http://www.nsa.gov/selinux/
But it's not secure in the way you are probably thinking. Instead it's (for
the most part) a security enhanced prototype kernel that enforces mandatory
access control policies that confine user programs to the bare minimumum
needed to do their jobs. The idea being that when a buffer flow occurs in a
program, the whole system can't be compromised by it.
Can this thread die now?
Matthew
----- Original Message -----
From: "Elaine -HFB- Ashton" <[EMAIL PROTECTED]>
To: "Dan Sugalski" <[EMAIL PROTECTED]>
Cc: "Jon Gunnip" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 10:45 PM
Subject: Re: [Boston.pm] linux
> Dan Sugalski [[EMAIL PROTECTED]] quoth:
> *>
> *>If you go redhat (And I'd go and pay for the distribution), the very
> *>*first* thing you should do is connect up to redhat's support site and
> *>update everything. There isn't a redhat release (nor any other linux
> *>distro, AFAIK) that's really safe. Average compromise time for one on
the
> *>net full-time's reported to be around 48 hours by some folks.
>
> Why haven't the linux distributers addressed this monsterous problem?
> OpenBSD and NetBSD both have far more reasonable and secure default
> installs and I would think it wouldn't be an extreme feat of effort to do
> the same for Linux...maybe I'm just guessing but users should really
> demand that. Wasn't there an NSA 'secure linux' ditro somewhere?
>
> e.
>
>
