On Fri, 22 Mar 2002, Russell Coker wrote: > On Fri, 22 Mar 2002 22:50, jmjonesat_private wrote: > > > In many cases, they may hear of "trusted computing" or perhaps even > > > "orange book B1" (or the new buzphrase "trustworty computing"). But > > > without an example of one it is impossible to determine if such a beast > > > would be usefull. Much less learn how to use it. > > > > Not sure how LSM helps this. > > LSM allows the implementation of most of the features that the obsolete B1 > standard required. Note that B1/C2 security standards were not for OSs or > security systems, they were for specific configurations. Linux would not > meet C2 any more than NT would, an OS can not meet it, it's a particular > configuration of an OS. A good configuration of SE Linux would be likely to > meet C2. Good. That's an pro-argument point. > > > > It also will expand the confidence of some administrators just knowing > > > that if it DID become necessary/mandatory, it is possible to increase the > > > security level of the system. > > > > It's possible now. I've done it, most of my "compatriots" have done it, > > but not nearly as well as LSM has done. My solutions have never been LSM > > compatible. We want CHOICES, and we want them to be enumerated and > > argued. > > Organize a security BOF at the next Linux conference you attend and you can > have an argument about these things. > Maybe. So, you're saying that this list is not tolerant of opinions contradicting your own and those people should just "talk among themselves?" and never ask questions here? > > > In some environments it is already mandated to have more security than > > > that defined as "C2", but it isn't being done just because "it isn't > > > standard" or "it's too expensive" (the usual answer I get :). > > > > Can LSM support C2 fully, verifiably, and certifiably? That's an > > advantage, if it can. Has anybody proved this (at least in a paper?) > > C2 is not relevant, it's been made obsolete. I believe that the new > standards are called "common criteria", but I'm not certain. Whether some > specific configuration of Linux can pass some contrived tests means nothing > to me. > Good. It means nothing to you. You're saying that your opinion is the "end-all-and-be-all" here? Kewl, I'll pass my thoughts to you directly. > > Now there's some things you need to know. > > Firstly starting a debate about whether software is needed is not the thing > to do on a development list. A development list is for people who want to > discuss development. No. That's not what I'm doing. I'm starting a debate about "what benefit does LSM clearly provide that can be used to win-the-day with the LDs and Linus and the users to justify the INCLUSION of LSM in the kernel-proper." If nobody here is willing to argue the benefit, I think it's a wonderful co-operative patch that will never go ANYWHERE... since "I'm right because I say so" is never a really good sales strategy. Develope something that's not generally useful, you have a nice brick to put on your mantel... developers need to consider how their output will be received. > > The next thing is that sigs should be no more than 4 lines. If you have a > longer sig you are demonstrating ignorance or contempt for the conventions of > polite discussion on the net. My sig is 6 lines long... one identifies me, 4 identify what I do, and one shows where you can find me on the web. The rest is merely formatting. I'm not ONLY advertising, I'm declaring myself. > > Finally if you know what you are doing you don't quote people's sigs back to > them when replying to the list. > Um, if people want to put a sig on their name, or a Dr. or an MLS, I quote it back... why would anybody use a sig that they were not proud of? I do it entirely as a sign of respect. Your "sig" is short for "signature", is it NOT? Doesn't it identify you, personally? Don't be so "judgemental" about how people identify themselves... but if 4 lines is your "thing", see my sig below. :) I know, from YOUR sig, that you don't respect copyright/intellectual property notices in email you receive. Sincerely, J. Melvin Jones ++++++++ J. Melvin Jones (jmjonesat_private | http://www.jmjones.com/ ) Microcomputer Systems Consultant, Software Developer; Web Site Design, Hosting, and Administration; Network and Systems Administration. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 14:40:10 PST