Re: The NSA's Security-Enhanced Linux (fwd)

From: Kurt Garloff (garloff@suse.de)
Date: Fri Dec 22 2000 - 23:22:32 EST

Hi,

On Fri, Dec 22, 2000 at 06:39:49PM +0000, Alan Cox wrote:
> > These folks are good at what they do and the code is GPL.
> > It is worth starting to consider whether this code, or code
> > from one of the other security-enhancement projects, should
> > be included in the standard kernel for 2.6 or 3.0.
>
> I think this is a good point. Its actually a nice testimonial for free
> software that its finally got the NSA contributing code in a way that everyone
> benefits from and which may help cut down computer crime beyond government.
> (and which of course actually is part of the NSA's real job)

I wonder how their approach compares to the RSBAC stuff, though.
The RSBAC (by Amon Ott) has all the infrastructure available to have
policy based access control; whenever an access decision has to be
taken, a call via some interface is made to a module, which then
takes the decision ... Just like PAM in userspace.
http://www.rsbac.org/

I think it's a good approach and I think, it has gone much further
than the NSA stuff. I'd prefer to have RSBAC merged in 2.5.

Regards, 

-- 
Kurt Garloff  <garloff@suse.de>                          Eindhoven, NL
GPG key: See mail header, key servers         Linux kernel development
SuSE GmbH, Nuernberg, FRG                               SCSI, Security
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sat Dec 23 2000 - 21:00:33 EST