[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux at C2 - was Re: Is this mail list dead?
Casey Schaufler wrote:
> Pedro Rosa wrote:
>
>> Note that Linux is not a OS with a very limited set of purposes. Don't
>> tell me that attempts to enforce a security scheme at core bottom will
>> not hinder such sections like real-time or clusters. So I think it is
>> too risky to put two things in one boat.
>
>
> Your concerns are unfounded. Even though you've asked me
> not to, I'll point out that Irix does all you've mentioned.
Cool. Where is Irix? Am I seeing Irix? Have I heard about Irix? Well I
have seen AIX. Solaris, a little bit of SCO, a little of Xenix, several
BSDs and lots of Linuxes. Irix I haven't seen nearer 2 kilometers... I
don't wanna say it's bad (in fact I have heard great things about it).
But if you are talking about something similar to AIX then I would note
this: It's great, it's fabulous, it's very good. But also it's
monolithic, it's impossibly complex, it's inflexible, it's stuck in two
PPC boxes and doesn't move outta that place because it's incompatible
with everything else. And the worse is the support. It is easier to turn
the two boxes to Linux rather than waiting the eternity to have the
chance to upgrade the stuff. But this is more a legal problem on how IBM
sells this stuff and how you may have chances to pay for the upgrade (we
are a budget organisation).
>
>
>
>> Yes, the position of C2 out of the core-bottom may hinder Linux, for the
>> fact that it will never have a 99,99% secured architecture.
>
>
> What do you mean by a "secured architecture"?
I mean that being out of the main development will give a conceptual
weakness to Linux that probably will never be solved. So we will hardly
expect that the inners of the kernel may answer to the C2 requirements.
>
>
>> However, I'm
>> pretty convinced that 99,99% of its users wouldn't need such
>> requirement. For such ultra-security there should be other OSes (OpenBSD
>> for example).
>
>
> Firstly, you're making up your statistics on the fly. Heck,
> that's true of 80% of statistics.
No I'm not saying things on the fly. If you talk about the corporate
environment then you will probably be right. But don't forget the
general user, the middle man, the small enterpeneur. And don't forget
that the World does not start in New England and ends in Alaska. In
other places around the world there are tons of people who less need
such thing (well, there are also tons of those who BADLY need it). It it
is not 99,99%. But surely it is also not 80%. More than 90% is a sure
level. Even those who are dead confidential, prefer to have things set
apart, in a iron closed room, with guards and dogs around. And they
rarely trust their dearest secrets to the dust box...
>
>
> Second, calling C2 ultra-security is like calling TGIFriday's
> Fine Dining.
It's ultra-security out of a corporate environment, with "keep-out"
yellow signs, machine guns and velure gloves (ok I _exagerated_). It's
stupid ultra-security for the general user as he may get convinced that
having "C2 compatibility" will save him from Earthquakes, Floods and
Fires. And give him a safe heaven against Grey Governements, the Smoking
Man and Maulder's corporation (cool I _exagerated_ again).
But what if he has to break his head to configure the whole stuff? Or
forgets to read the HOWTO/INFO/FAQ/RTFM?
>
>> As an example among many. Well some people prefer to use "crack
>> traps" rather than thinking about applying C2 to every user's brain...
>
>
> Yup. Many such people would be happy with no
> access controls at all.
Correct. Some do seriously ask to kill even the traditional *NIX
restrictions.
>
>
>> In fact this point is still the biggest security breach of all. And no
>> matter how many threats and rays you spend on users, 99% of security
>> breaches are caused by them...
>
>
> Those pesky users.
Pesky but real. Here we have a manythousandsofusersnetwork on Linux.
99,9999999999999999999999999999999999999999999% of cases (the number is
NO JOKE) were and are caused by some jerk "gifting" his/her password to
the "best friend" or "neighbor". It's extraordinary that every other
break in attempt starts exclusively from this point. First one gets
other's login. Then he starts breaking in...
>
>
>> Now why I am talking about this? Well, I saw a near C2 implementation.
>> The level of security was extrapolated to the impossible because there
>> was a series of rules and possiblities that were inter-exclusive. The
>> system was a monster and people felt like working in something worse
>> than the Gulag (and, oh damn, Democracy is now working here... So people
>> were talking the Hell about it) So the concept was completely changed.
>
>
> Like the Gould C2 system back in '86. Feature and
> criteria creep kill that one.
Why do we need to go that way back? There's a much more recent sad
example of it. Well the thing cannot be 100% C2, but it tries hard to
follow it. Till now I have nightmares on how it broke...
>
>> ... You cannot
>> implement such a protocol just by adding a module.
>
>
> Maybe You couldn't, but I've done it on three seperate
> occasions.
>
> Fear not. We're only here to help!
>
Well I would really like to see such an implementation in
Real-Life(TM)... Fear not. We are only here to KKND... For a better
Future...
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/