Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 22 Dec 2000 13:38:37 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 22 Dec 2000 13:38:27 -0500 Received: from storm.ca ([209.87.239.69]:37331 "EHLO mail.storm.ca") by vger.kernel.org with ESMTP id ; Fri, 22 Dec 2000 13:38:20 -0500 Message-ID: <3A439833.C64D493A@storm.ca> Date: Fri, 22 Dec 2000 13:06:43 -0500 From: Sandy Harris X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: linux-kernel@vger.kernel.org Subject: Re: The NSA's Security-Enhanced Linux (fwd) In-Reply-To: <91uu8i$f1nrj$1@fido.engr.sgi.com> <3A4394C6.792D0092@sgi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Casey Schaufler wrote: > > "Mike A. Harris" wrote: > > > > Anyone looked into this? > > It's an implementation of Domain Enforcement, ported > from the flask project. It is a prototype. These folks are good at what they do and the code is GPL. It is worth starting to consider whether this code, or code from one of the other security-enhancement projects, should be included in the standard kernel for 2.6 or 3.0. A more secure Linux would be great for a lot of people, but we need to look at the trade-offs. Does the approach damage usability? Are there better ways? ... ? > Persons looking for backdoors, tricks, traps, snares, > or ice are going to be disappointed. That won't, and shouldn't, stop anyone having a good look. > It's just code like everone else produces. So people looking at it may find bugs and vulnerabilities the implementers hadn't considered. Great. > Much of the work was done > by employees of the NSA. They should be applauded for > the effort they put in just to be allowed to make this > available. Bravo! >/applause> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/