On Mon, 7 May 2001, Alvin Oga wrote:
> ( just curious about secureBSD too )
secure-bsd is an effort to bring complex trusted system (ie orange book)
items to the freebsd kernel. this includes capabilities, mandatory access
control lists, an audit trail, and the like.
its usually been based on -current, is somewhat experimental, and is,
despite being a bit slow moving, a really great effort.
openbsd uses none of this, and simply strives to be the most secure 4.4BSD
implementation, by utilizing embedded cryptography (ie AES is in the
kernel), adherence to excellent coding standards (and correctness), a
full, continual source code audit, and leanness of design. the team has
explicitly stated it will not add trusted OS features to the codebase.
the nsa has released a neat set of patches and new APIs to the Linux
kernel, the package is called selinux. again, still in the working stages,
but its some neat code.
i hope this helps.,
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
