First Linux Question

I don't understand how
3. http://www.ggi-project.org/

...applies to the question.

Also...

Quote:

---

This work is not intended as a complete security solution for Linux. Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux.

---

Quote:

---

Nonetheless, we feel we have presented a good starting point to bring valuable security features to Linux.

---

That won't look good in an audit, will it? ;)

Sorry, I like drawn out debates... it brings out very interesting information. Would another thread addressing the risks of a root account be participated in? Or has it been addressed enough here?

Quote:

---

Originally posted here by catch

!ir, that document hurts my head.

---

C'mon buddy, it's encrypted syntax. You just need some of this import imperial brew I've been drinking all day long. They refer to the "trusted" path as the sa ' K ' (Secure Access Key) not the (Secure Attention Key). This ones different than yours.....more secure.... maybe they collected all possible security functions into a security kernel......this time it lies iinside the TCB. I think this ones the ticket.

We touched on a little of MAC what's next? Usability?

First and foremost, I want to thank catch for these threads ( sorry the first went the route it did ). I really hope he continues, and posts the rest of the questions he asked ( those distributed privately, which was not apparent at first. ) I am really enjoying the discussions and opinions.

I really don't want to divert from the current path of this thread, but thought I should comment on something:

Quote:

---

(the fact that SE Linux is supported by the standard kernel should make you all ask "Why?! Why in gods name would we give that kind of core support to research projects?") ...

---

I think something has been overlooked here, although may be a matter of semantics.

SELinux is no longer just a research project. It is commercially available, and has been so since February, 2005 with the release of Red Hat Enterprise Linux v.4.

Quote:

---

Mandatory Access Control: Security Enhanced Linux (SELinux) provides a MAC infrastructure that complements the existing Discretionary Access Control security features provided by the standard Linux environment. ...

---

What may be ( is ) still a research project is how SELinux is implemented for individual Distros, and how it applies to new software and environments.

And to slarty

Quote:

---

It is entirely possible, on WinNT, for someone with Administrator access to create a fake login screen which bypasses the secure attention key. I know how to do it (if anyone is interested).

---

Although I do not know how to do this, just got done setting up an FC4 box during a binge with someone who has done the same routinely with Win2k on several networks ( acceptable use, while administering the networks, ) but just bypasses the SAK, no fake screen needed. If ever I need it, he will be glad to supply the info needed. But I may have to get him drunk again :)

Quote:

---

First and foremost, I want to thank catch for these threads ( sorry the first went the route it did ).

---

Thanks for that, i am mostly trying to get to the bottom of the issues I have had with Linux and I have received so many hundreds of zillions of answers for, most of them verifibaly incorrect. ;) I hope others can benefit as well.

Quote:

---

SELinux is no longer just a research project. It is commercially available, and has been so since February, 2005 with the release of Red Hat Enterprise Linux v.4.

---

I disagree with the idea of taking a research project, adding it to a commercial product as is and calling it no longer research... it isn't a more mature version it just isn't being researched any further.

Nowhere in the NSA documentation do they address SE Linux as ready for commercial implementation, in fact the make a point to say the opposite, yet there it is.

cheers,

catch

Here's a good paper for anyone who is interested: http://cisr.nps.navy.mil/downloads/t...is_bartram.pdf

Written June 2000: There seems to be a lack of progress in this area, anyone know why?

One, when designing an OS, security must be taken into consideration throughout the whole design of the OS.

Two, it’s extremely difficult to retrofit assurances into the OS after the OS is designed.

Three, at the price of being redundant, security should begin during the alpha stages and be continual right into the omega stage. Any seasoned architect will second this motion. There are principles concerning protection mechanisms that need to be thought-out in the alpha stages. Like (PA) Psychological acceptability etc...etc... break these principles early on and you're on your own. Sounds like a lot of lost time to me, which is lost money.

