On Saturday 07 July 2001 08:26 am, Marcia Barrett Nice wrote:
> http://www.nsa.gov/selinux/
> Has anyone on this list looked into this?
Yes, in detail. I wrote the white paper for another federal Agency on this,
recommending that they continue to monitor the progress of the project but
that they should *not* consider using it at this time. My recommendation is
the same for you.
NSA Security-enhanced Linux is a demonstration project at this time, and is
not meant for production systems. They have developed some really
interesting and potentially *very* useful ways of dealing with access control
security. However, they *deliberately* ignored all other security issues.
SeL is basically a custom kernel for Red Hat 6.1, plus new utilities to deal
with the specialized kernel. It does *not* work with any other versions of
Red Hat or any other distributions. None of the vulnerabilities in Red Hat
6.1 have been patched, and you cannot install an upgraded kernel that deals
with the known vulnerabilities in the 2.2.9(?) kernel provided with 6.1.
Application compatibility is completely untested, and likely will be at least
somewhat problematic.
The only purpose for SeL at this time is to demonstrate what the NSA is
developing. It is not a mature product. It's a test bed is all.
Caitlyn Máire Martin
My ferrets: http://ferrets.port5.com
techtalk mailing list