Firewall Wizards mailing list archives

Re: Trusted Unices Aren't?

From: Jeremy Epstein <jepstein () tis com>
Date: Mon, 19 Oct 1998 10:56:09 -0400

At 06:39 PM 10/19/98 +0400, ark () eltex ru wrote:

Jeremy Epstein <jepstein () tis com> said :

Does that just mean that at least _some_ "hardened unix" vendors just
allow generic "suid root" programs running in this environment, thus

completely trashing the whole MLS model?

B1 and below do not require breaking up root.  B2 and above do.  It really
has nothing to do with the MLS model.  I believe that CMW+ *does* break up
root, but I'm not sure of that.  It may also be a configuration option.


"breaking up root" in kernel is useless if you keep running utilities
and daemons suid root..


Absolutely agree.  At B2, running something suid root would have to be
equivalent to running as suid "nobody".

Does that mean that you need, say, VMS, if you need _real_ multilevel
security?


There are some trusted UNIX systems that are better than others.  If VMS
underwent the same degree of scrutiny and attack that UNIX does, I'm sure
we'd find an equivalent number of bugs.  It's a large complex system...


I doubt so. It _did_ undergo numerous attacks for a long time; the reason
is VMS was _designed_ as MLS system and it does not have legacy 
"gimme-all-privileges" applications. It is not completely bug-free, no
software is, but..


I've never heard that VMS was designed as MLS, and given the pain they went
through to get it evaluated, I doubt it was.  Having said that, it
certainly has fewer "gimme-all-privileges" applications (as you correctly
note), for two reasons: it was correctly designed to have granularity of
privileges and there are fewer applications altogether :-)

P.S. what happened to Trusted Xenix, is it officially dead now?


Don't know for sure, but I suspect we'd find a way to sell it to anyone who
wanted it.  We aren't actively marketing or developing it, though.
---------------------------------+-------------------------------------
| Jeremy Epstein                 |  E-mail: jepstein () tis com          |
| TIS Labs at Network Associates |  Voice:  +1 (703) 356-4938         |
| Northern Virginia Office       |  Fax:    +1 (703) 821-8426         |
---------------------------------+-------------------------------------

Current thread:

Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
  - Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
    - Re: Trusted Unices Aren't? Rick Smith (Oct 28)
    - Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
    - Re: Trusted Unices Aren't? dreamwvr (Oct 29)
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
  - Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
  - RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
  - Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
    - Message not available
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)

(Thread continues...)