producers of operating systems that actually want all kinds of personal information from users will join the already long list of those invited to pound sand.

With what we already have, what we have on the immediate horizon, and a few enhancements designed to address the changing nature of computer security, Linux can become the only choice for the serious business or connected desktop user.