Re: [ISN] Start-up banks on hack-proof Linux

From: InfoSec News (isnat_private)
Date: Wed Oct 02 2002 - 01:38:48 PDT

  • Next message: InfoSec News: "[ISN] Firms Respond to White House Cybersecurity Call"

    Forwarded from: Russell Coker <russellat_private>
    On Tue, 1 Oct 2002 11:03, InfoSec News wrote:
    > Forwarded from: Kurt Seifried <listuserat_private>
    > The more security flaws you leave unsolved (even if they do not
    > "directly affect" your users) the more likely some combination of
    > bugs will occur that does allow an attacker in.
    This is a good point.  I think that the best way to develop a
    distribution with advanced security is to build on top of one that's
    already got a good record.
    Debian has a good track record of responding in a timely fashion to
    security bugs.  So for my SE Debian work all I have to do is get the
    SE Linux part going and I can rely on other people to deal with SSL
    stack overflows, zlib bugs, SUID programs that use predictable file
    names in /tmp, etc.
    I believe that anyone who is developing a secure distribution of Linux
    is best advised to make it a "bolt on" for a major distribution that
    has a good record in dealing with security patches, so that then all
    you have to work on is your "bolt on" part and not the entire system.
    By using this approach I have been able to develop a secure
    distribution on my own without much assistance.  I believe that other
    people who have similar aims are spending much more effort on this
    because they are also working on the base OS.
    Russell Coker
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 03:43:33 PDT