On Wed, 23 Dec 1998, Michael P. Lyle wrote:
> Agreed. My point was there are so little off-the-shelf applications..
Well, I've only played with a couple of systems, but Apache (modified to
be part of the TCB), BIND, Sendmail (Yes, honest), and network B2 seem
"enough" for most electronic commerce and public Web site applications,
especially when you can put a low MAC on the public interface and allow
content updates at the appropriate MAC level on an internal interface.
That's also pretty easy to set up :)
> Unfortunately, all of the trusted operating systems that I know of use a
> model that makes administration rather difficult-- the DoD model. It
Yep, there's definitely some work to be done there.
> mlsbox: /usr/src/apache# /usr/bin/newlabel -n "apache" -c "make install"
> mlsbox: /usr/src/apache# echo /usr/bin/runaslabel -n "apache"
>/usr/local/apache/httpd >>/etc/rc2.d/S72inetsvc
> # get rid of the webserver label at a later date, and all related files
> mlsbox: /# /usr/bin/deletelabel -n "apache"
Combine it with trusted-path (console vs. network for example), and it
would sure be useful almost immediately.
> Also, I wish someone (like in the GNU Hurd) would relocate more functionality
> to user space. The fact that there have been many kernel buffer overflows
> found in various operating systems in the IP stack concerns me. A MLS system
> does one no good if something running with supervisor privilege does something
> stupid...
Even if not relocating code, context-based execution would be a good thing.
> > http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
>
> Will check into it; may even possibly contribute as this is something that
> could benefit many of my clients and be "cool" on my network. :)
Stability is supposed to be pretty good at the moment - I'm looking to
build another machine or two to have one on my network. My eventual plan
is to use it for at least internal nameservers, with the right setup I could
hand off administration and still not have a operator with root or the
ability to change base zone files. Better yet, I can give them root and
still restrict what they can do as long as I don't hand them security
officer - a godsend for allowing junior admins to do their jobs on
production machines without giving away everything.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
