Date: Fri, 12 Mar 1999 08:51:05 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: andrewr <andrewr@slack.net>, Archie Cobbs <archie@whistle.com>, Andrew McNaughton <andrew@squiz.co.nz>, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <Pine.BSF.3.96.990312084725.6494Q-100000@fledge.watson.org> In-Reply-To: <199903120628.WAA73182@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Mar 1999, Matthew Dillon wrote: > It would be hillarious if we could get a C2 certification for a base > GENERIC system. I think that would be great also, although possibly not GENERIC :-). POSIX.1e was intended to match the requirements of the various colored books. Once we have Auditing and ACLs, I suspect we are getting fairly close to C2-capable. I've never actually read those specs though--anyone know if they are still available, and if so have an ISBN? If not, I can go dig up a reference librarian and have them find it for me, but Amazon is usually easiest :-). C2 certification is presumably also an expensive process; if someone wants to find a sponsor, we could almost certainly achieve C2 compliance with a little restriction of the base system and appropriate POSIX.1e options. Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the competition out of the water (so to speak) and certainly be excellent PR. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990312084725.6494Q-100000>