From owner-freebsd-security  Fri Mar 12  5:51:51 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
	by hub.freebsd.org (Postfix) with ESMTP id 14C0F14BD3
	for <freebsd-security@FreeBSD.ORG>; Fri, 12 Mar 1999 05:51:48 -0800 (PST)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id IAA10448;
	Fri, 12 Mar 1999 08:51:06 -0500 (EST)
	(envelope-from robert@cyrus.watson.org)
Date: Fri, 12 Mar 1999 08:51:05 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: andrewr <andrewr@slack.net>, Archie Cobbs <archie@whistle.com>,
	Andrew McNaughton <andrew@squiz.co.nz>, freebsd-security@FreeBSD.ORG
Subject: Re: disapointing security architecture
In-Reply-To: <199903120628.WAA73182@apollo.backplane.com>
Message-ID: <Pine.BSF.3.96.990312084725.6494Q-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 11 Mar 1999, Matthew Dillon wrote:

>     It would be hillarious if we could get a C2 certification for a base
>     GENERIC system.

I think that would be great also, although possibly not GENERIC :-).
POSIX.1e was intended to match the requirements of the various colored
books.  Once we have Auditing and ACLs, I suspect we are getting fairly
close to C2-capable.  I've never actually read those specs though--anyone
know if they are still available, and if so have an ISBN?  If not, I can
go dig up a reference librarian and have them find it for me, but Amazon
is usually easiest :-).  

C2 certification is presumably also an expensive process; if someone wants
to find a sponsor, we could almost certainly achieve C2 compliance with a
little restriction of the base system and appropriate POSIX.1e options.
Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the
competition out of the water (so to speak) and certainly be excellent PR.

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
Safeport Network Services             http://www.safeport.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message