| 1 |
Well, then neither GNU/Linux and OpenBSD are systems for you, since |
| 2 |
them both are not reliable since both are only a C2 systems by default |
| 3 |
under the orange book, maybe you should look for a system as CaprOS |
| 4 |
that reach to the A1 level and with other things has an exokernel |
| 5 |
(instead of an monolithic kernel as OpenBSD and Linux). |
| 6 |
|
| 7 |
Sorry but as I said you before, you can't make an OpenBSD trusted |
| 8 |
since it needs a B1 classification, and the B1 needs Mandatory Access |
| 9 |
Controls that doesn't exist in OpenBSD, at least in GNU/Linux we could |
| 10 |
reach to the B1, enough to mark it as "trusted Operating system". |
| 11 |
|
| 12 |
Conclussion: You will never find an secure from the box Operating |
| 13 |
system, you will have to work (hard) to assure it under yours needs, |
| 14 |
and for this you will need and MAC system. |
| 15 |
|
| 16 |
2008/8/20, Jan Klod <janklodvan@×××××.com>: |
| 17 |
> On Wednesday 20 August 2008 22:31:30 RB wrote: |
| 18 |
>> On Wed, Aug 20, 2008 at 12:14 PM, Jan Klod <janklodvan@×××××.com> wrote: |
| 19 |
>> <snip rambling flame> |
| 20 |
> No problem, we can cut it. |
| 21 |
> |
| 22 |
>> I'm not going to address each of the fallacies I see in your |
| 23 |
>> statements, but you have an exceedingly idealistic view of software |
| 24 |
>> development and particular OS' perceived security. [Insert project |
| 25 |
>> here] may have a slogan, but the developers are still human and thus |
| 26 |
>> still make mistakes and are inherently lazy. Short of being powered |
| 27 |
>> by unicorn farts, there is no way any reasonably complex system can |
| 28 |
>> approach that ideal. |
| 29 |
> [sorry, as you see, writing what I don't know much about] |
| 30 |
> In this light I was assuming, that file server is much less complex than it |
| 31 |
> is. Give you my word to remember this when I write my next code :) |
| 32 |
> |
| 33 |
>> |
| 34 |
>> In regard to your philosophy of updates, do you build a wall and not |
| 35 |
>> defend it? Do you plant a garden and not water it? In the same |
| 36 |
>> light, no system can be "permanently" secured. Safes are rated by the |
| 37 |
>> amount of time it would take a dedicated, skilled cracker to open it; |
| 38 |
>> none are ever deemed uncrackable. If you want more time, you purchase |
| 39 |
>> [or build] one that better matches your needs. System security is no |
| 40 |
>> different. |
| 41 |
> Complexity matter again... Theoretically.. is it possible to enumerate all |
| 42 |
> the |
| 43 |
> possible scenarios for a file server? (or, I might have wrote - all of its |
| 44 |
> states) Oh, sure, it has finite amount of memory :) |
| 45 |
> Human problem. |
| 46 |
> Is easy to say "security", hard to give an action for all the possibilities |
| 47 |
> (right action by our judgement)... |
| 48 |
> |
| 49 |
> I started this as a "flame", but the rest might go out of scope of this list |
| 50 |
> and send me to theoretical computer science. |
| 51 |
> |
| 52 |
> Javier Martínez: |
| 53 |
> "control the execution of perl an python (between |
| 54 |
> others) scripts (in the way of perl blablabla.pl, which does not need |
| 55 |
> execution rights). You under this two frameworks you can do it. Can |
| 56 |
> you do this under OpenBSD ;)" |
| 57 |
> |
| 58 |
> Thanks, just you put me on my way, if I really need a reliable system, that |
| 59 |
> I |
| 60 |
> can get NOW AND HERE :) |
| 61 |
> |
| 62 |
> |
Archives