Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Too Many Hacks
Hal Flynn, 2003-10-15

The open-source community should abandon its piecemeal approach to securing Linux-- and soon.

Comments Mode:
A series of misconceptions 2003-10-16
Anonymous (1 replies)
You've added more misconceptions 2003-10-16
Anonymous (2 replies)
One of the key features of a "Trusted" OS is _not_ digitally signed binaries. Do some research. Trusted is a designation that generally relates to the TCSEC (Orange Book) levels of B1 or higher, which require mandatory access control (MAC). Apart from MAC, other trusted-type OS's have role-based access control and type enforcement as their key features, as well as much more granularity on system privileges and high levels of compartmentalization.

Any decent sysadmin verifies the digital signature of a piece of open source code when they download it, making an implicit trust decision about the developer in the process. Digitally signed code can still have back doors! If you're concerned about maintaining integrity, compile your code on a highly secure dev box, move it into production via read-only media, then add it to your Tripwire baseline.

Your point about unsigned binaries is misconceived.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/191/23189#23189
You've added more misconceptions 2003-10-17
Anonymous
You've added more misconceptions 2003-10-17
Anonymous
Looking like donkey's 2003-10-16
Anonymous (3 replies)
Looking like donkey's 2003-10-16
Anonymous (1 replies)
Looking like donkey's 2003-10-20
Anonymous (2 replies)
Looking like donkey's 2003-10-22
Darwin
Looking like donkey's 2003-10-25
Another Hobbit
Looking like donkey's or a horse's 2003-10-16
Axe-2-Grind
Looking like donkey's 2003-10-27
Anonymous
Too Many Hacks 2003-10-16
Anonymous (3 replies)
Thanks Anonymous 2003-10-16
Axe-2-Grind
misinformation 2003-10-16
Kelly Martin
Too Many Hacks 2003-10-21
Anonymous
New Editorial Direction for SF? 2003-10-16
Al Franken (1 replies)
New Editorial Direction for SF? 2003-10-16
Anonymous (3 replies)
Shatter 2003-10-17
Anonymous (1 replies)
Shatter 2003-10-17
Anonymous (1 replies)
Shatter 2003-10-20
Anonymous
New Editorial Direction for SF? 2003-10-18
Anonymous (1 replies)
New Editorial Direction for SF? 2003-10-20
Anonymous
New Editorial Direction for SF? 2003-10-20
Anonymous (1 replies)
New Editorial Direction for SF? 2003-10-20
Anonymous
Evolution, a necessary evil 2003-10-16
Axe-2-Grind (1 replies)
Evolution, a necessary evil 2003-10-17
Faust (1 replies)
Evolution, a necessary evil 2003-10-21
Anonymous (1 replies)
Evolution, a necessary evil 2003-10-24
tycho
Too Many Hacks 2003-10-17
Deven Phillips, CISSP
Too Many Hacks 2003-10-17
Alberto Guglielmo
Too Many Hacks 2003-10-17
fli-flop
Too Many Hacks 2003-10-17
A nonny mouse (1 replies)
Too Many Hacks 2003-10-17
Faust
Too Many Hacks 2003-10-17
David
Too Many Hacks 2003-10-18
Anonymous Coward
Too Many Hacks 2003-10-18
Charles Forbin
R u sure u r not a donkey yourself? 2003-10-20
Anonymous (2 replies)
R u sure u r not a donkey yourself? 2003-10-20
Anonymous (1 replies)
R u sure u r not a donkey yourself? 2003-10-20
Anonymous (2 replies)
R u sure u r not a donkey yourself? 2003-10-20
Anonymous
R u sure u r not a donkey yourself? 2003-10-20
Anonymous (1 replies)
R u sure u r not a donkey yourself? 2003-10-20
Anonymous Coward (1 replies)
R u sure u r not a donkey yourself? 2003-10-21
Anonymous
R u sure u r not a donkey yourself? 2003-10-27
penfold@dlofnep.com
man inetd.conf 2003-10-21
Anonymous
Too Many Hacks 2003-10-21
Anonymous
Wil-E-Coyote bridge design 2003-10-21
DWilliams (1 replies)
Wil-E-Coyote bridge design 2003-10-22
D McQuay (1 replies)
Wil-E-Coyote bridge design 2003-10-24
tycho
Too Many Hacks 2003-10-24
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus