Hi,
On Fri, Dec 22, 2000 at 06:39:49PM +0000, Alan Cox wrote:
> > These folks are good at what they do and the code is GPL.
> > It is worth starting to consider whether this code, or code
> > from one of the other security-enhancement projects, should
> > be included in the standard kernel for 2.6 or 3.0.
>
> I think this is a good point. Its actually a nice testimonial for free
> software that its finally got the NSA contributing code in a way that everyone
> benefits from and which may help cut down computer crime beyond government.
> (and which of course actually is part of the NSA's real job)
I wonder how their approach compares to the RSBAC stuff, though.
The RSBAC (by Amon Ott) has all the infrastructure available to have
policy based access control; whenever an access decision has to be
taken, a call via some interface is made to a module, which then
takes the decision ... Just like PAM in userspace.
http://www.rsbac.org/
I think it's a good approach and I think, it has gone much further
than the NSA stuff. I'd prefer to have RSBAC merged in 2.5.
Regards,
--
Kurt Garloff <[EMAIL PROTECTED]> Eindhoven, NL
GPG key: See mail header, key servers Linux kernel development
SuSE GmbH, Nuernberg, FRG SCSI, Security
PGP signature
