From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.9.3/8.9.3) with ESMTP id NAA20496 for ; Thu, 8 Feb 2001 13:40:54 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id SAA05137 for ; Thu, 8 Feb 2001 18:40:45 GMT Received: from angusbay.vnl.com ([194.46.8.33]) by jazzswing.ncsc.mil with ESMTP id SAA05133 for ; Thu, 8 Feb 2001 18:40:44 GMT Date: Thu, 8 Feb 2001 18:41:19 +0000 From: Dale Amon To: Pete Loscocco Cc: selinux@tycho.nsa.gov Subject: Re: Selinux kernel patches Message-ID: <20010208184118.G13451@vnl.com> References: <200102062028.PAA03888@coalstack.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <200102062028.PAA03888@coalstack.epoch.ncsc.mil>; from pal@epoch.ncsc.mil on Tue, Feb 06, 2001 at 03:28:44PM -0500 Sender: owner-selinux@tycho.nsa.gov List-ID: On Tue, Feb 06, 2001 at 03:28:44PM -0500, Pete Loscocco wrote: > We think that we have a good architecture and that it warrants > consideration. We have put it out not as a complete solution but as > something that should be built upon. Inclusion in the "standard" > sources would really enable a much wider audience to work with the > system, gain experience using the security features, and make the > system better. > Just a wild suggestion. When things are well along and everyone thinks the system is ready, why not put a box out on a public network for a game of "capture the flag"? Offer a free T-shirt "I cracked the NSA" to anyone who succeeds *and* tells precisely how it was done. Set up tests for system cracks both from fully external or from various shell access levels. Certainly a way of catching any more egregious faults and as a means of building confidence that the system has succeeded in accomplishing its' goal. Of course the real test is a few thousand computers under a few years of real operational conditions. But a bit of initial testing never hurt :-) I know I'd sleep better at night if I knew from the start that the kiddies were blocked cold from my customers systems. -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.