On Monday 12 May 2003 20:57, Chuck Ebbert wrote:
> Alan Cox wrote:
> > 1. Base Linux is not C2 certified
>
> That could be fixed... (right?) Filesystems returning data past the
> end of what the user wrote might be a big problem though -- this must
> be guaranteed even in obscure corner cases.
No - C2 evaluation has not been done for almost 3 years. That makes it
impossible to get a C2 evaluation.
> > 2. C2 is obsolete
>
> Obsolete or not, it is mandatory for some people. No check box,
> no purchase order (or no certificate of operation.)
Bullshit - NO OS is C2 anymore. The last certification was given to MS for
NT 4 - about 3 years ago. NONE of the current systems are C2. The best you
can get is "C2 like capability", and that is not a verified operation. And
"C2 like capability" Linux does just as well as M$. Are the log files as
pretty as would be desired? No. But they are acceptable for all US usage
where a UNIX system is acceptable. (And don't even try to claim M$ produces
a secured box... I haven't even been able to find the "trusted facility
manual" for the released systems... which is a requirement for operation.
> > 3. NSA SELinux can do the needed stuff from scanning the code
>
> But will it get merged?
I don't know, but I hope so. (2.7 maybe?)
> > 4. Even then data erasure is not guaranteed because of the drive logic
>
> People who really care require the drive be reduced to pieces small
> enough to fit through a sieve with ~2mm holes in it before it leaves
> their sight. For the rest, overwrite of the swap data is a useful if
> not 100% reliable step to take. Legitimate users with servers locked
> up in secure areas don't really worry about someone unplugging the box
> and walking away with it either.
These are also the same people that will not (or should not) accept laptops in
their environement.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu May 15 2003 - 22:00:44 EST