Re: Support the Sasser-author fund started

[Nick FitzGerald <nick () virus-l demon co uk>]

Valdis.Kletnieks () vt edu to me:

> Actually reading what C2 *required* is quite enlightening.

More "worrying" given that MS' focus on getting C2 certified was to be 
able to bid for the "more lucrative" DoD and related contracts that 
required C2-level systems (no matter how arbitrarily -- incredibly few 
of them were ever actually configured and run at C2).

> Code identified as a 'Trusted Computing Base'. Identification of specific
> users.. discretionary access controls.. an audit trail.. object clearing before
> reuse.. Testing for *obvious* flaws..
>
> Yep, that's about it.  ...

"Guaranteed boot path" (can't recall the precise wording) -- something 
MS was already actively campaigning against with its "boot from 
network" requirement for the upcoming PC 95 or PC 97 hardware platform 
specs, and something that no "typical PC" could ever meet.  The C2 cert 
for NT "fudged" this requirement by removing the floppy drive (and 
perhaps by testing on a machine whose BIOS did not yet support "boot 
from CD").

> ...  Userid/password, some sort of user-settable file
> permissions, don't let the next user snarf blocks off the disk by allocating
> a big file, and keep an audit trail.  *real* stringent. Even when NT came out, C2
> wasn't considered much security at all...  Most of this stuff was already
> well understood when Multics was done in the mid-60s.
>
> Security labels? MAC? Those are B1.
>
> "A team of individuals who thoroughly understand the specific implementation
> of the TCB shall subject its design documentation, source code, and object code
> to through analysis and testing".  That's not a requirement till B1 either.
> (Yeah.. ponder THAT one - you don't have to do a thorough test to get C2 ;)
>
> "Trusted Path" for login?  That's in B2, as is covert channel analysis.
>
> You get the idea... ;)

No -- I _know_ the idea.

The point is that NT is usually sneered at by *nix bigots whose 
favourite OSes are _just as lame_ by those same miserable criteria.

IIRC (and I really don't care as it really doesn't matter) but no 
"mainstream" *nix matched NT's C2 certification for a year or more 
when, IIRC, some Solaris variant was gonged C2 too.

Anyway, the real point is that all the currently popular systems 
implement some form of _discretionary_ controls, which (by definition) 
have to actually be enabled before thay can be any use (regardless of 
how much or how little use they can be) and as most current "system 
admins" don't even have that concept in their computing world views, 
it's kinda academic to debate whether the OSes these "admins" run 
support DAC, MAC or whatever...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html