Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 22 Dec 2000 23:55:24 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 22 Dec 2000 23:55:13 -0500 Received: from etpmod.phys.tue.nl ([131.155.111.35]:41488 "EHLO etpmod.phys.tue.nl") by vger.kernel.org with ESMTP id ; Fri, 22 Dec 2000 23:55:01 -0500 Date: Sat, 23 Dec 2000 05:22:32 +0100 From: Kurt Garloff To: Alan Cox Cc: Linux kernel list Subject: Re: The NSA's Security-Enhanced Linux (fwd) Message-ID: <20001223052232.N17117@garloff.etpnet.phys.tue.nl> Mail-Followup-To: Kurt Garloff , Alan Cox , Linux kernel list In-Reply-To: <3A439833.C64D493A@storm.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Z1OTrj3C7qypP14j" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alan@lxorguk.ukuu.org.uk on Fri, Dec 22, 2000 at 06:39:49PM +0000 X-Operating-System: Linux 2.2.16 i686 X-PGP-Info: on http://www.garloff.de/kurt/mykeys.pgp X-PGP-Key: 1024D/1C98774E, 1024R/CEFC9215 Organization: TUE/NL, SuSE/FRG Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org --Z1OTrj3C7qypP14j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Fri, Dec 22, 2000 at 06:39:49PM +0000, Alan Cox wrote: > > These folks are good at what they do and the code is GPL. > > It is worth starting to consider whether this code, or code > > from one of the other security-enhancement projects, should > > be included in the standard kernel for 2.6 or 3.0. >=20 > I think this is a good point. Its actually a nice testimonial for free=20 > software that its finally got the NSA contributing code in a way that eve= ryone > benefits from and which may help cut down computer crime beyond governmen= t. > (and which of course actually is part of the NSA's real job) I wonder how their approach compares to the RSBAC stuff, though. The RSBAC (by Amon Ott) has all the infrastructure available to have policy based access control; whenever an access decision has to be taken, a call via some interface is made to a module, which then takes the decision ... Just like PAM in userspace. http://www.rsbac.org/ I think it's a good approach and I think, it has gone much further than the NSA stuff. I'd prefer to have RSBAC merged in 2.5. Regards, --=20 Kurt Garloff Eindhoven, NL GPG key: See mail header, key servers Linux kernel development SuSE GmbH, Nuernberg, FRG SCSI, Security --Z1OTrj3C7qypP14j Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6RCiIxmLh6hyYd04RAoE2AJ0fciGawOFgaCLPi5XtHx0on3Lx7QCfR+X8 Qolbk94MyuKAVMZJY7eLuC0= =7tPP -----END PGP SIGNATURE----- --Z1OTrj3C7qypP14j-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/