Date: Fri, 22 Jun 2001 10:16:31 -0400 From: Shannon Hendrix <shannon@widomaker.com> To: FreeBSD-advocacy@FreeBSD.ORG Subject: Re: Ask a question.. Thanks.. Message-ID: <20010622101630.C32692@widomaker.com> In-Reply-To: <005701c0faea$e3433e20$1401a8c0@tedm.placo.com> References: <005701c0faea$e3433e20$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 22, 2001 at 12:13:50AM -0700, Ted Mittelstaedt wrote: > I wouldn't build a ship with a double hull and many separate compartments > inside that was full of holes that everyone knew about. It's more like a ship whose hull has or will develop holes, but has protection against the damange that causes. Nothing stops you from replacing the holes in LinuxSE. The NSA isn't trying to fix things like ftp, etc. I'm sure they would recommend you patch things like that up. I think most of their modifications are at the kernel level, not userland. > While it seems that compartmentalizing is more secure, the security > of ANY box is only as good as the administrator in charge of it. > There's an old saying KISS (Keep It Simple Stupid) and I would be > real concerned about a box that had "security" customizations to > the level you describe. It seems more like an auditing nightmare. It's nothing new, and it's not an auditing nightmare, at least not any more than any system of it's kind is. It's a lot like Multics was. You have a system where you are protected even from root. Files cannot be given to people whose security level is lower than the file, even by a user with high security privs. root cannot read your private email or files, only do their admin work. Mandatory access is useful in a wide range of systems. Anyway, their goal is a system that supports security and access control like some other systems have (Multics), not to patch up every utility program out there. Think about ISPs running systems like this, where your email is really yours, and even their admins cannot read it. Their role could be defined as delete only since obviously they need to be able to get rid of accounts. But they need never be able to actually read your files. Just an example. I think features like this are useful for general use UNIX systems myself. It's definitely not for every server out there, but there have been a lot of times when I could have used things like this. > While the big-strong-hull that's hard to puncture might let all the oil out, > there's only one hull you have to inspect. The double-hulled one with the [snip] All of which proves the tanker analogy was a bad one. -- "We have nothing to prove" -- Alan Dawkins ______________________________________________________________________ Charles Shannon Hendrix s h a n n o n @ w i d o m a k e r . c o m To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010622101630.C32692>