Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: Jeremy Epstein <jepstein () tis com>
Date: Mon, 19 Oct 1998 10:56:09 -0400
At 06:39 PM 10/19/98 +0400, ark () eltex ru wrote:
Jeremy Epstein <jepstein () tis com> said :Does that just mean that at least _some_ "hardened unix" vendors just allow generic "suid root" programs running in this environment, thuscompletely trashing the whole MLS model? B1 and below do not require breaking up root. B2 and above do. It really has nothing to do with the MLS model. I believe that CMW+ *does* break up root, but I'm not sure of that. It may also be a configuration option."breaking up root" in kernel is useless if you keep running utilities and daemons suid root..
Absolutely agree. At B2, running something suid root would have to be equivalent to running as suid "nobody".
Does that mean that you need, say, VMS, if you need _real_ multilevel security?There are some trusted UNIX systems that are better than others. If VMS underwent the same degree of scrutiny and attack that UNIX does, I'm sure we'd find an equivalent number of bugs. It's a large complex system...I doubt so. It _did_ undergo numerous attacks for a long time; the reason is VMS was _designed_ as MLS system and it does not have legacy "gimme-all-privileges" applications. It is not completely bug-free, no software is, but..
I've never heard that VMS was designed as MLS, and given the pain they went through to get it evaluated, I doubt it was. Having said that, it certainly has fewer "gimme-all-privileges" applications (as you correctly note), for two reasons: it was correctly designed to have granularity of privileges and there are fewer applications altogether :-)
P.S. what happened to Trusted Xenix, is it officially dead now?
Don't know for sure, but I suspect we'd find a way to sell it to anyone who wanted it. We aren't actively marketing or developing it, though. ---------------------------------+------------------------------------- | Jeremy Epstein | E-mail: jepstein () tis com | | TIS Labs at Network Associates | Voice: +1 (703) 356-4938 | | Northern Virginia Office | Fax: +1 (703) 821-8426 | ---------------------------------+-------------------------------------
Current thread:
- Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Message not available
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)