And well, this one's a wreck......you're supposed to start with small low-level code in the kernel containing the lowest of low level OS functions....such as the topic. Small = assurances hence why the microkernel is the bomb and is the cornerstone of any good design. ;)

Quote:

---

One, when designing an OS, security must be taken into consideration throughout the whole design of the OS.

---

In the context of this thread, IE Linux vis Windows, I think it safe to say, that both OS's have had to evolve and adapt as threats become known.

Quote:

---

Two, it’s extremely difficult to retrofit assurances into the OS after the OS is designed.

---

I'm sure that is true, but both OS's have had to do just that........XP service pack 2 comes to mind. Also, and I cant find it now, wasn't the functionality of the trusted path added to NT with a service pack?

Quote:

---

In the context of this thread, IE Linux vis Windows, I think it safe to say, that both OS's have had to evolve and adapt as threats become known.

---

Actually this thread isn't about Windows vs Linux, it's about Linux having a trusted path.

However, the Windows security model has remained largely the same, and its microkernel style style structure allows the simple and secure addition of core functionality.

cheers,

catch

Quote:

---

Actually this thread isn't about Windows vs Linux, it's about Linux having a trusted path.

---

I phrased my reply incorrectly, I should have made it more clear. When I said , "In the context of this thread" I was refering to the topic of trusted path and the two OS's.

Quote:

---

Originally posted here by jinxy
Also, and I cant find it now, wasn't the functionality of the trusted path added to NT with a service pack?

---

What company reads the NCSC-TG-002, enters into a product security evaluation and shows up with a half-ass TFM that doesn't explain how their products security mechanisms work (trusted path)? Or reads the NCSC-TG-016 for that matter?

Quote:

---

SPECIFICATIONS AND DESIGN DOCUMENTATION
When a vendor enters into a product evaluation, he must present evidence that his system and its design meets the appropriate criteria requirements. Examples of the type of evidence normally submitted to support an evaluation include the design specifications that explain the security mechanisms, the Trusted Computing Base (TCB) arguments that show how the TCB is tamperproof, always invoked and small enough to be analyzed. Also, the model (or philosophy of protection) and how it relates to the implementation are important parts of the evidence. The best test of evidence is that it must include all the information such that a new team that is basically unfamiliar with the product could evaluate only the evidence and reach the proper
conclusion. ~ NCSC-TG-002

---

Quote:

---

requires that vendors provide a document to the evaluators......These include ... trusted path.~ NCSC-TG-002

---

Quote:

---

The only additional TFM requirement here is that of documenting trusted path mechanisms availible to the admin....NCSC-TG-016

---

On top of that, what company creates an OS with a TCB that pretermits a trusted path?

Quote:

---

Originally posted here by jinxy
I phrased my reply incorrectly, I should have made it more clear. When I said , "In the context of this thread" I was refering to the topic of trusted path and the two OS's.

---

He said IBM/Windows and I'm assuming any other COTS system that meets his requirements in the mans production environment.
I'm a little hammered right now I'll fix typos later.

Quote:

---

Originally posted here by rcgreen
More than anything else, this reveals why you are a suit and not a computer guy.
You live in a world of abstractions, coming from the top down, enforced by willpower,
rather than from the physical world, aware of what can actually be accomplished in hardware.

---

You know, I've pondered your statement for a while now.....at first I said to myself WTF is he talking about...then I recollected one of my favorite threads here, and then it hit me.

Quote:

---

Originally posted by catch

In reality, the end result is that given similar funds we will end up with similar systems. Mine however will be more comprehensively defined, will mesh better with high level policy, and will have less demanding personnel requirements. For most however this is mere nuance, though as the initial budget increases, so does the gap between the systems. Until eventually one method tops out perfect and the other as a rotten pork chop with heaps of fancy gravy on it.

---

So now hopefully you can comprehend fully why he wants what he wants, and understand his precociousness, which will save future assets in his production environment.

edit### merged post