1 |
Well, then neither GNU/Linux and OpenBSD are systems for you, since |
2 |
them both are not reliable since both are only a C2 systems by default |
3 |
under the orange book, maybe you should look for a system as CaprOS |
4 |
that reach to the A1 level and with other things has an exokernel |
5 |
(instead of an monolithic kernel as OpenBSD and Linux). |
6 |
|
7 |
Sorry but as I said you before, you can't make an OpenBSD trusted |
8 |
since it needs a B1 classification, and the B1 needs Mandatory Access |
9 |
Controls that doesn't exist in OpenBSD, at least in GNU/Linux we could |
10 |
reach to the B1, enough to mark it as "trusted Operating system". |
11 |
|
12 |
Conclussion: You will never find an secure from the box Operating |
13 |
system, you will have to work (hard) to assure it under yours needs, |
14 |
and for this you will need and MAC system. |
15 |
|
16 |
2008/8/20, Jan Klod <janklodvan@×××××.com>: |
17 |
> On Wednesday 20 August 2008 22:31:30 RB wrote: |
18 |
>> On Wed, Aug 20, 2008 at 12:14 PM, Jan Klod <janklodvan@×××××.com> wrote: |
19 |
>> <snip rambling flame> |
20 |
> No problem, we can cut it. |
21 |
> |
22 |
>> I'm not going to address each of the fallacies I see in your |
23 |
>> statements, but you have an exceedingly idealistic view of software |
24 |
>> development and particular OS' perceived security. [Insert project |
25 |
>> here] may have a slogan, but the developers are still human and thus |
26 |
>> still make mistakes and are inherently lazy. Short of being powered |
27 |
>> by unicorn farts, there is no way any reasonably complex system can |
28 |
>> approach that ideal. |
29 |
> [sorry, as you see, writing what I don't know much about] |
30 |
> In this light I was assuming, that file server is much less complex than it |
31 |
> is. Give you my word to remember this when I write my next code :) |
32 |
> |
33 |
>> |
34 |
>> In regard to your philosophy of updates, do you build a wall and not |
35 |
>> defend it? Do you plant a garden and not water it? In the same |
36 |
>> light, no system can be "permanently" secured. Safes are rated by the |
37 |
>> amount of time it would take a dedicated, skilled cracker to open it; |
38 |
>> none are ever deemed uncrackable. If you want more time, you purchase |
39 |
>> [or build] one that better matches your needs. System security is no |
40 |
>> different. |
41 |
> Complexity matter again... Theoretically.. is it possible to enumerate all |
42 |
> the |
43 |
> possible scenarios for a file server? (or, I might have wrote - all of its |
44 |
> states) Oh, sure, it has finite amount of memory :) |
45 |
> Human problem. |
46 |
> Is easy to say "security", hard to give an action for all the possibilities |
47 |
> (right action by our judgement)... |
48 |
> |
49 |
> I started this as a "flame", but the rest might go out of scope of this list |
50 |
> and send me to theoretical computer science. |
51 |
> |
52 |
> Javier Martínez: |
53 |
> "control the execution of perl an python (between |
54 |
> others) scripts (in the way of perl blablabla.pl, which does not need |
55 |
> execution rights). You under this two frameworks you can do it. Can |
56 |
> you do this under OpenBSD ;)" |
57 |
> |
58 |
> Thanks, just you put me on my way, if I really need a reliable system, that |
59 |
> I |
60 |
> can get NOW AND HERE :) |
61 |
> |
62 |
> |