[SGVLUG] Reverse Engineering / Analyzing the SELinux Kernel Source Code?

Fri May 19 16:56:53 PDT 2006

On Fri, May 19, 2006 at 05:30:04PM -0500, sean at seanodonnell.com wrote:

> Q?: Has anyone reverse engineered the SELinux Kernel? Or analyzed the  
> source code for possible rootkits or 'undocumented features'??

Effectively, yes.  If you are paranoid, then it is probably the only
code you *should* trust.  There is just no way for us to know if the
NSA, or any other government agency, has undue influence on any
proprietary vendor.  On the other hand, its as certain as anything can
be that they don't have any special influence with the LKML crowd--quite
the opposite, it's got more than it's share of live-free-or-die,
Libertarian, anti-gubmint types who have no intention of being dictated
to.  The NSA can't do any more than anyone else--submit code.  It gets
reviewed the same as anything else to get into the mainline kernel.

The same logic would apply to projects like OpenBSD, of course, which
has also taken US gubmint money.  I have no worries at all in either
case.

> I've always avoided using that 'hardened' kernel due to privacy  
> concerns in regards to (possible) circumvention capabilities by the NSA.

Totally unjustified, I'd say.  If you ever trusted any proprietary OS
for anything whatsoever, then you're *nuts* to worry about SELinux.

> I don't know enough about kernel programming in general to determine  
> whether or not such circumvention is even possible, although I assume  
> it would be.

If it were, the last thing in the world any sane spook would do is
publicly release the code and acknowledge the source, as SELinux was.
The last thing in the world you want is attention for *precisely* that
reason--people will look even more closely at what you did.  It would be
an incredible blunder.

The best way to go about it, and I don't actually believe this would
work either mind you, is to hire people with the skills to become kernel
hackers and rise in the meritocracy.  After enough years (these are
people who we can assume are paid to work full time on their OSS street
cred, so they're doing a lot of work), they become subsystem maintainers
and are the ones responsible for accepting patches into the tree.  Then
you slip in your backdoors.

The problem with this is that you still have lots of people poring over
the code, you can't work in secret.  The NSA's best bet would be to hire
people good enough to do for real what this contest asks for just for
fun:

http://www.brainhz.com/underhanded/

and write code whose vulnerabilities look like an innocent oversight.

Mind you, it would surprise me if the NSA didn't know exactly what goes
on with Linux, and OpenBSD for that matter.  (They should take a special
interest in OBSD since crypto is an OBSD specialty and the NSA is the
world's leader in crypto--well, if they aren't, they're incompetent at
it).  That's the thing about openness--they're welcome too, and if they
send in patches (I'm sure they do, since they use it) that pass review
that's fine too.  There isn't anything magical about the NSA--their code
means the same as everyone else's and is reviewable just as easily.

You may be happy to know that there was a case of someone trying to slip
a backdoor into the kernel sources, and it was caught very quickly.
There are copies of the original kernel thread out on the net, but here
is a Register writeup at least:

http://www.theregister.co.uk/2003/11/07/linux_kernel_backdoor_blocked/

so the system was proven to work at least once.

Dustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.sgvlug.net/pipermail/sgvlug/attachments/20060519/ac144f11/attachment.bin