On Thu, 7 Jun 2001, Michael R. Jinks wrote:
> More generally, a lot of people much smarter than me (the NSA's Secure
> Linux team for starters) have said that the only way to combat "hostile
> code" effectively is to build the OS with capabilities and trust
> features, something that's missing from most mainstream OS's these days.
Yep, I prefer RSBAC (http://www.rsbac.de) for an approach to a trusted
computing base-type Linux, but either one works. Admin overhead is
probably the main difference in the models, but both apply formal
protection mechanisms.
> I'd be shocked right down to my Corcorans if M$ spent the time and
> effort necessary to give their next whitewash of WinNT robust
> capabilities features.
>
> But hey, maybe.
To be fair, they did a complete ACL implementation, and implemented the
Secure Attention Key (SAK) for login- but I feel pretty sure that only a
fairly good base of deployed secure Linux systems for commerce
applications will move that ship to the right.
Removing root compromises and allowing untrusted CGI code both seem to me
to be big wins for the Linux camp- it'll be interesting to see how MS
answers given the longish time to implement such solutions.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
