NSA Has Code Running In the Linux Kernel And Android

by - 8 years ago


The saying “how deep does the rabbit hole go” has never been more appropriate with regards to NSA speculation as everyday people seem to pull up something new. With the USA’s National Security Agency, or NSA, in the spotlight recently over the whole PRISM saga, it seems to have made pretty big news everywhere. Now it emerges that the NSA has code running in both the Linux Kernel and in Android. Though this isn’t anything new, as it has been known since 2003, it has only just come to mainstream public attention.

The NSA had an active role in developing SELinux, that is security enhanced Linux. I am sure it won’t be long before sceptics pull the “Surveillance enhanced Linux” out of the bag.

The SELinux project was merged into the Linux Kernel back in 2003 meaning it is present in all Android and Linux distributions available today. The tool is an implementation of mandatory access controls for the Linux distribution. It is described below:

SELinux is a security enhancement to Linux which allows users and administrators more control over access control.

Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications.

SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication (IPC).

Not being a very Linux educated person I can’t really comment on the likelihood of SELinux being a backdoor. However, I can point out that people have speculated SELinux is an NSA backdoor to all Linux and Android devices. On the other hand other people have rubbished those claims stating that with Linux being an open source operating system there is no way such a backdoor could have existed unnoticed. Furthermore all source code for the NSA’s SELinux project is open source and available for examination.

What are your thoughts on this?

Image courtesy of Linux

Article Index

Author Bio

35 Comments on NSA Has Code Running In the Linux Kernel And Android

  • Avatar d6bmg says:

    We all know that, partially.

    • Avatar Wayne says:

      We do? Oh well, I must’ve missed the bus. I’m no Linux expert.

      • Avatar d6bmg says:

        ^^ Fedora/Red-hat forums have some old discussions related to this topic. You can classify them as speculation. But when we think from where part of the development cost comes, we can assume a lot of things – one being this.

  • Avatar Alexander Mityunin says:

    You exaggerate a lot. In Linux, can contribute to anyone if it would be useful to the community. There is a code from Microsoft, so what?

    By the way SELinux which is used quite a bit. By default, only in products Red Hat (including Fedora).

  • Avatar Grammaticus Prolongicus says:

    It’s “could have” not “could of”.

  • Avatar Vivek says:

    Stupid hypothesis – Kernel developers can smell the tiniest rat – So many eyeballs on the code – No one can sneak in large backdoors into Linux

    • Avatar Klimax says:

      Considering the way they treat security vulnerabilities* unlikely. Also I doubt there are really many eyeballs, much less the ones being able to spot vulnerability. (Too few experts in that area to begin with) And claim of “m,any eyeballs” is frankly myth. Nobody has time to go over large code, much less to validate and audit it – assuming they¨d even have necesary knowledge and experience.

      * http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/

    • Avatar azbest says:

      maybe its a propaganda made by the nsa. they are sad, psychically derailed people, so you can expect only the worst from them. the list of crimes they are commiting is far from over, i believe. it feels almost like a complete end of law. lawl.

    • Avatar inopungbish says:

      I want to believe what you’re saying, but I can’t just go on a hunch that “somebody would have noticed by now” if it was malicious code. How many people do you know personally that have sifted through every single line of code to see if there are any holes? You can’t just assume that somebody would. Are there any companies, organizations, independent groups, individuals that have staked their reputation and money on a claim that they have reviewed all the code and confirms it is “clean”? Until then I remain skeptical.

    • Avatar Christoph Husse says:

      Really? Maybe if you declare “No one” to be the average developer. NSA certainly doesn’t apply here. There is only one certainty, they have the knowledge, time and resources to engineer the most ochestrated backdoor ever into something like a linux kernel. A little very tiny bug here that does nothing on its own a bug there and there and then all together by some strange weird attack pattern start opening a door there or here… whatever. You would be pretty naive to believe that OpenSource does mean there can’t be backdoors. The effort is certainly much higher than telling Microsoft to just add one, but its far from impossible no matter how many eyes look over the code.

  • Avatar Aranjedeath says:

    It’s really unfortunate that you’d publish this. You even said you don’t know enough to comment, so please don’t. SELinux is what allows all of the shit-tier mass hosting providers to put thousands of sites on the same box without issues. It’s not impossible to bypass, but it’s not easy either. Because it’s just an access control system, it’d be pretty fucking hard for it to be a “backdoor”. Maybe if you’ve already got shell on the box, but that’s a given. It’s very hard to secure anything if someone already has proper access.

    • Avatar Ryan Martin says:

      The article doesn’t state that SELinux is a backdoor, my opinion is not that and my article does not state that opinion. It states both sides of other peoples’ opinion on SELinux, one which says it is a backdoor and one which says it isn’t a backdoor but a legitimate piece of code. All you have to do is read the title to see what the article is about. There is no opinion here so commenting as if there is shows you have not read it properly.

