* Secure?
@ 2001-03-15 13:52 Kurth Bemis
2001-03-16 11:25 ` Secure? Pedro Rosa
2001-03-16 16:03 ` Secure? Stephen Smalley
0 siblings, 2 replies; 6+ messages in thread
From: Kurth Bemis @ 2001-03-15 13:52 UTC (permalink / raw)
To: selinux
isn't the point of NSA ESL to be secure? If so why are you using something
that is buggier than netscape code?? I referring to wu-FTP. why not put
efforts toward something that is already secure (like OpenBSD)? Is there
some reason that i'm missing as to why you choosing this route?
~kurth
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure?
2001-03-15 13:52 Secure? Kurth Bemis
@ 2001-03-16 11:25 ` Pedro Rosa
2001-03-16 21:51 ` Secure? Bennett Todd
2001-03-16 16:03 ` Secure? Stephen Smalley
1 sibling, 1 reply; 6+ messages in thread
From: Pedro Rosa @ 2001-03-16 11:25 UTC (permalink / raw)
To: Kurth Bemis; +Cc: selinux
Kurth Bemis wrote:
> isn't the point of NSA ESL to be secure? If so why are you using
> something that is buggier than netscape code?? I referring to
> wu-FTP. why not put efforts toward something that is already secure
> (like OpenBSD)? Is there some reason that i'm missing as to why you
> choosing this route?
>
> ~kurth
>
>
> --
> You have received this message because you are subscribed to the
> selinux list.
> If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
>
Apart of that stupid OS-war call (I have nothing against OpenBSD and
even use it in some servers btw), the question has some base... WuFTP
has been plagued by bugs and security holes for quite long. And on the
NSA's site this program has also the mark "untested". Frankly why to set
efforts in a program that seems conceptually flawed? Or is there a
"light in the end of the tunnel" for WuFTP's troubles? Shouldn't we
consider other ftp daemons? Or if we realise that FTP protocol is
flawed from start, to choose other protocols?
Frankly I would like to see a more clear position about this question as
the presence of WuFTP is probably the most questionable program in
selinux. Not only in technical terms but also it arises questions in the
concept itself.
Ektanoor
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure?
2001-03-16 11:25 ` Secure? Pedro Rosa
@ 2001-03-16 21:51 ` Bennett Todd
2001-04-07 5:49 ` Secure? Albert D. Cahalan
0 siblings, 1 reply; 6+ messages in thread
From: Bennett Todd @ 2001-03-16 21:51 UTC (permalink / raw)
To: Pedro Rosa; +Cc: Kurth Bemis, selinux
[-- Attachment #1: Type: text/plain, Size: 1690 bytes --]
2001-03-16-06:25:27 Pedro Rosa:
> [...] the presence of WuFTP is probably the most questionable
> program in selinux. Not only in technical terms but also it arises
> questions in the concept itself.
I don't see that at all.
The concept of selinux, as it stands today, is (I believe --- if
people think I'm wrong please straighten me out:-) to experiment
with a novel model of mandatory access control, on a system which is
exceedingly wide-spread and getting more so rapidly, one which
stands a chance, in the reasonable future, of being usable in many,
perhaps most settings.
Today it's an early research project, and the specific focus is
on experimenting with the policy definition mechanism, and trying
to evolve a comfortable to manage, flexible, suitably high-level
setup for expressing policy decisions, while letting people get
comfortable with the performance, the stability, and the way the
resulting system behaves. The reasonable decision is to try to
integrate it into the most widely-used distribution, and to confine
the focus of this project to just the MAC features, patching other
components only as necessary to make them work.
Meanwhile, in unrelated developments, it's fair to hope that the
popular distributions may get more secure as time goes by; certainly
they're showing some interest in that area. I believe RH7.1 may be
the best Red Hat to date.
I'm expecting it'll be a year or two before this selinux thing will
be in a state of maturity and stability to become part of a major
distribution outright. Perhaps by then Red Hat will be shipping a
better-founded ftpd. I've rpmmed a port of the OpenBSD ftpd, it's
not particularly tricky to do so.
-Bennett
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure?
2001-03-16 21:51 ` Secure? Bennett Todd
@ 2001-04-07 5:49 ` Albert D. Cahalan
0 siblings, 0 replies; 6+ messages in thread
From: Albert D. Cahalan @ 2001-04-07 5:49 UTC (permalink / raw)
To: Bennett Todd; +Cc: Pedro Rosa, Kurth Bemis, selinux
Bennett Todd writes:
> 2001-03-16-06:25:27 Pedro Rosa:
>> [...] the presence of WuFTP is probably the most questionable
>> program in selinux. Not only in technical terms but also it arises
>> questions in the concept itself.
