Re: The disappearing sys_call_table export.

Jesse Pollard (jesse@cats-chateau.net)
Tue, 13 May 2003 16:44:41 -0500


On Tuesday 13 May 2003 09:45, Chuck Ebbert wrote:
> Jesse Pollard wrote:
> > No - C2 evaluation has not been done for almost 3 years. That makes it
> > impossible to get a C2 evaluation.
>
> The people who used to require that still have lists of approved
> operating systems. Linux is not on that list.

Neither is windows, OS2, MAC 5/6/7/8/9/10.. for that matter.

> > And
> > "C2 like capability" Linux does just as well as M$. Are the log files as
> > pretty as would be desired? No. But they are acceptable for all US usage
> > where a UNIX system is acceptable.
>
> "No audit trail" pretty much kills it right from the get-go.

It does have audit trails... you do have to turn on process accounting. Are
they pretty... no. But it is equivalent to base Solaris (well, before 2). You
also have to turn on logs from every service daemon.

> Base Solaris has it. And I'm pretty sure HP-UX 9 did but that was
> a while ago...

No current OS has C2 certifications - they have an EAL3 or 4. But not C2.

> And real ACLs are only now getting into Linux... how long till someone
> certifies that they work is anyone's guess.

Real ACLs were available about 2-3 years ago. They just were not accepted
for inclusion, and the patch died.

First some organization has to come up with a good bit of $$$. Evaluations
are not cheap. It would take over a year to get an EAL3, and longer yet to
get 4.

> > These are also the same people that will not (or should not) accept
> > laptops in their environement.
>
> Untrusted users shouldn't be allowed cellphones, PDAs, laptops or
> similar.
>
> Next step up is probably full body cavity search to make sure you
> haven't hidden a Microdrive somehwere...

Remember the body scanner in that Mars based Schwartzenegger movie...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/