

DoD offers up tiny, secure Linux distro - thomas
http://www.geek.com/articles/chips/u-s-dept-of-defense-offers-up-tiny-secure-linux-distribution-20110722/

======
niels_olson
I've tested LPS in the past. Their primary goal is to provide access to your
"enclave" (remote access services offered by your command) while leaving no
trace on the local machine. So you could be staying at the Omni Hotel in
Belgrad and still check your command email from their business center.

As a practical matter, it verges on completely useless for any serious
business. Note the screenshots don't include evidence of Citrix running, or
even a web browser. There's no package management. You couldn't install it if
you wanted to. As I recall, I never got networking up. That was a snapshot
release from ... March, I believe.

I'm glad to see someone in US government working on desktop Linux. I would
love to say goodbye to Windows XP. That said, for the advertized purpose, I've
found an Ubuntu thumbdrive much more practical.

~~~
burgerbrain
It sounds like this system is meant to be something along the general lines of
something like Tinfoil Hat Linux.

If you're expecting Citrix... you're probably not in the target audience.

~~~
niels_olson
I was asked to look at is, as I was also testing a Cr-48 at the time. I'm
pretty sure I'm the target audience, and the target audience is offered many
services via Citrix. Citrix has had Receiver for Linux for years. This project
just isn't there yet.

------
astine
The article doesn't specify what distinguishes this from a regular liveCD
Linux distro. My guess is that the DoD has hardened the included kernel
(possibly included SELinux) and curated the included packages for security,
but article doesn't say. It also doesn't specify what if any special
configurations it has made to the standard included packages to make this more
secure.

~~~
sixtofour
One thing that distinguishes it, from the article, is that it doesn't mount
the machine's hard drive.

Anyone can do essentially what they're doing just by using a live CD. They've
gone a bit beyond that by not mounting the hard drive as noted, and whatever
other changes they've made that the article doesn't specify.

~~~
kijinbear
Most LiveCDs don't mount hard drives unless you specifically tell it to do so,
for example, by clicking on the drive icon. Perhaps this distro disables even
that capability, so you can't leave any trace on the machine even if someone
got you to run the latest Firefox exploit.

~~~
mehitabel
This distribution has stripped hard disk support from the kernel. It is
intended as a relatively more secure browsing platform (with support for DoD
two-factor authentication for email access, etc.). I provide it to my parents
for browsing the web, and my tech support calls from home are gone.

------
dotBen
I'm really curious to know what this was originally designed for.

It has consumer-friendly "Windows XP" style UX and the user it logs into isn't
root/sudo.

This all leads me to conclude the original purpose of this tool was for
"normal people" to use, and so I'm left wondering whether it was for agents or
informants to be able to communicate back to the mothership securely.

If this was for security personnel or those performing forensics on evidence,
there wouldn't be cutesy UX and it would be logged in to root. If this was for
'rank and file' staff in CIA/FBI offices, they wouldn't need a portable
distro.

~~~
Jtsummers
This is intended for rank and file staff of the DoD (as a DoD product) to use
along with their CAC to connect to various DoD sites using CAC authentication.
The theory is that you can load this onto a thumb drive or CD, take it and a
CAC reader with you and plug both into any internet connected computer,
providing you with a simple terminal for mundane office tasks (read: email).

------
afhof
"Running it from a CD means there is absolutely no way the OS can be
compromised..."

... except if the underlying hardware is compromised.

~~~
vannevar
Even if the hardware isn't compromised, the OS running in RAM can be taken
over as easily as a disk-based system can. It's just that the OS will be reset
and 'cleaned' when the machine is rebooted.

------
delinka
In case you are interested in the actual distribution, it seems to be here:

<http://www.spi.dod.mil/lipose.htm>

but the server looks busy.

------
jwcacces
There's a bunch of icons on the desktop that look directly cribbed from
Windows (show desktop, command prompt, documentation), are those legit?

------
dotBen
The spi.dod.mil server is clearly overloaded and downloading this is
difficult.

Can anyone who's downloaded this give us an MD5 hash on the files as I'm going
to try to download this from a mirror _(why the DoD hasn't published an
official MD5 for these I don't know)_

~~~
Jtsummers
<http://www.spi.dod.mil/docs/Hashes.pdf>

MD5 and SHA256 hashes, from the DoD of all people.

------
RocknRolla
How is this any different than Knoppix with scratch turned off?

------
aninteger
Why not just offer a set of patches? It's a lot of work to create and maintain
a distro.

Or the DoD could always go back to helping OpenBSD :)

~~~
dsl
Because patches can be applied against sources that haven't been completely
audited.

------
mcantelon
Back door, anyone?

~~~
sorbus
My thoughts were "That's probably a great project, but no one is going to use
it because they'll be worried about a back door." Although it couldn't be that
hard to find one - log traffic on startup, see if it makes any requests to
servers not requested by the user. Unless the theorized back door is better
hidden, such as by introducing a vulnerability into its SSL implementation
(and whatever other encryption tools for network traffic it uses) that makes
it much easier to decrypt intercepted traffic (not sure how viable that would
be; it's not my field of study).

~~~
olefoo
I can think of two very obvious ways two suborn lib_openssl (obvious in that a
competent auditor would find them) after relatively little due diligence.

1\. Cripple the random number generator similar to the debian bug from 2008,
this would be difficult to spot through source inspection, but not hard to
spot from active queries.

2\. Include valid certificates in the trusted certificate store that allow the
distributor to execute a man in the middle attack. This becomes even easier if
the dns servers are hardcoded to be those of the attacker.

Basically, if you think the US Air Force has reasons to snoop your
communications; don't use their software to communicate. Linux is freely
available, build your own high security distro or use OpenBSD or write your
own from scratch, don't assume software is secured unless you implicitly trust
the person who claims it has been secured for the purpose you are using it;
and even then they might be wrong.

------
ndefinite
Like the concept but kind of sketches me out that they're that good at running
systems in RAM after reading about how stuxnet does exactly that. Take a
little give a little I guess

~~~
Rusky
LiveCD's have been doing this for ages. This has nothing to do with Stuxnet.

------
4J7z0Fgt63dTZbs
Why not Chrome