      • Avatar David Landry says:

        There’s not ‘two opinions’, there’s the fact that SELinux is open source and well audited, and the ignorant uninformed opinion that it’s a backdoor.

        Look, I’m as paranoid as anyone about the NSA and what they are possibly doing to subvert democracy and freedom, but if there is anything that the NSA did that actually benefited the security of the Internet for ordinary people and businesses, this is the thing that I’d point to.

      • Avatar Aranjedeath says:

        I’ll give you the benefit of the doubt, but the time of day is given to SELinux as a backdoor. One paragraph of “SELinux could just be legit code” and the rest of the article weighs on the other side. I don’t see that as balanced. Talking about one side of an argument and a solitary nod to the other side at the end doesn’t cut it, for me.

        I read the article, not the title. Titles grab pageviews. A balanced title does not a balanced article make.

        Please please please do not spread further fud {fear, uncertainty, and doubt}.

  • Avatar Pooter says:

    I came upon this site asking a simple question. Can this be built into the hardware that all or most computers use. Able to backdoor in from the bios or the Nic.

  • Avatar Pooter says:

    I mean if I was NSA or anyone else, I would do the hardware approach to gain access. You wouldn’t even know the hardware was calling daddy. Has anyone looked into the hardware?

  • Avatar Pooter says:

    I myself don’t trust the hardware at all, as it is very easy to embed code into it. I don’t know if you all remember the old Amigia computers but they didn’t need drivers for the hardware as it was all on board within the boards. Yea I am a geezer.

  • Avatar cortup says:

    Use a different Linux OS (distro) instead of the one above. You’ll be MUCH SAFER.

  • Avatar cortup says:

    More and more folks are leaving Windows and going to Linux. Perhaps this is a scare to those folks who want to leave the world of MS’ products of “open back doors”. There are HUNDREDS of different distros out there to check out and find the right one for each person so I don’t see a threat at all here.

  • Avatar Scott Thompson says:

    Oh please for god’s sake, the back-door has always been in the Crypto_API not in the security enhanced contexts!

    cd /etc/security/cacerts

    They hastily removed the one marked DoD and replaced it with another one. If you want privacy, learn about x.509 security certificates and why your X-Display && X-Terminal does this: stty
    speed 38400 baud; line =0; commands interupt, erase, kill etc && etc.

    Remember most servers Run headless.. ie: no x-display now can you tell me why?

  • Avatar Scott Thompson says:

    The answer is simple, dont run X or remove the PKI belonging to the corperations that operate on the ICANN network, thusly you can create a totally new network, not dependant upon COMMODO, SYMANTIC, MICROSOFT. If there PKI is not on your machine then obviously they can not get in! Hence most hobby operating systems, like ones for the Amiga, RISC OS, etc do not support the Crypto_API library or taking over the damned display.

  • Avatar Scott Thompson says:

    According to some security researchers the SSL function was all just a bit of a hand wave – Hand wave my ass!

  • Avatar Scott Thompson says:

    NSA’s arguement: we’ve only been doing this since the Bush Administration

    My interpritation: Then why was the NSAKey.dll in Windows 95 OS2 shortly after Richard Nixon had office?

    • Avatar Micheal Martin says:

      You are an idiot. Windows 95 OS2 … that doesn’t even exist. And Even Windows 95 or OS/2 didn’t exist after Nixon took office… you are a moron!

    • Avatar Micheal Martin says:

      You are an idiot. Windows 95 OS2 … that doesn’t even exist. And Even Windows 95 or OS/2 didn’t exist after Nixon took office… you are a moron!

  • Avatar Scott Thompson says:

    You guys are all itching to figure out how to hack them back, well that’s easy – evilOLive let me explain OLive is a fucntion built into Plan 9 from Bell-Labs it’s primary feature is being able to pull or push to any X compatible device simply by using the x.509 so if your all itching to know how they’re doing it. Well all you need to do is copy and past your entire folder in /etc/security/cacerts and now load those x.509 Root PEM’s into it and let it chop some android devices.

  • […] 著名的MAC(强制访问控制)开源实现SELinux是由NSA(美国国家安全局)于1990年代末发起的项目,于2000年以GPL自由软件许可证开放源代码,2003年合并到Linux内核中,过去10年中关于是否NSA在其中放后门的争论没有停过,一些人认为应该信任SELinux,因为它是以GPL自由软件许可证公开的源代码,也有人认为它是NSA参与过的项目,所以不应该信任。2013年Snowden曝光棱镜后更多的人极度的不信任NSA,认为NSA有对Android代码植入后门的前科,所以应该怀疑所有NSA积极参与的项目包括SELinux。 […]

Related Posts