On Fri, 22 Mar 2002 22:50, jmjonesat_private wrote: > > In many cases, they may hear of "trusted computing" or perhaps even > > "orange book B1" (or the new buzphrase "trustworty computing"). But > > without an example of one it is impossible to determine if such a beast > > would be usefull. Much less learn how to use it. > > Not sure how LSM helps this. LSM allows the implementation of most of the features that the obsolete B1 standard required. Note that B1/C2 security standards were not for OSs or security systems, they were for specific configurations. Linux would not meet C2 any more than NT would, an OS can not meet it, it's a particular configuration of an OS. A good configuration of SE Linux would be likely to meet C2. > > It also will expand the confidence of some administrators just knowing > > that if it DID become necessary/mandatory, it is possible to increase the > > security level of the system. > > It's possible now. I've done it, most of my "compatriots" have done it, > but not nearly as well as LSM has done. My solutions have never been LSM > compatible. We want CHOICES, and we want them to be enumerated and > argued. Organize a security BOF at the next Linux conference you attend and you can have an argument about these things. > > In some environments it is already mandated to have more security than > > that defined as "C2", but it isn't being done just because "it isn't > > standard" or "it's too expensive" (the usual answer I get :). > > Can LSM support C2 fully, verifiably, and certifiably? That's an > advantage, if it can. Has anybody proved this (at least in a paper?) C2 is not relevant, it's been made obsolete. I believe that the new standards are called "common criteria", but I'm not certain. Whether some specific configuration of Linux can pass some contrived tests means nothing to me. Now there's some things you need to know. Firstly starting a debate about whether software is needed is not the thing to do on a development list. A development list is for people who want to discuss development. The next thing is that sigs should be no more than 4 lines. If you have a longer sig you are demonstrating ignorance or contempt for the conventions of polite discussion on the net. Finally if you know what you are doing you don't quote people's sigs back to them when replying to the list. PS Are you just posting here to get your advertisement-sig seen? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:14:04 PST