Linux: unfit for national security?

Electronic Engineering Times ^ | 19 April 2004 | Charles J. Murray

[TheEngineer]

Linux ping!

[rdb3]

The Penguin Ping.

Wanna be Penguified? Just holla!

Click me!

Got root?

[martin_fierro]

[rangerX]

It sounds like these highly qualified folks haven't heard of SE-LINUX, which the NSA is dealing with, pretty much to get rid of these security problems. It seems to pretty much deal with any of the security issues they have raised.

[George Smiley]

They run something a little bit more reliable on JSTARS.

See the next-to-last paragraph in the article.

:^)

[TheEngineer]

It sounds like these highly qualified folks haven't heard of SE-LINUX, which the NSA is dealing with, pretty much to get rid of these security problems. It seems to pretty much deal with any of the security issues they have raised.

Which specific folks are you referring to?

[Pylot]

This is fodder for those who don't know.

No OS is any safer than its administration and physical position in the networked universe. Everything has vulnerabilities.

[B Knotts]

It boils down to this: unless you have written your own compiler, and/or completely reviewed the source code for your complier, and bootstrapped it and compiled it yourself, before compiling your kernel, system tools and application code, you are always at some level of risk.

And, if you're going to go to that level of silliness...how do you know that aliens haven't hit you with mind-control rays, causing you to write an exploit-generator into your compiler?

[Knitebane]

It sounds like these highly qualified folks haven't heard of SE-LINUX, which the NSA is dealing with, pretty much to get rid of these security problems. It seems to pretty much deal with any of the security issues they have raised.

These highly qualified folks have set up a straw man argument in order to support an agenda.

Gene Spafford is a longtime Open Source detractor. When it comes to Open Source, I wouldn't take his word that day is light and night is dark.

The gist of the article is correct, but in all the wrong ways and it fixes the problem incorrectly.

The SE Linux patches are great. I still wouldn't run Linux where lives were on the line.

The problem isn't so much one of security, it a problem of stability. And while Linux is head and shoulders above other popular operating systems, it's very complex and tends a bit much toward the bleeding edge.

This is necessary in order to support new technologies such as SATA, wireless networking, Bluetooth and others.

In order to work perfectly every single time, you need stability, and generally that implies simplicity and extensive code review.

For life-and-death systems, OpenBSD is an acceptable choice for Open Source. For non-OSS, QNX is also acceptable.

But asking Gene Spafford about operating system recommendations is like asking PETA about a steakhouse menu.

[TSgt]

"And, if you're going to go to that level of silliness...how do you know that aliens haven't hit you with mind-control rays, causing you to write an exploit-generator into your compiler?"

LOL!

I'm in the military and some of our equipment runs on embeded Xilinx.

[rangerX]

The folks that are claiming that LINUX isn't any good for high security applications. Particularly in the case of LynxOS, I think they are being rather disingenuous, since they claim that a linux binary will drop right into their OS. Technically, I suppose it might, if you had the same processor when you compiled under linux as you intend to use on the embedded application. We haven't been able to get a linux binary to drop in on LynxOS yet. I think these guys (RTOS vendors) might be just trying to maintain their business base, which LINUX is threatening. A lot of government weapon systems programs are taking a hard look at using LINUX instead of the RTOSs like VxWorks and Lynx.

[B Knotts]

I forgot to mention that my discussion didn't even take into account the possibility that a special case was written into the processor core to modify /bin/login to be exploitable whenever it is compiled. </tinfoil>

[general_re]

Gene Spafford is a longtime Open Source detractor.

Garbage. Spaf is hard on all operating systems when it comes to security, and OSS is no different in that regard. Turning that into him being a "detractor" of OSS in particular is pretty much a sure sign of fanboyism.

[TheEngineer]

The folks that are claiming that LINUX isn't any good for high security applications [haven't heard of SE-LINUX].

You don't think Purdue University professor Eugene Spafford (IEEE Fellow) and Cynthia Irvine of the Naval Postgraduate School have never heard of SE-Linux? Pretty doubtful.

