Date: Fri, 12 Mar 1999 14:54:43 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: "Ilmar S. Habibulin" <ilmar@ints.ru> Cc: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <Pine.BSF.3.96.990312145344.12216A-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.05.9903122015550.91667-100000@ws-ilmar.ints.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Mar 1999, Ilmar S. Habibulin wrote: > On Thu, 11 Mar 1999, Matthew Dillon wrote: > > > :> Here's an idea.. FreeBSD could pay for a 3rd party security audit > > :> of a stock FreeBSD system. Peter Shipley did this for Whistle > > :> and the InterJet (a "black box" approach). No problems were found > > :> but it was good to know that :-) > > :This is a joke, right? > > It would be hillarious if we could get a C2 certification for a base > > GENERIC system. > With posix.1e fully implemented it should get B2 ;-) but who will pay for > sertification??? Well, although someone is implementing MACs, I don't plan to get to that for a while. And the technical editor of posix1e (see posix1e mailing list archive) has indicated he thinks the information label stuff should just be ignored. C2 would be easy, assuming the time and budget for the certification process; a B rating with MACs shouldn't be hard, again the same certification process withstanding. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990312145344.12216A-100000>