[techtalk] SELinux
Caitlyn M. Martin
caitlynmaire at earthlink.net
Sat Jul 7 18:38:17 EST 2001
On Saturday 07 July 2001 08:26 am, Marcia Barrett Nice wrote:
> http://www.nsa.gov/selinux/
>
> Has anyone on this list looked into this?
Yes, in detail. I wrote the white paper for another federal Agency on this,
recommending that they continue to monitor the progress of the project but
that they should *not* consider using it at this time. My recommendation is
the same for you.
NSA Security-enhanced Linux is a demonstration project at this time, and is
not meant for production systems. They have developed some really
interesting and potentially *very* useful ways of dealing with access control
security. However, they *deliberately* ignored all other security issues.
SeL is basically a custom kernel for Red Hat 6.1, plus new utilities to deal
with the specialized kernel. It does *not* work with any other versions of
Red Hat or any other distributions. None of the vulnerabilities in Red Hat
6.1 have been patched, and you cannot install an upgraded kernel that deals
with the known vulnerabilities in the 2.2.9(?) kernel provided with 6.1.
Application compatibility is completely untested, and likely will be at least
somewhat problematic.
The only purpose for SeL at this time is to demonstrate what the NSA is
developing. It is not a mature product. It's a test bed is all.
Regards,
Caity
----------------------------
Caitlyn Máire Martin
caitlynmaire at earthlink.net
http://caitlyn.port5.com
My ferrets: http://ferrets.port5.com
----------------------------
More information about the Techtalk
mailing list