[NTLUG:Discuss] :)
MadHat
madhat at unspecific.com
Fri Mar 2 14:20:06 CST 2001
At 01:18 PM 3/2/2001 -0600, you wrote:
>http://www.nsa.gov/selinux/index.html
If you are interested, there was some discussion about this on the Vuln-Dev
(Vulnerability development) list back in December on SecurityFocus. You
can see the thread by searching on "Security-Enhanced Linux" at
http://www.securityfocus.com/
Also note this is just enhanced security added to a RedHat 6.1 build. New
kernel patches, new daemon patches to try to protect against known and
unknown vulnerabilities. It still has some of the same security issues as
the regular RedHat does. But is much more secure in a lot of ways.
One thing I wonder about is why they have Wu-FTPd 2.5.0 as the ftpd. For
those that know anything about wu-ftpd, it is well known for security
issues, but is still the most popular. But the latest version is 2.6.1 and
it was released to fix security specific bug in 2.6.0 which was released to
fix some security bugs (as well as other improvements) to 2.5.0
http://www.wu-ftpd.org/
And 2.6.1 was released in July 2, 2000. But their files were last updated
on Jan 2, 2001, so maybe they just fixed the issues, and didn't want to add
the new features. Less code to review.
I have not installed this, or had a chance to read _all_ the white papers
on it, so I may have misrepresented part of the sLinux from the NSA.
But remember, security is not something you get out of a box, or from an OS
or distribution. Don't let the name lull you into a false sense of
'security'.
Security is something that has to be worked towards regardless of what you
start with. Yes, this is more secure than some OSs right out of the box,
but it is not perfect. I know they have found a few holes in this already,
and they have been patched, as far as I know.
>_______________________________________________
>http://ntlug.org/mailman/listinfo/discuss
--
MadHat at unspecific.com
More information about the Discuss
mailing list