[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nsa code ?

To: securedistros@nl.linux.org
Subject: Re: nsa code ?
From: Muggins the Mad <mugginsm@conformidel.com>
Date: Sun, 18 Mar 2001 12:24:29 +1200
In-Reply-To: <20010317102228.B13887@dungeon.inka.de>
References: <A77BEC1A2E6ED4118DD7006008C18DB873890A@stpntmx03.sctc.com> <3AB2CC4A.511D4BE9@wirex.com> <20010317102228.B13887@dungeon.inka.de>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 17 March 2001 22:22, you wrote:
> what do people here think about the nsa secure linux ?

I downloaded it last night and spent a few hours looking at it.

If the implementation works as well as the design, then I think
this is one of the most useful security additions I've seen. 

Having individual processes with their own permissions system
is something I've been looking out for for a long time. The idea
that you can configure netscape to only be able to read/write
$HOME/.netscape and $HOME/downloads, for example, 
suddenly makes an attack using netscape bugs a whole lot
harder to do. (I use netscape as an example only, securing
sendmail, ftpd, and similar servives is equally good).

> is anyone integrating this into a linux distribution ?
> why not?

Not that I'm aware of, although give it time. A decent security
system (SE Linux, LIDS, and the like) will require quite a lot
of changes to some of the "standard" UNIX tools. That
much of a change requires not only a lot of programmer-hours 
to do, but a terrific amount of time testing and just figuring
out how to put things together. 

There is also the fear of trusting something coming from the NSA. 
However, I think that if they *really* wanted to infiltrate
Linux they'd just have a pet "freelance" developer working 
their way into some critical high-priority application. Me, I'd
probably pick some binary-only application that large numbers
of people use and "accidentally" leave a subtle bug that is 
exploitable.   Netscape? Star Office? Nvidia video drivers anyone?

- - Muggins
- --
mugginsm@conformidel.com.
GnuPG/PGP public key avaliable on request.
Also seen at ICQ 8108509
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6tABCEuXPAaSIr2ARAqpWAJ4vWIOOTWwS5LGHXg/hEbr2GMXVUgCfUmh9
SFBCbpeN+Qh4TzsDZ54NzC0=
=E1h5
-----END PGP SIGNATURE-----
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- Re: nsa code ?
  - From: Pedro Rosa <Pedro.Rosa@ksu.ru>

References:
- C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: "Dowd, Alan" <alan_dowd@securecomputing.com>
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: Crispin Cowan <crispin@wirex.com>
- nsa code ?
  - From: aj@dungeon.inka.de (Andreas Jellinghaus)
- nsa code ?
  - From: aj@dungeon.inka.de (Andreas Jellinghaus)

Prev by Date: Re: nsa code ?
Next by Date: how to unsubscribe from this list
Prev by thread: Re: nsa code ?
Next by thread: Re: nsa code ?
Index(es):
- Date
- Thread