From owner-freebsd-security  Fri Mar 12 11:56:33 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
	by hub.freebsd.org (Postfix) with ESMTP id EBA6114BE6
	for <freebsd-security@FreeBSD.ORG>; Fri, 12 Mar 1999 11:56:03 -0800 (PST)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id OAA12233;
	Fri, 12 Mar 1999 14:54:43 -0500 (EST)
	(envelope-from robert@cyrus.watson.org)
Date: Fri, 12 Mar 1999 14:54:43 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: "Ilmar S. Habibulin" <ilmar@ints.ru>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: disapointing security architecture
In-Reply-To: <Pine.BSF.4.05.9903122015550.91667-100000@ws-ilmar.ints.ru>
Message-ID: <Pine.BSF.3.96.990312145344.12216A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 12 Mar 1999, Ilmar S. Habibulin wrote:

> On Thu, 11 Mar 1999, Matthew Dillon wrote:
> 
> > :> Here's an idea.. FreeBSD could pay for a 3rd party security audit
> > :> of a stock FreeBSD system. Peter Shipley did this for Whistle
> > :> and the InterJet (a "black box" approach). No problems were found
> > :> but it was good to know that :-)
> > :This is a joke, right?
> >     It would be hillarious if we could get a C2 certification for a base
> >     GENERIC system.
> With posix.1e fully implemented it should get B2 ;-) but who will pay for
> sertification???

Well, although someone is implementing MACs, I don't plan to get to that
for a while.  And the technical editor of posix1e (see posix1e mailing
list archive) has indicated he thinks the information label stuff should
just be ignored.  C2 would be easy, assuming the time and budget for the
certification process; a B rating with MACs shouldn't be hard, again the
same certification process withstanding.

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
Safeport Network Services             http://www.safeport.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message