From owner-freebsd-security Wed Oct 15 05:59:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id FAA10581 for security-outgoing; Wed, 15 Oct 1997 05:59:37 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from fly.HiWAAY.net (root@fly.HiWAAY.net [208.147.154.56]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA10536 for ; Wed, 15 Oct 1997 05:59:27 -0700 (PDT) (envelope-from dkelly@nospam.hiwaay.net) Received: from nospam.hiwaay.net (tnt2-21.HiWAAY.net [208.147.148.21]) by fly.HiWAAY.net (8.8.7/8.8.6) with ESMTP id HAA07649; Wed, 15 Oct 1997 07:59:13 -0500 (CDT) Received: from nospam.hiwaay.net (localhost [127.0.0.1]) by nospam.hiwaay.net (8.8.7/8.8.4) with ESMTP id HAA23976; Wed, 15 Oct 1997 07:59:11 -0500 (CDT) Message-Id: <199710151259.HAA23976@nospam.hiwaay.net> X-Mailer: exmh version 2.0zeta 7/24/97 To: Colman Reilly cc: dkelly@hiwaay.net, security@freebsd.org From: dkelly@hiwaay.net Subject: Re: C2 Trusted FreeBSD? In-reply-to: Message from Colman Reilly of "Wed, 15 Oct 1997 12:37:36 BST." <199710151137.MAA20965@monoid.cs.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 15 Oct 1997 07:59:09 -0500 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > SGI also *claims* to meet C2 with only Discressionary Access Control, in > other words, "plain old Unix user and groups." Note emphasis on "claims", > as they developed Trusted Irix for B1 or thereabouts and were somehow > prevented from having more than one system under test. And never submitted > a system for C2 testing. So they provide a white paper detailing how plain > old Irix with the addition of the Trusted Irix auditing system meets the > intent of C2. This has been Good Enough to use plain Irix with audit trails > at work. > Think it would have been good enough if it had been a free OS crowd writing > the paper and not SGI? It all depends on who your approving authority is. We've worked hard to establish a good relationship with ours. He respects our judgment. And availability of source code is no small plus in this business. One of their first concerns is to prevent a security violation. Next is to detect the violation. And once detected, the ability to analyze it and prevent it from happening again. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.