Comments on: More on Kylin… http://www.thedarkvisitor.com/2009/05/more-on-kylin/ Thu, 25 Feb 2010 21:39:39 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: More on Kylin (chinese secure OS) « IT Security http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-3017 More on Kylin (chinese secure OS) « IT Security Sun, 31 May 2009 18:58:40 +0000 http://www.thedarkvisitor.com/?p=1585#comment-3017 [...] http://www.thedarkvisitor.com/2009/05/more-on-kylin/ [...] [...] http://www.thedarkvisitor.com/2009/05/more-on-kylin/ [...]

]]> By: jumper http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-3015 jumper Sun, 31 May 2009 12:49:57 +0000 http://www.thedarkvisitor.com/?p=1585#comment-3015 Thanks Xort, That is the same version that I looked at for this post. It is not the most recent 3.0 version that has the security extensions. -jumper Thanks Xort,

That is the same version that I looked at for this post. It is not the most recent 3.0 version that has the security extensions.

-jumper

]]> By: xort http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-3005 xort Sat, 30 May 2009 19:07:32 +0000 http://www.thedarkvisitor.com/?p=1585#comment-3005 looks like soemthing here: http://selinuxproject.org/~jmorris/kylin/ looks like soemthing here:
http://selinuxproject.org/~jmorris/kylin/

]]> By: jumper http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2903 jumper Fri, 22 May 2009 17:04:25 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2903 Hi Joker, The researcher that made the presentation to the USCC is the one who described Kylin that way. Keep in mind that Kylin is funded by the national innovation project 863 and based on forum activity and Chinese blog posts, it is a research project. I doubt that it is very widely deployed. It is no longer free so the idea that it would be installed on tens of millions of computers is probably incorrect. Kylin 3.0 has some interesting security features but nothing particularly innovative. I doubt that there is any conspiracy here. I would expect the government of China to be interested in having an OS that they can manage inside China. It doesn't matter that it wasn't built from scratch as long as future code changes are reviewed by someone on the inside. This is a worthwhile effort on the part of people running 863. It isn't anything at all to be suprised, concerned or suspicious of. BTW, Kevin G. Coleman stated that current cyber weapons are designed for Linux, Windows and UNIX and would be innefective against Kylin. That would not necessarily be the case. Kylin < 2.1 is FreeBSD without any security features like stack protection. Kylin 3.0 is Linux 2.6 with MAC, RBAC and file ACLs. If Kylin is deployed like SELinux is deployed, the security features will either be turned off or there won't be a profile for the most important appliactions like Oracle. In any case, I don't know what is in the US cyber weapons armory but I doubt that the US offensive cyber capability shuts down when it comes across FreeBSD. <a href="http://www.uscc.gov/hearings/2009hearings/written_testimonies/09_04_30_wrts/09_04_30_coleman_statement.pdf" rel="nofollow">http://www.uscc.gov/hearings/2009hearings/written_testimonies/09_04_30_wrts/09_04_30_coleman_statement.pdf</a> Read the statement and decide for yourself if Kylin is something to worry about. Hi Joker,

The researcher that made the presentation to the USCC is the one who described Kylin that way. Keep in mind that Kylin is funded by the national innovation project 863 and based on forum activity and Chinese blog posts, it is a research project. I doubt that it is very widely deployed. It is no longer free so the idea that it would be installed on tens of millions of computers is probably incorrect. Kylin 3.0 has some interesting security features but nothing particularly innovative.

I doubt that there is any conspiracy here. I would expect the government of China to be interested in having an OS that they can manage inside China. It doesn’t matter that it wasn’t built from scratch as long as future code changes are reviewed by someone on the inside. This is a worthwhile effort on the part of people running 863. It isn’t anything at all to be suprised, concerned or suspicious of.

BTW, Kevin G. Coleman stated that current cyber weapons are designed for Linux, Windows and UNIX and would be innefective against Kylin. That would not necessarily be the case. Kylin < 2.1 is FreeBSD without any security features like stack protection. Kylin 3.0 is Linux 2.6 with MAC, RBAC and file ACLs. If Kylin is deployed like SELinux is deployed, the security features will either be turned off or there won't be a profile for the most important appliactions like Oracle. In any case, I don't know what is in the US cyber weapons armory but I doubt that the US offensive cyber capability shuts down when it comes across FreeBSD.

http://www.uscc.gov/hearings/2009hearings/written_testimonies/09_04_30_wrts/09_04_30_coleman_statement.pdf

Read the statement and decide for yourself if Kylin is something to worry about.

