Trusted Unices Aren't?

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

/* 
 First, an "offtopic killer": somebody from SCO suggested using TIS fwtk
 under SCO CMW+ as very secure firewall solution (fwtk-users () tis com ml)
*/

It seems that nearly nobody noticed that one of latest vendor-initiated 
bulletin for CERT (mscreen) listed SCO CMW+, a-claimed-to-be-close-to-B2
upgrade for SCO Unix, in the list of vulnerable systems. Said to be
possible root compromise.

How can this happen? How can "a serial multiscreen utility", a program
that should have nothing like root privileges on an MLS system, be
vulnerable _that way_?

Does that just mean that at least _some_ "hardened unix" vendors just
allow generic "suid root" programs running in this environment, thus completely trashing the whole MLS model?

Does that mean that you need, say, VMS, if you need _real_ multilevel
security?
 
What about closer look to Trusted Solaris, DG/UX, whatever else exists
on this market?
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNiczNqH/mIJW9LeBAQHgzAP/bvVRObO+sVGHPyYI9DBirb/fZbHk+9WM
BIxqQEhG+6u5IqPjutlQUaF0TU5LmRvQVRCkzs1YObyB3MkYJRuRaPVqlN7/cv2/
/DzihgmSowWP2GfGzzizbQalmhWnV7wHwpLELYjVxfvVPUzXhfPNWgL1q6i26YS4
0pdev/7hpcs=
=KWWA
-----END PGP SIGNATURE-----