[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is this mail list dead?

To: securedistros@nl.linux.org
Subject: Re: Is this mail list dead?
From: Pedro Rosa <Pedro.Rosa@ksu.ru>
Date: Sat, 17 Mar 2001 09:01:22 +0300
References: <Pine.LNX.4.21.0103160929460.5790-100000@imladris.rielhome.conectiva> <3AB22644.9090202@ksu.ru> <3AB24312.3F873E74@sgi.com> <3AB28BB6.1040303@ksu.ru> <20010316142348.B27137@ultraviolet.org> <3AB2A2E2.8020606@ksu.ru> <20010316185950.A6251@ultraviolet.org>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-9mdksmp i686; en-US; 0.8) Gecko/20010216

Tracy R Reed wrote:

> On Sat, Mar 17, 2001 at 02:33:54AM +0300, Pedro Rosa wrote:
> 
>> Cool. I AGREE Linux is getting an horrible reputation.But I would prefer 
>> a solution a-la OpenBSD rather than seeing a dubious security scheme 
>> being implemented as a major feature all over the kernel and getting 
>> into all distros. Note: I have NOTHING against C2 or its successor. What 
> 
> 
> How is a solution a-la OpenBSD going to make Linux any more secure? We
> can't just use OpenBSD in situations where we need security. EVERY
> computer needs security. From computers at the Pentagon to computers in
> your bedroom. Unless you meant that Linux should be audited as well as
> OpenBSD. That's a great idea but it's a lot of work and Linux evolves way
> too quickly. Software in general desperately needs a way to prevent
> inevitable implementation bugs from becoming major security holes. As long
> as new software is being written new bugs will continue to appear. We need
> a system to help mitigate that risk. How is SE Linux (assuming it
> continues to mature and becomes suitable to the task) a dubious security
> scheme?

Oooooooh God!.. Why are you putting the Pentagon and my bedroom in the 
same line? Yes Pentagon may need security. However, inside my bedroom my 
computer will not need any security. To get into my bedroom one first 
should pass through the door or the window. If he does that then it will 
be hardly possible that he will have time to see what my comp is made 
of... Believe me. He has a 99% chance of seeing a roaring Neanderthal 
for the very first time in his life (and probably the very last one)...

One what concerns OpenBSD. I don't mean a concrete realisation of 
OpenBSD structure in Linux but more a "security-oriented" distro.

> 
>> I consider erroneous is to implement C2 inside the main trend. That will 
>> surely give birth to distros and builds on which security is WRONG from 
>> the very start. Because people will concentrate their ideas and efforts 
> 
> 
> C2 security is wrong? How so?

I didn't say that... Make a difference between the concept and its 
possible uses. As i said before, I don't see anything wrong with C2 
ideas (well, when I worked closely with it I did saw a few points I 
didn't like, but that's another story).

> 
> 
>> I am speaking about this because I did see a completely stupid C2 
>> implementation. And one of the actors of the comedy is me... In fact I 
>> even directed the second act... That was a lesson: NEVER use a common 
>> security conception just because it's right on your desk... Or someone 
>> likes it...
> 
> 
> I don't understand. You implemented C2 stupidly? Why?

Ok, maybe I'm damn dumb bad in English... I'll try to say in other 
words. One gets the prospect "It's C2 compatible!". He tries to use it 
and fails. He passes the job to me and says: "It's C2 compatible!" and 
shows you the prospect. And you try for a few weeks to do what the other 
guy already knows is not possible... He just wanted to be sure...

> 
>> Anyway, I think that, with the present way things are added to the 
>> kernel, we will not get anything good. I believe security should keep 
>> out of the main kernel makings (only a very small "supporting" set 
>> should be in it). But the traditional "patching" methods are getting too 
>> square and too straight to produce a good "secured" kernel version. I 
>> believe this is where the real security conceptions should start to see 
>> the kernel...
> 
> 
> I strongly disagree. The kernel desperately needs security. People don't
> have to use it or compile it in. But it must be there. I'd love to see
> more support in hardware for security too but industry and the general
> public don't seem to care much about se

The Kernel DOESN'T need security. It's people who need it. And the 
kernel should only give a few primitive anchors to allow the use of 
different ideas, protocols and implementations. According and strictly 
according  to users needs. And security brainstormers should keep in 
mind that they shouldn't work for the idea but for the people, the 
people and only the people. And if Linux doesn't answer the 
requirements, to choose an OS they may answer them (M$ MazDies outta da 
train!). Without remorses. Security is much more important than all 
feelings the cute li'll Tux may give you.

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

References:
- Re: Is this mail list dead?
  - From: Rik van Riel <riel@conectiva.com.br>
- Re: Is this mail list dead?
  - From: Pedro Rosa <Pedro.Rosa@ksu.ru>
- Re: Is this mail list dead?
  - From: Casey Schaufler <casey@sgi.com>
- Re: Is this mail list dead?
  - From: Pedro Rosa <Pedro.Rosa@ksu.ru>
- Re: Is this mail list dead?
  - From: Tracy R Reed <treed@ultraviolet.org>
- Re: Is this mail list dead?
  - From: Pedro Rosa <Pedro.Rosa@ksu.ru>
- Re: Is this mail list dead?
  - From: Tracy R Reed <treed@ultraviolet.org>

Prev by Date: Re: Linux at C2 - was Re: Is this mail list dead?
Next by Date: nsa code ?
Prev by thread: Re: Is this mail list dead?
Next by thread: Linux at C2 - was Re: Is this mail list dead?
Index(es):
- Date
- Thread