and given the common criterias I've seen, the are far from being synonymous
for security!
Whatever these bruocrtaic guys say, want, do, it will be always easier
to audit a user level app than a kernel module. Not that userland and
kernelheaven are so different, but it's just that I'm yet to see somone doing
a "m_pullup()" in userland. to beclear, userland code assumes a given set
of functions in libc or in other libs, and can be audited as is. a kernel is
harder to audit, because the kernel doesn't protect itself from itself.
common criterias are stupid things when it comes to reality. when you
code a userland app, you simply call those "man function" things. when
you kernelize, you have to walk on the fire, feel it is hot, and appreciate it.
so from me to you, if you ever meet a guy from those "criteria" thngs, just
tell
him that he is earning money on bahlef of innocent people, doing nothing for
humanity except sucking us with their strange vocables, and that we do
live without their formal approval...
cheers,
mouss
At 20:11 01/12/00 -0600, Roland Mueller wrote:
>It depends on the Common Criteria Evaluation Assurance Level (EAL)
>whether the code od a product gets inspected and how intensely this is
>done!
>
>Roland
>
>Bill Royds wrote:
> >
> > Concurrent code is more difficult than linear code, but to achieve
> Common Criteria Approval, the proxy firewall has to show the security of
> the TCP/IP stack and kernel as well. The OS can't be trusted unless it
> too has CC approval (as some do).
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Bernd Eckenfels
> > Sent: Friday, December 01, 2000 14:02
> > To: Bill Royds
> > Cc: Nguyen_Trang; '[EMAIL PROTECTED]'
> > Subject: Re: Dod & CheckPoint backdoor
> >
> > On Thu, Nov 30, 2000 at 09:37:10PM -0500, Bill Royds wrote:
> >
> > > Since FW-1 uses stateful packet inspection rather than application
> proxies
> > > (mostly), it should be easier to examine.
> >
> > nope, it is quite complicated to verify kernel ode interrupt handlers with
> > al kind of concrrency problems and undefined protection from the os.
> >
> > It is much more easy to verify a 10 line user mode program which uses
> normal
> > socket operations. Take a look at the old FWTK Papers on that Topic. Of
> > course this asumes you trust the OS.
> >
> > Greetings
> > Bernd
> > --
> > (OO) -- [EMAIL PROTECTED] --
> > ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
> > o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
> > (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
