From dittrich@cac.washington.edu Fri Jan 12 11:07:46 2001 Received: from mxu4.u.washington.edu (mxu4.u.washington.edu [140.142.33.8]) by lists.u.washington.edu (8.9.3+UW00.05/8.9.3+UW00.12) with ESMTP id LAA93840 for ; Fri, 12 Jan 2001 11:07:45 -0800 Received: from mxout2.cac.washington.edu (mxout2.cac.washington.edu [140.142.33.4]) by mxu4.u.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id LAA21405; Fri, 12 Jan 2001 11:07:44 -0800 Received: from shiva0.cac.washington.edu (shiva0.cac.washington.edu [140.142.100.200]) by mxout2.cac.washington.edu (8.9.3+UW00.02/8.9.3+UW00.01) with ESMTP id LAA14132; Fri, 12 Jan 2001 11:07:44 -0800 Received: from localhost (dittrich@localhost) by shiva0.cac.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id LAA04763; Fri, 12 Jan 2001 11:07:43 -0800 Date: Fri, 12 Jan 2001 11:07:43 -0800 (PST) From: Dave Dittrich To: Michael Boer cc: Network System Adminstrators list , Subject: Re: NSA's Security-Enhanced Linux In-Reply-To: <3A5F5234.1893E1A2@u.washington.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Fri, 12 Jan 2001, Michael Boer wrote: > May be of interest: http://www.nsa.gov/selinux/ I've been watching this, and have been meaning to comment on it as soon as it stabilizes. The NSA chose, sometime last year, to work with an open source operating system code base and to produce something they could consider "trusted" for use by government agencies for services. That effort was to then be given back to the open source community. (Note that NSA is the chief US goverenment agency tasked with ensuring the security of computing systems and applications throughout the US government.) They announced an initial version of their modifications a few months ago, and had one recent bug discovered (and patched very quickly). This is still a "work in progress", and uses an older kernel version than is currently being shipped by companies like Red Hat, so take it as an experiment, not something to stick on a production server. Eventually, these modifications may be accepted by the Linux community, a commercial vendor, or security related groups, and become a bit more main-stream. I'll try to point it out when that occurs. -- Dave Dittrich Computing & Communications dittrich@cac.washington.edu Client Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 .