SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List RE: hello? This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Zachary Uram <zu22_at_andrew.cmu.edu> Date: Fri, 8 Jun 2001 15:23:26 -0400 (EDT) On Fri, 8 Jun 2001, Jonathan Day wrote: > > Second, selinux and OpenBSD aim for security in two orthogonal ways. (ie: They don't interact at all.) SELinux aims for security through setting up quantifiable boundaries on resources. Nothing goes in or out, without explicit permission. Thus, if a program is compromised, the impact of that is going to be much smaller than it would be, otherwise. Hi Jonathan, Oh I see. > OpenBSD is an exercise in phenominal auditing. I think they've found one, maybe two, potential security problems in the pasy year. It is also a hotbed of encryption. Their IPSec implementation is extremely good, for example, and OpenSSH is one of the best SSH clones going. Auditing is software verification & validation testing? How do they find the bugs in the code? > As for which is better, it depends on which track suits your needs the best. Personally, I suspect that when the Stanford Checker is released onto the world, the wholesale auditing of Linux, the various extensions, and every package ever written for it, will become an industry of its own. What is Stanford Checker? Can I download it for free? What is website? Is it like the weblint of Linux security? > The other thing you need to consider is that SELinux, as it stands, isn't designed to work with MOSIX, yet MOSIX seems (from the publicity) to be destined for the kernel. This means that SELinux is going to need some degree of extending and bashing to get it to work with a distributed environment. MOSIX is to Linux as POSIX is to UNIX? Does MOSIX have website? > I've never tried SELinux with Debian, but it should run just fine. It's not distribution-specific. Cool. Thanks. I want to start installing different secure OSes on my machines and then try break in and examine my logs to learn. SDG, Zach uram@cmu.edu "Blessed are those who have not seen and yet have faith." - John 20:29 -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 8 Jun 2001 - 15:25:58 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: setting up selinux" Previous message: Frank Zecca: "setting up selinux" In reply to: Jonathan Day: "RE: hello?" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom