Vulnerability Development mailing list archives
Re: The NSA's Security-Enhanced Linux
From: "Scott D. Yelich" <scott () SCOTTYELICH COM>
Date: Fri, 22 Dec 2000 12:46:32 -0700
On Fri, 22 Dec 2000, Michael H. Warfield wrote:
Huh? What was this? A troll? Must have been. Nobody could be that clueless... Ok... Let's nibble...
no. There is no need to insult. I was not trolling and I am seriously interested in the question I posed. You really did not address it, completely.
The government seem to feel that it makes a lot MORE sense to trust something that they have the sources for and that they don't have to be held captive to a vendors path and fixes and support (or lack thereof). My God! Look at the mess Microsoft had in the version 1 security service provider. That wasn't getting fixed until the Samba team started kicking over those rocks and exposed it for the joke that it was...
Linux vs mickeysoft? Well, I agree with you there. But, then, I guess that's why the government and military has standardized on windows, eh? Don't we all know how well mickeysoft likes the Samba team and its product? Why even dream of interopability when you can't even get compatibility between components of the same operating system. Lets just not go there, ok? I'm seriously not advocating windows or linux. I'm simply asking if anyone views the selinux as anything more than a demo. That is, should it be trusted? The docs seem to indicate that it's mostly a proof of concept demo. Will it one day mutate into something that is trustable? Did people trust the FBI DDoS scanner? Will they trust NSA code? Yeah, sure, the FBI refused to release the source for their code and its execution was traced inside and out -- but I'd still wonder. In the eyes of the government and these agencies, it's the good guys (ie: them) vs the bad guys (ie: that'd be anyone who's not them, and perhaps even themselves). To me, that's a very scary mentality.
Solaris is rather precious, too... Took Sun over a year to fix the rsh hole that Alan Cox reported to them. Took them over 9 months to finally tell me that there would be no fix for the NISNuke problem and that they recommended installing open source versions of the finger daemon (they really made that recommendation).
Did I ever mention out of the box security of Solaris, linux or windows? It seems to me that most systems need quite a bit of "fixing" if not a whole heck of a lot of configuring.
Frightens me that anyone would trust a closed source operating system for security. :->
Exactly. Lets hear it for the government, eh? Anyway, what closed OS are you referring to? Solaris is hardly closed. At least, it's a whole heck of a lot more open than mickeysoft, until/unless some jokers release the code they they might have stolen from mickeysoft. On problem I see with this is that it would mostly be useless as one has to upgrade so often with windows, and who knows what's actually going on with the code. mickeysoft will go the way of apple, at some point in time. Of course, with Bush as president, they almost get a reprieve to steal more from the consumer. Anyway...
(A trolling we will go, a trolling we will go, a hie ho the merry'o, a trolling we will go...)
h0h0h0 I am serious. Were you? Except for the clueless part, I refer you back to your first paragraph in your response. Scott
Current thread:
- The NSA's Security-Enhanced Linux Ralf-Philipp Weinmann (Dec 21)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 22)
- Re: The NSA's Security-Enhanced Linux Michael H. Warfield (Dec 22)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 22)
- Re: The NSA's Security-Enhanced Linux Michael H. Warfield (Dec 22)
- Re: The NSA's Security-Enhanced Linux Michael H. Warfield (Dec 22)
- Re: The NSA's Security-Enhanced Linux M Schubert (Dec 22)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 22)
- <Possible follow-ups>
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 22)
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 25)
- Re: The NSA's Security-Enhanced Linux Dom De Vitto (Dec 26)
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 27)
- Re: The NSA's Security-Enhanced Linux Timothy J. Miller (Dec 28)
- Re: The NSA's Security-Enhanced Linux Scott D. Yelich (Dec 29)
- Re: The NSA's Security-Enhanced Linux M.Schubert (Dec 29)
- Re: The NSA's Security-Enhanced Linux Neal Dias (Dec 29)