Firewall Wizards mailing list archives
RE: Trusted Unices Aren't?
From: "Gregory Perry" <Gregory.Perry () netsec net>
Date: Fri, 23 Oct 1998 19:03:40 -0400
SCO CMW is hardly secure. Because of design flaws from the early days of MLS technology, many of the bugs included in the traditional variant OS is replicated on the MLS platform. There are many examples of this on most MLS platforms; for example SoftWindows for Trusted Solaris _completely_ breaks the "trusted network" subset of TS 2.5. SCO CMW is no different. --greg
-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Jeremy Epstein Sent: Monday, October 19, 1998 10:29 AM To: firewall-wizards () nfr net; firewall-wizards-digest () nfr net Cc: ark () eltex ru Subject: Re: Trusted Unices Aren't? At 08:12 AM 10/19/98 -0500, ark () eltex ru wrote:/* First, an "offtopic killer": somebody from SCO suggested using TIS fwtk under SCO CMW+ as very secure firewall solution (fwtk-users () tis com ml) */ It seems that nearly nobody noticed that one of latest vendor-initiated bulletin for CERT (mscreen) listed SCO CMW+, a-claimed-to-be-close-to-B2 upgrade for SCO Unix, in the list of vulnerable systems. Said to be possible root compromise.SCO CMW+ isn't anywhere close to B2. At the absolute very best, it's in the neighborhood of B1. And that's impossible to know for sure, since at this point all we have is vendor claims and no evaluation. An earlier guise of CMW+ was evaluated B1 in the late 80s or early 90s (don't remember exactly) on an Apple Mac II, but today's SCO CMW+ is hardly the same system as that was. And even if it were B1 or B2, you'd have to know how it was evaluated (e.g., with what daemons, what hardware) to determine whether the evaluated product is vulnerable. Not to doubt that CMW+ is vulnerable (as you say), just that saying B1 or B2 in the same sentence as CMW+ is like saying "Clinton" and "faithful" in the same sentence :-)How can this happen? How can "a serial multiscreen utility", a program that should have nothing like root privileges on an MLS system, be vulnerable _that way_?Just because something is evaluated (which, again, CMW+ is not) doesn't mean it's bug free. Especially lower assurance systems (B1 and below) are very large and complex, and undoubtedly have security flaws. All the evaluation means is that it was looked at closely, not that it's perfect.Does that just mean that at least _some_ "hardened unix" vendors just allow generic "suid root" programs running in this environment, thuscompletely trashing the whole MLS model? B1 and below do not require breaking up root. B2 and above do. It really has nothing to do with the MLS model. I believe that CMW+ *does* break up root, but I'm not sure of that. It may also be a configuration option.Does that mean that you need, say, VMS, if you need _real_ multilevel security?There are some trusted UNIX systems that are better than others. If VMS underwent the same degree of scrutiny and attack that UNIX does, I'm sure we'd find an equivalent number of bugs. It's a large complex system... ---------------------------------+------------------------------------- | Jeremy Epstein | E-mail: jepstein () tis com | | TIS Labs at Network Associates | Voice: +1 (703) 356-4938 | | Northern Virginia Office | Fax: +1 (703) 821-8426 | ---------------------------------+-------------------------------------
Current thread:
- Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Message not available
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)