Re: is there a hardened version of OBSD or other UNIX OSes

[Carson Harding <h_a_r_d_i_n_g_(_at_)_motd_(_dot_)_ca>]

On Tue, Nov 05, 2002 at 03:48:03PM +0000, Peter Fairbrother wrote:
> Daniel MD wrote:
> 
> > Trusted - as in every line of code has been reviewed carefully, with one
> > intention in mind security, and superfluous code has been removed, one
> > that uses "special" ways of securing data, and communication.
> 
> 
> To security engineers and cryptographers "trusted" means something which can
> break an otherwise secure system. :(
> 
> 
> I'm working an a "hardened" OpenBSD myself, and I've just started including
> systrace, which seems to be a goodie. I started with OpenBSD because of the
> security review and "code-correctness", although I don't agree that that's
> the best way to get security - good initial design is far more important -
> and superfluous code has _not_ been removed from the base install. However
> the maturity, hardware support and "freeness" of OpenBSD made it the only
> real choice for me.
> 
> 
> There are many more "secure" OS's, from EROS (probably the best design, but
> unusable due to lack of development) to SELinux (which is from NSA...
> "Trusted"?). 

The problem with SELinux is that it doesn't meet Daniel's requirement
that every line has been reviewed.

There is a disclaimer in the text on the front page:

      Security-enhanced Linux is not an attempt to correct any flaws that
      may currently exist in Linux. Instead, it is simply an example of how
      mandatory access controls that can confine the actions of any process,
      including a superuser process, can be added into Linux.

This gives me the chills everytime someone talks about SELinux being
"secure". As I recall, Argus has a nice capabilities type of system,
and had even had a crack-me competition. It was the underlying OS that
failed.

Carson

-- 
Carson Harding - h_a_r_d_i_n_g_(_at_)_motd_(_dot_)_ca