On Thu, 12 Sep 2013 08:57:55 +0800, Steve Wray said: > In some cases it could be quite difficult to disengage from NSA-influenced > projects, eg selinux. So far as I can tell this is pretty much everywhere > now. Redhat embraced it ages ago, its been integrated in the kernel since > 2.6, so how do we opt out of selinux? Well, given that SELinux *did* come out of the NSA, but has had tons of code review of the base code (which isn't really all that much) and the actual policy files (which is where I'd hide a backdoor, they're a lot more obscure than the actual kernel code), by lots of people who would have *loved* to be the one who caught the NSA doing something underhanded, I think you're barking up an entirely incorrect tree. Sure, there *may* be a backdoor in there even after over a decade of outside review and several code overhauls by non-NSA people. But as Bruce Schneier continually tries to remind us, security is tradeoffs. What are the chances that the NSA will be targeting *your* box with a code exploit? What are the chances that *any hacker other than the NSA* (Chinese, Russian, bored script kiddies in Boise Idaho, whatever) will target your box with a code exploit? Which one do you want to be defending against? Yeah. It's far more likely that even with a hypothetical backdoor, SELinux will more likely stop some other attacker than it will let the NSA in. (For bonus points, the fact that SELinux is applied as a restrictive MAC after the standard unix permissive DAC means that it can't give any access you wouldn't have had *anyhow* if SELinux was entirely removed - about the only way to leverage it into a compromise is to find a buggy userspace program that misbehaves when you *remove* access, similar to the Sendmail setUID bug from some years back). Now, if you want to actually do something *USEFUL* to secure your RedHat box, there's something you can do to minimize your attack surface against an attack we *KNOW* the NSA is doing. In other words, rebuild your damned OpenSSL so that the RedHat-supplied .spec file doesn't intentionally go out of its way to disable elliptic curve DH. Google can deploy perfect forward security all it wants, it won't do you squat unless your end plays along. Patch attached. It's about 43 times larger than it really needs to be, except that turning on ECDHE also means you have to disable FIPS mode, because the FIPS self-test is insanely brain-dead and checks that your crypto library has *ONLY* FIPS-approved algos in it - and EC isn't on the list. Somebody figures out how to get EC and FIPS to co-exist, feel free to post an improved patch. Patch is against current Rawhide, but if you're clever enough to think about turning off SELinux, you should be able to fit it onto any release of OpenSSL recent enough to be safe to use.... And if you have a webserver, apply the matching patches for the server end. There's patches out there for both Apache and nginx. Oh, and if you use Firefox, you may want to go into about:config, enter 'rc4' on the filter line, and turn all of them off, and only re-enable one if you hit a website that is mandatory for you to use, and it insists on rc4 rather than AES or something else less totally borken than rc4.
--- openssl.spec.dist 2013-09-07 11:36:34.662974973 -0400
+++ openssl.spec 2013-09-07 12:03:56.205763826 -0400
@@ -26,8 +26,8 @@
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
-Source: openssl-%{version}-usa.tar.xz
-Source1: hobble-openssl
+Source: openssl-%{version}.tar.gz
+#Source1: hobble-openssl
Source2: Makefile.certificate
Source6: make-dummy-cert
Source7: renew-dummy-cert
@@ -55,22 +55,22 @@
Patch36: openssl-1.0.0e-doc-noeof.patch
Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
Patch39: openssl-1.0.1c-ipv6-apps.patch
-Patch40: openssl-1.0.1e-fips.patch
+#Patch40: openssl-1.0.1e-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1a-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
Patch51: openssl-1.0.1e-version.patch
-Patch56: openssl-1.0.0c-rsa-x931.patch
-Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
+#Patch56: openssl-1.0.0c-rsa-x931.patch
+#Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
Patch60: openssl-1.0.0d-apps-dgst.patch
Patch63: openssl-1.0.0d-xmpp-starttls.patch
Patch65: openssl-1.0.0e-chil-fixes.patch
Patch66: openssl-1.0.1-pkgconfig-krb5.patch
-Patch68: openssl-1.0.1e-secure-getenv.patch
+#Patch68: openssl-1.0.1e-secure-getenv.patch
Patch69: openssl-1.0.1c-dh-1024.patch
Patch71: openssl-1.0.1e-manfix.patch
-Patch72: openssl-1.0.1e-fips-ctor.patch
+#Patch72: openssl-1.0.1e-fips-ctor.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch
@@ -155,7 +155,7 @@
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
-%{SOURCE1} > /dev/null
+#%{SOURCE1} > /dev/null
%patch1 -p1 -b .rpmbuild
%patch2 -p1 -b .defaults
%patch4 -p1 -b .enginesdir %{?_rawbuild}
@@ -174,25 +174,25 @@
%patch36 -p1 -b .doc-noeof
%patch38 -p1 -b .op-all
%patch39 -p1 -b .ipv6-apps
-%patch40 -p1 -b .fips
+#%patch40 -p1 -b .fips
%patch45 -p1 -b .env-zlib
%patch47 -p1 -b .warning
%patch49 -p1 -b .algo-doc
%patch50 -p1 -b .dtls1-abi
%patch51 -p1 -b .version
-%patch56 -p1 -b .x931
-%patch58 -p1 -b .md5-allow
+#%patch56 -p1 -b .x931
+#%patch58 -p1 -b .md5-allow
%patch60 -p1 -b .dgst
%patch63 -p1 -b .starttls
%patch65 -p1 -b .chil
%patch66 -p1 -b .krb5
-%patch68 -p1 -b .secure-getenv
+#%patch68 -p1 -b .secure-getenv
%patch69 -p1 -b .dh1024
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports
%patch71 -p1 -b .manfix
-%patch72 -p1 -b .fips-ctor
+#%patch72 -p1 -b .fips-ctor
%patch83 -p1 -b .bad-mac
%patch84 -p1 -b .trusted-first
@@ -249,9 +249,9 @@
./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
- enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh no-ecdsa
no-srp \
+ enable-cms enable-md2 no-mdc2 no-rc5 \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
- --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
+ --with-krb5-dir=/usr shared ${sslarch}
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
@@ -291,11 +291,7 @@
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
- %{__os_install_post} \
- crypto/fips/fips_standalone_hmac
$RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version}
>$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.%{version}-%{release}.hmac \
- ln -sf .libcrypto.so.%{version}.%{version}-%{release}.hmac
$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.%{version}-%{release}.hmac
\
- crypto/fips/fips_standalone_hmac
$RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version}
>$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.%{version}-%{release}.hmac \
- ln -sf .libssl.so.%{version}.%{version}-%{release}.hmac
$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.%{version}-%{release}.hmac \
+ %{__os_install_post}
%{nil}
%define __provides_exclude_from %{_libdir}/openssl
@@ -456,8 +452,8 @@
%files fips
%defattr(-,root,root)
-%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
-%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
+#%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
+#%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
# We don't want to depend on prelink for this directory
%dir %{_sysconfdir}/prelink.conf.d
%{_sysconfdir}/prelink.conf.d/openssl-fips.conf
Attachment:
pgpQE6MPTzq1_.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/