On Mon, Jan 07, 2002 at 02:14:19PM -0700, Bill Walls wrote: > But this all boils down to some questions: How "Secure" do you think it > is? How usable do you think it is? Is it something I should research more > into (As a coder, I'm interested about the process management and such...) > What are your feelings on the NSA Linux? >
The way I understand it works is that it is a patch into the Linux kernel and several key GNU utilities so as to provide mandatory access control and a better security model than the Unix/POSIX model has provided to date. It removes the notion of an all-powerful root account and instead spreads out the many powers of the root account more thinly, so that you can selectively grant permissions to various programs that contain the privileges that they need, no more and no less. It attacks the problem of host security at the most fundamental level: the poor security model of Unix/Linux, and provides resilient security even in the face of poorly written code and malicious exploiters, provided that the code has been written properly. Of course, given the NSA's history as the world's premier intelligence agency, with a budget several times that of the CIA, and its clandestine history of sneaky activities, most people look at this effort with a leery eye. Although it is unlikely, they might have tucked away a few back doors into the vast mountain of code (and the changes they made are in no way minor) that will take a while for people to spot, especially if it doesn't become that mainstream. Linus and the rest of the kernel core developers have actually considered incorporating this work into the mainstream kernel, pending a full examination of all the changes. -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, Inter.Net Philippines +63(917) 4458925 http://dido.ph.inter.net/ OpenPGP Key ID: 0x5CDA17D8 Heute die Welt und Morgen das Sonnensystem!