]]> By: Heike http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2902 Heike Fri, 22 May 2009 16:30:20 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2902 Joker, Looks like you have read your 36 Stratagems, "Make a noise in the east, attack in the west." Joker,

Looks like you have read your 36 Stratagems, “Make a noise in the east, attack in the west.”

]]> By: Joker http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2900 Joker Fri, 22 May 2009 15:38:42 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2900 I find this very interesting in regards to the fact that, if this is the super secure OS that China is going to be installing on tens of millions of computers including their infrastructure, why make it public? Wouldn't you want this to be as quiet as possible? Seems strange to me. Makes me wonder if this is done on purpose to make a lot of noise in one direction only to hide something else in another area. I find this very interesting in regards to the fact that, if this is the super secure OS that China is going to be installing on tens of millions of computers including their infrastructure, why make it public? Wouldn’t you want this to be as quiet as possible? Seems strange to me.

Makes me wonder if this is done on purpose to make a lot of noise in one direction only to hide something else in another area.

]]> By: jumper http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2883 jumper Thu, 21 May 2009 01:08:07 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2883 See the new K3 forum at http://kylin3.cn for more info. Also: http://blog.chinaunix.net/u1/51057/showart_498917.html&tbb=1&rurl=translate.google.com&usg=ALkJrhhY1XXfZYn3yzBBR4NtTy7KjQKavg And it comes with a Yum updater: http://blog.chinaunix.net/u1/51057/showart_472491.html&tbb=1&rurl=translate.google.com&usg=ALkJrhg6nbPcUiFK9imjj-DUMgp0KRDb9A See the new K3 forum at http://kylin3.cn for more info.

Also:
http://blog.chinaunix.net/u1/51057/showart_498917.html&tbb=1&rurl=translate.google.com&usg=ALkJrhhY1XXfZYn3yzBBR4NtTy7KjQKavg

And it comes with a Yum updater:
http://blog.chinaunix.net/u1/51057/showart_472491.html&tbb=1&rurl=translate.google.com&usg=ALkJrhg6nbPcUiFK9imjj-DUMgp0KRDb9A

]]> By: jumper http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2882 jumper Thu, 21 May 2009 00:46:16 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2882 Spath, Thank you very much for pointing this out. I have updated the article. Regards, jumper Spath,

Thank you very much for pointing this out. I have updated the article.

Regards,

jumper

]]> By: spath http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2880 spath Wed, 20 May 2009 21:25:36 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2880 Dear jumper, Thank you for your interesting research and post. However, from my own research it seems that Kylin 2.1 is obsolete, and that development is now focused on version 3.0, which includes a hardened Linux 2.6 kernel and a SELinux-like MAC. The website for this new version (kylin-os.com / kylin-os.cn) is apparently down, but google cache still gives interesting technical details about its technologies (see for instance http://is.gd/BMpy). Therefore it seems to me that more investigation is needed before dismissing Mr Coleman's statements so quickly. regards, --spath Dear jumper,

Thank you for your interesting research and post.

However, from my own research it seems that Kylin 2.1 is
obsolete, and that development is now focused on version 3.0,
which includes a hardened Linux 2.6 kernel and a SELinux-like
MAC. The website for this new version (kylin-os.com / kylin-os.cn)
is apparently down, but google cache still gives interesting
technical details about its technologies (see for instance
http://is.gd/BMpy). Therefore it seems to me that more
investigation is needed before dismissing Mr Coleman’s
statements so quickly.

regards,
–spath

]]> By: jumper http://www.thedarkvisitor.com/2009/05/more-on-kylin/comment-page-1/#comment-2874 jumper Wed, 20 May 2009 01:40:06 +0000 http://www.thedarkvisitor.com/?p=1585#comment-2874 Hi Richard, I did install from the 2.1A iso. I remember having some problems with the interface when I got to the disk partitioning. It took a few tries but basically, add a slice and then highlight the "unused part" that corresponds to the size of slice you created and click "add part". The root / should be there by default with UFS2 selected and swap optional in the pull-down. Regards, jumper Hi Richard,

I did install from the 2.1A iso. I remember having some problems with the interface when I got to the disk partitioning. It took a few tries but basically, add a slice and then highlight the “unused part” that corresponds to the size of slice you created and click “add part”. The root / should be there by default with UFS2 selected and swap optional in the pull-down.

Regards,

jumper

]]>