Re: NSA's Secure Linux Distribution
from the secret journal of Buddha Buck (bmbuck@14850.com):
> >unless we have a policy against security, it should be fine. :) it's all
> >gpl.
i posted that before i hit the download page.
> >Security-enhanced Linux is not an attempt to correct any flaws that may
> >currently exist in Linux. Instead, it is simply an example of how
> >mandatory access controls that can confine the actions of any process,
> >including a superuser process, can be added into Linux. The focus of this
> >work has not been on system assurance or other security features such as
> >security auditing, although these elements are also important for a secure
> >system.
>
> In addition, while they provide 15 new or modified system utilities, they
> also provide 36 new system-calls, and require a custom kernel to handle the
> system.
>
> On their to-do list are the following items:
>
> >Port the kernel patches to the latest 2.2 kernel
> >Port the kernel patches to the 2.4.0 kernel
> >Port the utility patches to the latest versions of the base utilities
>
> so I'm not even sure we -could- apply their patches, even if we wanted to.
>
you have a point. but what about seperate packages for the modified ones, or
even wrapper scripts like we do with dhcpd? that sounds somewhat ugly,
adding quite a bit of bulk to the default install since even tar and procps
get patched.
--
jacob kuntz
jpk@cape.com
underworld.net/~jake
Reply to: