Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: ark () eltex ru
Date: Mon, 19 Oct 1998 18:39:38 +0400
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, Jeremy Epstein <jepstein () tis com> said :
Does that just mean that at least _some_ "hardened unix" vendors just allow generic "suid root" programs running in this environment, thuscompletely trashing the whole MLS model? B1 and below do not require breaking up root. B2 and above do. It really has nothing to do with the MLS model. I believe that CMW+ *does* break up root, but I'm not sure of that. It may also be a configuration option.
"breaking up root" in kernel is useless if you keep running utilities and daemons suid root..
Does that mean that you need, say, VMS, if you need _real_ multilevel security?There are some trusted UNIX systems that are better than others. If VMS underwent the same degree of scrutiny and attack that UNIX does, I'm sure we'd find an equivalent number of bugs. It's a large complex system...
I doubt so. It _did_ undergo numerous attacks for a long time; the reason is VMS was _designed_ as MLS system and it does not have legacy "gimme-all-privileges" applications. It is not completely bug-free, no software is, but.. P.S. what happened to Trusted Xenix, is it officially dead now? _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNitPKKH/mIJW9LeBAQHz4QP/Q8o357iwzmPCO81z1ywLBgKZAEXbkv0Q Ubu/6XDOC9aixhPA/Hrw9XrKJCVBJRHmSEB2WKtsKqovgV0BERFMeXO5J9nulcEO Fk5fsPkG/m3yWGxeenF0jUmLj6iby8qo0O0yWujrk235QefcB8u6zdrueSuh4/aD +DfdJTNNc7s= =J2O8 -----END PGP SIGNATURE-----
Current thread:
- Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)