Re: The disappearing sys_call_table export.

Jesse Pollard (jesse@cats-chateau.net)
Tue, 13 May 2003 07:24:49 -0500


On Monday 12 May 2003 20:57, Chuck Ebbert wrote:
> Alan Cox wrote:
> > 1. Base Linux is not C2 certified
>
> That could be fixed... (right?) Filesystems returning data past the
> end of what the user wrote might be a big problem though -- this must
> be guaranteed even in obscure corner cases.

No - C2 evaluation has not been done for almost 3 years. That makes it
impossible to get a C2 evaluation.

> > 2. C2 is obsolete
>
> Obsolete or not, it is mandatory for some people. No check box,
> no purchase order (or no certificate of operation.)

Bullshit - NO OS is C2 anymore. The last certification was given to MS for
NT 4 - about 3 years ago. NONE of the current systems are C2. The best you
can get is "C2 like capability", and that is not a verified operation. And
"C2 like capability" Linux does just as well as M$. Are the log files as
pretty as would be desired? No. But they are acceptable for all US usage
where a UNIX system is acceptable. (And don't even try to claim M$ produces
a secured box... I haven't even been able to find the "trusted facility
manual" for the released systems... which is a requirement for operation.

> > 3. NSA SELinux can do the needed stuff from scanning the code
>
> But will it get merged?

I don't know, but I hope so. (2.7 maybe?)

> > 4. Even then data erasure is not guaranteed because of the drive logic
>
> People who really care require the drive be reduced to pieces small
> enough to fit through a sieve with ~2mm holes in it before it leaves
> their sight. For the rest, overwrite of the swap data is a useful if
> not 100% reliable step to take. Legitimate users with servers locked
> up in secure areas don't really worry about someone unplugging the box
> and walking away with it either.

These are also the same people that will not (or should not) accept laptops in
their environement.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/