TrustedBSD Interview in Boardwatch 27
Anonymous Coward writes "The September edition of Boardwatch magazine includes an in-depth interview with Robert Watson, a TrustedBSD
developer."
FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis
Re:SIGNAL 11 IS NOT FUNNY!!!!!!!!!!!! (Score:1)
Try smoking it sometime, and gain some insight on the non-debilitating nature of marijuana.
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:1)
Re:SIGNAL 11 IS NOT FUNNY!!!!!!!!!!!! (Score:1)
Oh get with it you twit. The traditional retort about moderation is that they should lay off the cheap five dollar crack. 3 bowls of weed a day would probably make them incapable of moderation. Comeon, think alittle.
--
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:1)
Regardless of what you think of him, his code is about the most secure out there these days... And that IS saying something.
Re:Nice (Score:1)
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:1)
Your understanding of the past is horrible son. Who says they all have to cooperate? Maybe the folks working on TrustedBSD never asked them (Theo and the gang)? Or maybe they have different aspects on security?
IMHO, the work on TrustedBSD is useless. A bunch of security standards the govt put in place which are now 15 years dated.
Mirror (au) (Score:1)
http://memb ers .iinet.net.au/~locust/iw-mirror/bw/sep/Unix_Flavor .htm [iinet.net.au]
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:1)
Re:Nice (Score:1)
Seriously though, I've used NT. While it's ``easy to use'' I just find the whole Windoze line to be uneccesarily restrictive in terms of it's user environment. I don't mean security-wise, I mean in regards to pure hack value.
I have no problem using NT when I have to (a.k.a. at work) but all of my home boxes are *nix and bsd.
--
Licensing? (Score:1)
So what kind of license is this released under? The legal page [trustedbsd.org] doesn't really say much other than that the orignal authors keep the copyright to the code. And then it says it's released under a "liberal" license.
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:1)
> very well with others
In that case Heathcliff will have to punish them, and punish them he will.
Before introducing another blues playing uncle.
*Read*, dammit. (Score:1)
Re:Trusted, systems (Score:2)
Re:Nice (Score:2)
IMHO having a single root is the biggest flaw of *nix operating systems.
Then you say:
The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners
I'd just like to point out that NT has always had the ability to separate out adminstrative responsibilities, and comes configured for separate printer admins, backup operators, etc. So it's not all bad! :0)
Trust? (Score:2)
*Note to moderators: Yes, this is humor. Yes, you're going to moderate it up. No, No... stop. No. LEAVE THE DIAL ALO-#!@
--
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:2)
which is not to say that trusted systems are useless. Preventing the user from performing certain operations with confidential information is a desktop feature I'd like to see. (Back when I did mail administration about once a week we had some PHB who asked us to "unsend" a message containing confidential personal or business data, usually to the Internet.)
--
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:2)
You're right that "trusted" systems are probably useless as webservers or whatever.
Some people don't agree. It is actually a significant product that has won awards [hp.com] for HP. Of course it is useless to anyone else; see patent US5903732 "secure Web platform (SWP) implementing a mandatory access control policy" etc.
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:2)
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:2)
The ability to allow limited access into specific portions of system resources without allowing them to run privileged is a Good Thing.
The point is, yes, there's exploits AND trust violations...we need to work on fixing BOTH. OpenBSD has done brilliant work on one, while ignoring the other. TrustedBSD is going brilliant work on the other, but ignoring the first.
If I could code I'd work on trying to bring the TrustedBSD extensions into the OpenBSD codebase and submitting diffs...but my C is pretty damn abysmal.
Wouldn't it be nice if OpenBSD could cooperate? (Score:2)
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:2)
Another parallel to Linux and its Fuhrer, er, leader...
--
Re:Trusted, systems (Score:3)
That's what trusted systems are designed to address. Think about it: why should your sysadmin be able to read, say, the payroll? Under a conventional Unix, there's nothing to stop that hapenning, apart from trust, and you can't rely on trust in a huge organization where many technical roles may be fulfilled by contractors or outsourced.
I believe that B2 certification requires that the sysadmin can be prevented from reading your files, apart from to backup and restore them - and even after a restore, the access control will be preserved.
Politics (Score:3)
If *nix had a similar system of checks and balances perhaps it would be a bit more secure.
Having a single root is like having a dictatorship. It could be good if the dictator is good, but if it ends up corrupted the rest of the system is screwed.
--
Nice (Score:3)
Nice!!! IMHO having a single root is the biggest flaw of *nix operating systems. It'll be interesting to see how all of the critical privileges will be split up in order to minimize the damage of a break-in.
--
Re:Wouldn't it be nice if OpenBSD could cooperate? (Score:4)
Trusted, systems (Score:4)
Security can only start after every one is trained to be secure.
This is forward progress (Score:4)
Here's something to think about: How should software installation work in a secure system? The installation process for untrusted applications needs to be untrusted; it shouldn't be possible to break anything or install a security hole when installing an untrusted application. Package management needs to accept more restrictions; running installs as root is out. Fixing this requires a lot of grunt work and some cleverness. In particular, shared component management in a secure environment is a lot more complex. Worth fixing, though; that's one of the giant pains of OS use today.