Re: Trusted Unices Aren't?

[Gordon Greene <Gordon.Greene () netsec net>]

At 05:19 PM 10/30/98 +0300, ark () eltex ru wrote:
> If you are communicating you definitely want something ;)
> That's traditional Klingon greeting and i rarely change it to something
> else.. sometimes i do.
Oh, I know it is the Klingon geeting, literally, "What Do You Want?", but
unless every communication is to be a trade of some kind, one would
normally only ask that when someone else wants something, but you don't.
Otherwise why not just start up conversation by saying what *you* want?  I
think we can handle this piece of discussion by email after this, though.

 
> > I don't know if you can just drop DG/UX on a regular Dell or Gateway and
> > have it work.  In any event, it's SysV-ish.  But there are a number of free
> > and cheap Unices for the PC, including some that are SysV-ish, if that's
> > what you prefer.
>
> None of those are able to be more than C2-like. (If we assume that SCO CMW+ 
> is brain-dead, Trusted Solaris is sparc only - it used to be, at least, and
> Trusted Xenix is no longer alive).  
Oh, agreed.  There are no free Intel Unices that are MLS (that I know of).
I don't know if I'd call SCO CMW+ brain dead, but it certainly hasn't had
as much development as some of the non-Intel targeted ones.  I couldn't get
a clear picture as to whether it's even still under development, or was
frozen a couple of years ago.  It does have some lineage, though.  It's an
offshoot of SecureWare's work, I believe.

You can get DG/UX with the B2 option for Intel, but I think just for the
proprietary DG platform.  Someone from DG is welcome to correct me on that.

There has also been talk about a Trusted Solaris x86 port.  At one point,
there was even some talk of my being involved in it.  Trusted Solaris has
come a long way in a few years.  

There may be others for the Intel at some point.  The toughest part of that
has to be the work involved in supporting drivers for the vast array of
cheap hardware.  

As far as Trusted Xenix goes, I think someone on this list suggested that
if someone came up with some money, a way could be found to buy it.  It
would probably have a lot of cobwebs on it by now, though.

Bell Labs (or whatever they're called now) still uses System V/MLS, but
internally only.  Also, Wang Federal has a B3 OS called STOP, which runs on
their proprietary Intel-based box.  It's MLS, but not CMW.  It's meant to
be a secure platform for firewalls and similar things.  Not a place to
check your email and do everyday stuff.

That's why it would be neat to make one of the free Unices MLS.  Instead of
putting up expensive hardware for you firewall/router/whatever, you could
throw up a cheap PC, a free OS, and have a pre-hardened platform for it.

The big thing to realize is that this would be MLS, but not CMW.  I regular
user doesn't have much user for a CMW, unless they spend a lot of time
examining data and assigning it a label, or changing its label.  MLS is
just dandy for handling multiple networks and trusted proxies.  Look at
Argus Systems for an MLS proxy system.  And DG/UX B2 has what amounts to
IPFILT built in.  Great idea, that!