[CLUE-Tech] The NSA's version of Linux...
Nate Duehr
nate at natetech.com
Mon Nov 8 02:04:33 MST 2004
Tony M. wrote:
> Damn, everyones got a distro now.
>
> http://www.nsa.gov/selinux/index.cfm
It's been out for a couple of years now, pretty sure. Actually it's
gotten fairly popular with the severely security-paranoid, as it adds
incredible amounts of ACL's to everything the box does.
How one would ever be able to manage that many layers of access
effectively without a Federal mandate and 20 dedicated staffers is
beyond me though -- it truly seems like one of those times where
additional complexity would probably lead ultimately to LESS security
than if one simply locked the vast majority of users out of the box that
didn't have a need to be there.
Some of the patches for securely handling memory and other stuff, are
more useful IMHO, and probably account for the major reason many people
use the patchset on public servers.
It's an interesting testbed for various heavy-hitter security theories.
I don't think the final results from the theory, test, repeat cycle
are in yet on it though. ;-)
And reading the conspiracy theories about backdoors in the software are
always good for their entertainment value, too. (GRIN)
--
Nate Duehr, nate at natetech.com
More information about the clue-tech
mailing list