Re: The NSA's Security-Enhanced Linux

[M Schubert <schubert () fsck org>]

> Seems like this is a "demo" ...  would anyone be able to compare this
> system to a system that is not attempting to be a demo -- such as
> Pitbull (solaris?)?  It frightens me to think that anyone would
> trust linux :-> but, alas, who knows.  Maybe is enough sugar is
> poured on top, it just won't continue to smell so bad.
>
> Scott

I wouldn't say that its' a demo (it isn't). It's more a
proof-of-concept or beta. I would hope that people keep in mind that
they are pitching their enchancements as simply a "security enchancemed
linux" not to be confused with  "trusted linux". Being able to feel
warm and fuzzy that your box is secure is not the same feeling of a
trusted box (pitbull, trusted solaris, trusted aix, trusted irix, hp-ux
vault?). Even with trusted OS features, it can't be trusted without
_documented_ auditing performed.

But I do share your concern about linux security-enchancements in
general... my fear is that there is very little done in the auditing
field of this code (it is done no doubt, but not to the intensity or
the organization of OpenBSD)

--
-- M. Schubert          - mschuber () uci edu
-- Security Specialist - michaels () lightspeedsystems com
-- Sys Admin            - schubert () fsck org