Date: Mon, 12 May 2003 21:57:30 -0400
From: Chuck Ebbert <76306.1226@compuserve.com>
Subject: Re: The disappearing sys_call_table export.
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Message-ID: <200305122200_MC3-1-3890-B10B@compuserve.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	 charset=us-ascii
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1176
Lines: 32

Alan Cox wrote:

> 1. Base Linux is not C2 certified

  That could be fixed... (right?)  Filesystems returning data past the
end of what the user wrote might be a big problem though -- this must
be guaranteed even in obscure corner cases.

> 2. C2 is obsolete

  Obsolete or not, it is mandatory for some people.  No check box,
no purchase order (or no certificate of operation.)

> 3. NSA SELinux can do the needed stuff from scanning the code

  But will it get merged?

> 4. Even then data erasure is not guaranteed because of the drive logic

  People who really care require the drive be reduced to pieces small
enough to fit through a sieve with ~2mm holes in it before it leaves
their sight.  For the rest, overwrite of the swap data is a useful if
not 100% reliable step to take.  Legitimate users with servers locked
up in secure areas don't really worry about someone unplugging the box
and walking away with it either.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/