>
> I don't see that at all.
Just the opposite is true in fact. The real test of selinux is
running buggy servers. When a major new WuFTP hole is found,
will you be able to ignore it? Will you be safe, in spite of the
hole, because selinux prevents the attackers from doing anything?
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Secure?
2001-03-15 13:52 Secure? Kurth Bemis
2001-03-16 11:25 ` Secure? Pedro Rosa
@ 2001-03-16 16:03 ` Stephen Smalley
1 sibling, 0 replies; 6+ messages in thread
From: Stephen Smalley @ 2001-03-16 16:03 UTC (permalink / raw)
To: Kurth Bemis; +Cc: selinux
Security-Enhanced Linux is not a secure Linux distribution.
It is a reference implementation of a flexible mandatory access
control architecture in the Linux kernel, and an example security policy
configuration that shows how to use those controls. The mandatory
access controls can confine the actions of any process, so the
potential damage that can be done by exploiting a flaw in an
application can be strictly limited. The modified applications
merely serve to help demonstrate some of the kernel features,
but they are not integral to the system. The ftpd modifications
were an example of how to allow the ftp daemon to transition to a new
security context after authenticating the user. But even these
transitions are controlled by the kernel in accordance with the security
policy configuration, so a vulnerability in the ftp daemon is still
confined to a limited set of accesses. We simply used the ftpd sources
that came with our RedHat 6.1 systems, which happened to be wu-ftpd.
As has been mentioned earlier, Linux was simply viewed as the best
platform for transferring the Flask flexible mandatory access control
architecture to a larger developer and user community. Since the
SELinux development team is small, it was not practical to create
both a Linux-based and a BSD-based implementation simultaneously.
The TrustedBSD project has expressed the intention of drawing ideas from
the SELinux mandatory access control architecture, so a similar
architecture will hopefully become available for BSD systems as well.
The security portion of the OpenBSD project is really orthogonal to the
SELinux or TrustedBSD projects - OpenBSD is focused on a BSD distribution
that is free from known security problems and that incorporates
cryptographic mechanisms. The mandatory access controls of SELinux
or TrustedBSD can provide strong security guarantees even in the
presence of security flaws in applications. Ideally, some of the
TrustedBSD work will filter over to the OpenBSD project as well.
--
Stephen D. Smalley, NAI Labs
sds@tislabs.com
On Thu, 15 Mar 2001, Kurth Bemis wrote:
> isn't the point of NSA ESL to be secure? If so why are you using something
> that is buggier than netscape code?? I referring to wu-FTP. why not put
> efforts toward something that is already secure (like OpenBSD)? Is there
> some reason that i'm missing as to why you choosing this route?
>
> ~kurth
>
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Secure?
@ 2001-03-15 17:33 Ben Breuninger
0 siblings, 0 replies; 6+ messages in thread
From: Ben Breuninger @ 2001-03-15 17:33 UTC (permalink / raw)
To: 'selinux@tycho.nsa.gov'
I believe linux to be great challenge when it comes to making a secure distribution. However, i think the reason the NSA is chosing to make a secure linux model is due to compatibility with pretty much every hardware and software package (ie, wine for non-linux software even). Keep in mind tho, it is the compatibility and speed at which the army of linux coders code is what keeps linux from achieving security. Should they chose to forgo compatibility for security, linux could make a turning point. But, it would be a toss up.
Now, i must note that i administrate both Linux (GNU/Debian) servers and OpenBSD servers. I use the linux for compatibility issues, and openbsd for security issues. This is why I question why the NSA chose linux over openbsd, but i believe the overlying feature is compatibility.
am i wrong on the compatibility + non_secure vs. non_compatible + secure issue?
(forgive me if this sounds like random babble, i havent had my coffee yet)
Ben Breuninger
DIGI International
-----Original Message-----
From: Kurth Bemis [mailto:kurth@usaexpress.net]
Sent: Thursday, March 15, 2001 7:52 AM
To: selinux@tycho.nsa.gov
Subject: Secure?
isn't the point of NSA ESL to be secure? If so why are you using something
that is buggier than netscape code?? I referring to wu-FTP. why not put
efforts toward something that is already secure (like OpenBSD)? Is there
some reason that i'm missing as to why you choosing this route?
~kurth
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2001-04-07 5:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-03-15 13:52 Secure? Kurth Bemis
2001-03-16 11:25 ` Secure? Pedro Rosa
2001-03-16 21:51 ` Secure? Bennett Todd
2001-04-07 5:49 ` Secure? Albert D. Cahalan
2001-03-16 16:03 ` Secure? Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2001-03-15 17:33 Secure? Ben Breuninger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.