Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Sun Microsystems Security

Schwartz Comments On NSA/Sun OpenSolaris Collaboration 92

Posted by ScuttleMonkey from the color-me-skeptical-for-now dept.
sean_nestor writes to mention that Sun CEO Jonathan Schwartz took a bit of time recently to comment on last week's announcement that Sun Microsystems would be partnering closely with the NSA for security research surrounding OpenSolaris. Rather than the typical loads of legalese and confidentiality agreements Sun and the NSA are claiming that this move is more about the NSA joining the OpenSolaris community than anything else. I guess only time will tell.
This discussion has been archived. No new comments can be posted.

Schwartz Comments On NSA/Sun OpenSolaris Collaboration More

Schwartz Comments On NSA/Sun OpenSolaris Collaboration

Comments Filter:

  • Re:Great! I liked Solaris. (Score:3, Informative)

    by BlowHole666 ( 1152399 ) on Friday March 28, 2008 @02:33PM (#22896536)
    With Linux don't you have the source? So how can your 4th amendment rights and privacy be violated when you can just remove the stuff? Maybe the businesses are trying to make money and the government has deep pockets so they secure their software so the government will spend money on their products. It is just capitalism at work. The world is full of smart people, I am sure the NSA can not slip some nice little "feature" into an operating system and someone will not find it. Maybe just maybe the NSA is trying to make sure their shit is secure...your privacy is just fine. If you do not think so why don't you analyze it and report to slashdot how the NSA has inserted code that violates your rights. We all would love to know.

  • Re:Great! I liked Solaris. (Score:3, Informative)

    by Lally Singh ( 3427 ) on Friday March 28, 2008 @03:03PM (#22896964) Journal
    One of the NSA's directives is for helping provide security for the rest of the gov, as a bit of an expert group. Securing OSs for gov use falls in that category.

    Your NSA friends can probably tell you they're working for the NSA. They just can't say doing what.

  • Re:SEOpenSolaris (Score:5, Informative)

    by dr2chase ( 653338 ) on Friday March 28, 2008 @03:20PM (#22897248) Homepage
    [disclaimer - I work for Sun, and I KNOW that some of my friends have worked for the NSA, and I KNOW that I have relatives with security clearances. Who knows what's going on that I don't know.] As has been pointed out elsewhere, if the NSA wanted to insert backdoors in software, it is not likely that they would announce it loudly. Ditto for anyone other country's version of the NSA. There is a legitimate national security reason that the NSA would be interested in plugging holes in software that is widely-used within the US -- as bad as worms/spam etc might be, imagine how it would turn out if a nation decided to launch some sort of a cyber attack, concurrent with who knows what other action. That's bad news that we just don't need to hear. As far as the compiler goes, ab-so-lutely, be wary.

  • Re:OpenSolaris (Score:3, Informative)

    by mrsteveman1 ( 1010381 ) on Friday March 28, 2008 @06:53PM (#22900398)
    On systems that do use SELinux, the NSA isn't the one who compiled it in, the distribution did. I fail to see what avoiding SELinux like the plague accomplishes anyway, its just a mandatory access control system. It's also typically disabled at boot time anyway.

    SElinux is also a part of the mainstream kernel, so perhaps you don't trust those people either? Perhaps you should review the source line by line, because how do you know that unchecking SELinux in the config REALLY removed it from the final binary? Maybe they are tricking you!

    Your compiler was also compiled from source by your distribution, and you think the binary compiler that came with your distribution is subverting all code you compile?

    Yes, tinfoil indeed.

  • This isn't news... (Score:3, Informative)

    by giminy ( 94188 ) on Friday March 28, 2008 @09:42PM (#22901688) Homepage Journal
    This isn't news. .GOV helped Sun build Trusted Solaris back in the day (they also helped Hewlett-Packard develop Trusted HP/UX). The government isn't doing this stuff to be evil, and I know my saying, "Don't be paranoid," won't make anyone any less paranoid -- but really the government needs certain security features to solve its problems (such as Cross-Domain information sharing), and the commercial industry simply doesn't need that stuff. Or, at least, it doesn't think it needs it. The only way for the government to get the OS features it needs is to work with a company directly to do it, or use an open source alternative.

    Originally, .GOV decided to work with companies. Like I said, Trusted Solaris, Trusted HP/UX, and some others that I can't think of, were created. Along came Stephen Smalley and his FLASK security architecture. Linux was the first and easiest place to implement it, and the NSA spearheaded the project. You can imagine that Sun (the only vendor of an OS that supported multi-level data just a few years ago) wasn't all that happy -- .GOV pretty much promised Sun, "If you build and maintain your trusted OS, we'll keep buying licenses and hardware."

    Now that isn't so. It seems only fair to help Sun and the Solaris community in the same way that the government has helped RedHat and the Linux community: provide some resources and some know-how to make the OS do what the government wants, so as to not hand RedHat a huge government-assist...the government basically wants competition here. As a taxpayer, I can't say that I'm complaining...

    Reid

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close