Re: [lin-sec-mod] Re: c2 (or c2-like) auditing for Linux

From: Magosányi Árpád (magat_private)
Date: Fri Jan 31 2003 - 09:11:51 PST

  • Next message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"

    A levelezőm azt hiszi, hogy Casey Schaufler a következőeket írta:
    > > Don't blame me if/when Linus shows you the door, and *defintely don't*
    > > tell Linus that I said he should accept audit :-)
    > Awe. No, I don't blame anyone. It's completely
    > reasonable that those who back a cause should fight
    > for it, banding with allies where it's mutually benifitial
    > and accepting when they differ.
    Well, you can tell Linus that _I_ said that he should
    accept audit (not as it would be a great reason...).
    Having LSPP functionality in access control
    and less than CAPP in audit seems a bit unbalanced. And full
    LSPP is a very easy route to world domination: trend in security
    now points toward using Cobit and BS7799 for the organisational
    and management side, and CC in the technical side, with the
    two side in tight integration. On the technical side the
    general-purpose and OS profiles are CAPP and LSPP. This
    setup is logical enough to beat it through your management
    (I did it). Now start a tender for aquiring operating
    system. The results:
    -any windows:	below the threshold
    -any unix vanilla: somewhere near CAPP, EAL2-EAL3
    -trusted Linuxen: somewhere near LSPP, EAL2-like
    -trusted unixen: LSPP, EAL4
    Well. Now take a look at the price tag:)
    I talk from experience.
    GNU GPL: csak tiszta forrásból
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 09:13:30 PST