On Thu, 7 Jun 2001, Michael R. Jinks wrote: > More generally, a lot of people much smarter than me (the NSA's Secure > Linux team for starters) have said that the only way to combat "hostile > code" effectively is to build the OS with capabilities and trust > features, something that's missing from most mainstream OS's these days. Yep, I prefer RSBAC (http://www.rsbac.de) for an approach to a trusted computing base-type Linux, but either one works. Admin overhead is probably the main difference in the models, but both apply formal protection mechanisms. > I'd be shocked right down to my Corcorans if M$ spent the time and > effort necessary to give their next whitewash of WinNT robust > capabilities features. > > But hey, maybe. To be fair, they did a complete ACL implementation, and implemented the Secure Attention Key (SAK) for login- but I feel pretty sure that only a fairly good base of deployed secure Linux systems for commerce applications will move that ship to the right. Removing root compromises and allowing untrusted CGI code both seem to me to be big wins for the Linux camp- it'll be interesting to see how MS answers given the longish time to implement such solutions. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@patriot.net which may have no basis whatsoever in fact." - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]