Re: Possible project


From: "John Everitt" <je@firetrench.net>
Subject: Re: Possible project
Date: Fri, 2 Jun 2000 21:19:45 +0100

Next Article (by Subject): Possible solution for SMP problems Amon Ott
Previous Article (by Subject): Re: Possible project Jesse Pollard
Top of Thread: Possible project "John Everitt"
Articles sorted by: [Date] [Author] [Subject]


Hi Jesse,

Thanks for the reply, all comments are appreciated.

> If you are going to secure the system then you must also support the
> nonexecutable stack (and data) space. This combined with capability lists
> should prevent the loading of a complex function into buffer overflow
attacks
> and have them work.
>
> Nonexecutable stack does break some compatibility.

I have used Solar Designer's patches in the past with the 2.0 Kernel and
found them to be quite good. If this approached can be adapted to the 2.3.x
and 2.4.x Kernel tree it would be great.  Still a compromise may be Libsafe.

> What you appear to be generating is a very limited function system for a
> small list of applications - single web server (no user logins), DNS
server,
> routers, and maybe firewalls. No compilers. No debuggers. No editors.

That was the original idea.  However, several people have now said to me
that they think the limiting of capabilitys is a false economy so we'll take
that on board.

Have you read the comments online yet?  I have forwarded you the latest.

> Anything else calls for nearly the entire range of capabilities. Control
> at this level would be better served by a combination of IPSec, MLS
(RSBAC),
> user identification, and careful definition of the trusted utilities. This
is
> more flexable and resiliant to failures. Yes, it is harder to administer;
but
> it is far more capable and usefull.

I personally want to aim this system at medium to advanced level admin.  If
possible (funding permitting) it may be nice to see if it can be put through
Common Criteria at EAL4.  However I am fully aware of the time and costs
involved with this.

Regards

- John Everitt
http://www.firetrench.net/users/barebones


-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Possible solution for SMP problems Amon Ott
Previous Article (by Subject): Re: Possible project Jesse Pollard
Top of Thread: Possible project "John Everitt"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.