Particularly in the case of LynxOS, I think they are being rather disingenuous, since they claim that a linux binary will drop right into their OS. Technically, I suppose it might, if you had the same processor when you compiled under linux as you intend to use on the embedded application. We haven't been able to get a linux binary to drop in on LynxOS yet.

Who cares? That isn't even remotely related to this article.

I think these guys (RTOS vendors) might be just trying to maintain their business base, which LINUX is threatening. A lot of government weapon systems programs are taking a hard look at using LINUX instead of the RTOSs like VxWorks and Lynx.

That doesn't explain why an independent researcher like Spafford is speaking out...

Spafford, an IEEE Fellow who has testified before Congress on matters of national information security, urged the programming community to get past issues of cost, corporate politics and technological "religion" when dealing with matters of national security.

[antiRepublicrat]

This whole security concern is of course total BS. Why not go on facts? There are other small-footprint real-time operating systems out there that are designed for these environments. Linux is being molded to that function, and is working in many cases, but it won't necessarily be the best OS for all jobs. For example, Linux uses preemptive multitasking, while the OS on the Mars rovers doesn't. Not having the preemptive multitasking overhead helps that OS achieve extremely fast context switches in order to better deal with real-time information processing.

OTOH, them having to resort to FUD is clear evidence that Linux is starting to be able to fulfill the embedded defense devices role quite well.

[Nick Danger]

"What concerns me is that people have heard Linux is secure and they are starting to use it in tanks and bombs and planes," O'Dowd said.

I laugh in his general direction. Here is a guy who sells a secure real-time OS. He has figured out that he can get non-defense trade journalists to write about his company and his product if he tosses the word "linux" around a couple of times. That is the only reason we see this article.

No one in the defense community is going to say, "Yeah, let's try Red Hat for the flight control systems on the F-22." That is ludicrous. Off-the-shelf linux is not even a real-time OS; it's a multiprocessing system, which is a different thing entirely. Security aside, you don't put a time-sharing system where you need guaranteed response time to interrupts.

Sure enough, this guy found a trade journalist who doesn't know process control from Shinola, who bought the whole story about fresh-outs from Berkeley choosing the operating system for critical defense programs on the basis of sheer ignorance. Well, good for him, he managed to get Green Hills Software mentioned a couple of times in the trades.

[Prime Choice]

After reading this, I have only two comments:

1. The headline is misleading. This article clearly states that not only Linux is inappropriate for defense systems, but Windows and Solaris as well.

2. I'm surprised that Spafford doesn't consider the Immunix Cryptomark ( http://www.immunix.org/cryptomark.html ) a viable solution to his concerns.

[isthisnickcool]

The only truly secure OS is one that is running on a machine that's turned off.

[Knitebane]

Here's a Spaf rant from 2000:

http://www.linuxforum.dk/2000/slides/GeneS/GeneSpafford.pdf

And from 2002:

http://www.techtv.com/screensavers/linux/story/0,24330,3406300,00.html

And another from 2002:

http://www.esecurityplanet.com/views/article.php/1482631

He's had negative things to say about Linux security for some time.

That is not to say that he thinks Windows is any better. Rather, he's one of those old-school bearded roadapples that yearn for the glory days of proprietary Unix.

I, and several other Open Source advocates got into a rather nasty flamewar on Usenet back in '99 or so with His Eugenness. He's a typical university academic with little experience in the real world. He thinks we should all be happy with terminal access to a VMS machine.

The sad fact of the matter is that he has more of a fanboi problem than I ever will. He's married to the idea of proprietary big iron, ignoring the reality that most of them have horrendous security and a long history of unpatched bugs.

I applaud anyone that pushes security, but Spaf bashes Linux a little too often and proprietary systems a little too seldom. I'm not saying that he's not right about Linux security issues, but he seems to go out of his way to put the smack on Linux without addressing the very same issues in the operating systems he holds up as secure.