Re: exec-shield (maybe ITP kernel-patch-exec-shield)

To: Zenaan Harkness <zen@iptaustralia.net>, debian-devel@lists.debian.org
Subject: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
From: Peter Busser <peter@adamantix.org>
Date: Fri, 28 Nov 2003 13:32:40 +0100
Message-id: <[🔎] 20031128123240.GG8493@adamantix.org>
In-reply-to: <[🔎] 1070021511.2401.26.camel@zen8100a>
References: <[🔎] 20031121164140.GA23900@adamantix.org> <[🔎] 200311271126.50262.russell@coker.com.au> <[🔎] 20031127120603.GA1047@adamantix.org> <[🔎] 200311280034.54723.russell@coker.com.au> <[🔎] 20031127135954.GA2371@adamantix.org> <[🔎] 1069980201.3533.62.camel@zen8100a> <[🔎] 20031128112043.GC8493@adamantix.org> <[🔎] 1070021511.2401.26.camel@zen8100a>

Hi!

> > I would think that the recent break-in should be convincing enough that you
> > can't simply ignore security or downplay the importance. Of all products
> I don't think any of us 'ignore' security - perhaps some users do. They
> probably won't be interested in our enterprise stuff, but many will I
> believe.

I haven't been aware that it had a very high priority either. If I look at how
the Linux Security Modules got into the kernel, I would say that performance
is a much more important issue than security.

> Absolutely. For some, the highest level of security is necesseary *right
> now*. Adamantix would be good fit for them (if they don't want to hassle
> with endless custom compiling and possible mistakes by themselves).

I wouldn't say that Adamantix provides the highest level of security. It is not
mature enough at the moment to live up to such claims. In fact, I doubt that
Linux will ever be able to provide security that exceeds TCSEC C2 or Common
Criteria AEL4 level of security assurance, no matter how much code and
technology you throw at it. For security professionals real security generally
starts at the TCSEC B1 or CC AEL5 level. Making such a system usable is even
harder than making it secure. :-)

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world
http://www.adamantix.org/

Reply to:

Follow-Ups:
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: "Milan P. Stanic" <mps@rns-nis.co.yu>

References:
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Russell Coker <russell@coker.com.au>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Russell Coker <russell@coker.com.au>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Zenaan Harkness <zen@iptaustralia.net>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Zenaan Harkness <zen@iptaustralia.net>

Prev by Date: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Next by Date: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Previous by thread: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Next by thread: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Index(es):
- Date
- Thread