Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263131AbTEMBr4 (ORCPT ); Mon, 12 May 2003 21:47:56 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263132AbTEMBr4 (ORCPT ); Mon, 12 May 2003 21:47:56 -0400 Received: from siaab1ab.compuserve.com ([149.174.40.2]:24543 "EHLO siaab1ab.compuserve.com") by vger.kernel.org with ESMTP id S263131AbTEMBrx (ORCPT ); Mon, 12 May 2003 21:47:53 -0400 Date: Mon, 12 May 2003 21:57:30 -0400 From: Chuck Ebbert <76306.1226@compuserve.com> Subject: Re: The disappearing sys_call_table export. To: Alan Cox Cc: Linux Kernel Mailing List Message-ID: <200305122200_MC3-1-3890-B10B@compuserve.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1176 Lines: 32 Alan Cox wrote: > 1. Base Linux is not C2 certified That could be fixed... (right?) Filesystems returning data past the end of what the user wrote might be a big problem though -- this must be guaranteed even in obscure corner cases. > 2. C2 is obsolete Obsolete or not, it is mandatory for some people. No check box, no purchase order (or no certificate of operation.) > 3. NSA SELinux can do the needed stuff from scanning the code But will it get merged? > 4. Even then data erasure is not guaranteed because of the drive logic People who really care require the drive be reduced to pieces small enough to fit through a sieve with ~2mm holes in it before it leaves their sight. For the rest, overwrite of the swap data is a useful if not 100% reliable step to take. Legitimate users with servers locked up in secure areas don't really worry about someone unplugging the box and walking away with it either. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/