[NTLUG:Discuss] :)

MadHat madhat at unspecific.com
Fri Mar 2 14:20:06 CST 2001


At 01:18 PM 3/2/2001 -0600, you wrote:
>http://www.nsa.gov/selinux/index.html

If you are interested, there was some discussion about this on the Vuln-Dev 
(Vulnerability development) list back in December on SecurityFocus.  You 
can see the thread by searching on "Security-Enhanced Linux" at 
http://www.securityfocus.com/

Also note this is just enhanced security added to a RedHat 6.1 build.  New 
kernel patches, new daemon patches to try to protect against known and 
unknown vulnerabilities.   It still has some of the same security issues as 
the regular RedHat does.  But is much more secure in a lot of ways.

One thing I wonder about is why they have Wu-FTPd 2.5.0 as the ftpd.  For 
those that know anything about wu-ftpd, it is well known for security 
issues, but is still the most popular.  But the latest version is 2.6.1 and 
it was released to fix security specific bug in 2.6.0 which was released to 
fix some security bugs (as well as other improvements) to 2.5.0 
http://www.wu-ftpd.org/
And 2.6.1 was released in July 2, 2000.  But their files were last updated 
on Jan 2, 2001, so maybe they just fixed the issues, and didn't want to add 
the new features.  Less code to review.

I have not installed this, or had a chance to read _all_ the white papers 
on it, so I may have misrepresented part of the sLinux from the NSA.

But remember, security is not something you get out of a box, or from an OS 
or distribution.  Don't let the name lull you into a false sense of 
'security'.
Security is something that has to be worked towards regardless of what you 
start with.  Yes, this is more secure than some OSs right out of the box, 
but it is not perfect.  I know they have found a few holes in this already, 
and they have been patched, as far as I know.

>_______________________________________________
>http://ntlug.org/mailman/listinfo/discuss

--
MadHat at unspecific.com




More information about the Discuss mailing list