[ISN] Users of SELinux now have a choice on security

[InfoSec News]

http://www.gcn.com/print/25_6/40117-1.html

By Joab Jackson
GCN Staff
03/20/06

The release of a new open-source security package has sparked debate
over how many Mandatory Access Control applications Linux really
needs, and if more than one would just dilute volunteer efforts.

Novell Inc. of Provo, Utah, recently released the source code for its
recently acquired Linux security application, AppArmor. It also set up
a project site in hopes of attracting outside developers to further
refine the program.

MAC software tackles the growing problem of applications executing
malicious tasks on their host systems. It keeps profiles of routine
actions that each application on a computer usually takes. When a
program starts behaving in an unusual fashion, the MAC software can
call on the operating system to halt that errant operation.

Novell has stressed that AppArmor is easier to use than SELinux,
another MAC program first developed by the National Security Agency.  
Novell admits that SELinux tackles mandatory access control with more
rigor than AppArmor, but questions if most users really need that
degree of protection.

"There needs to be a better way to deploy [MAC] so that the average
systems administrator doesn't need to go through three weeks of
training," said Frank Rego, products manager for Novell.

Some observers fear that the AppArmor project will fracture the
open-source development community around the demanding science of MAC.  
SELinux has a vibrant user community, with input from companies such
as Red Hat Inc. of Raleigh, N.C., Mitre Corp. of Bedford, Mass., and
Tresys Technology LLC of Columbia, Md., as well as support from NSA
itself.

"In my opinion, Novell wants to split the market," said Dan Walsh, the
principal software engineer of Red Hat. Both Red Hat and Novell offer
enterprise-class Linux distributions. "Rather than working with the
open-source community [on SELinux], Novell has thrown out its own
competing version."

Novell acquired AppArmor last May when it purchased Immunix Inc. The
chief component of AppArmor is a module that must be added to the
Linux kernel. Those who don't want to recompile the kernel can install
Novell's SuSE Linux 10 desktop Linux distribution, as well as SuSE
Linux Enterprise Server 9 Service Pack 3, both of which have AppArmor
preinstalled.

"The biggest difference between App-Armor and SELinux is in the ease
of deployment," Rego said. NSA designed SELinux to address highly
classified documents for sensitive environments, according to Rego.  
And while it executes this job well, it may be too powerful for most
everyday deployments. In fact, Rego speculated, SELinux's complexity
may have been an obstacle to wider deployment. Administrators may turn
off security privileges in an effort to facilitate smooth operations.

"Is this the beginning of the Unix wars all over again?" Walsh asked
on a blog he created to express his views on the subject.

In the early 1990s and late 1980s, different Unix vendors developed
tools and applications that would only work with their own versions of
Unix.

By introducing a second MAC application into the open-source
landscape, Novell is splintering the development community, Walsh
charged.

On his blog, Walsh also cast aspersions on the viability of AppArmor
itself, pointing out that the program is easier to use because it
doesn't control as many low-level aspects of system operation as
SELinux does - aspects that are necessary to consider when setting up
a secure environment.

At a recent SELinux Symposium held in Baltimore, many participants
disparaged the AppArmor announcement. Still, several of the
conference's presentations were of applications designed to ease the
deployment of SELinux.

In most implementations, SELinux must be configured from the command
line, which involves changing attributes in a configuration file over
70,000 lines long. Although the latest version of Red Hat's own
enterprise Linux distribution, as well as its volunteer-led Fedora
offshoot, lets users enable SELinux for the prepackaged applications,
they must write policies for new applications - or make changes to any
existing application policies - by hand.

Tresys Technology Chad Sellers said the security company was working
on a higher-level policy language for SELinux that should be easier to
understand, as well as a related compiler and an Eclipse-based
graphical user interface called Slide.

Even SELinux adherents admit it can be a tough program to work with.  
"There is a steep learning curve," Sellers said. "Once you have that
higher-level language, you could reach new users."