[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exec-shield (maybe ITP kernel-patch-exec-shield)


> > I would think that the recent break-in should be convincing enough that you
> > can't simply ignore security or downplay the importance. Of all products
> I don't think any of us 'ignore' security - perhaps some users do. They
> probably won't be interested in our enterprise stuff, but many will I
> believe.

I haven't been aware that it had a very high priority either. If I look at how
the Linux Security Modules got into the kernel, I would say that performance
is a much more important issue than security.

> Absolutely. For some, the highest level of security is necesseary *right
> now*. Adamantix would be good fit for them (if they don't want to hassle
> with endless custom compiling and possible mistakes by themselves).

I wouldn't say that Adamantix provides the highest level of security. It is not
mature enough at the moment to live up to such claims. In fact, I doubt that
Linux will ever be able to provide security that exceeds TCSEC C2 or Common
Criteria AEL4 level of security assurance, no matter how much code and
technology you throw at it. For security professionals real security generally
starts at the TCSEC B1 or CC AEL5 level. Making such a system usable is even
harder than making it secure. :-)

Peter Busser
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world

Reply to: