Re: Privilege (was Re: libresolv+ bug)

[mcnabb () argus cu-online com (Paul McNabb)]

Hey, mine is bigger than yours!

*** WARNING *** commercial message enclosed ***
Our Solaris 2.x security mods do the same thing - gets rid of root in
the kernel and replaces it with *120* separate privileges.  These
modules for security are added to a running Solaris system on
either SPARC or x86 -- no need to reformat the disk like most other
secure OSes.  The modules run with or without B1 (MAC) security,
and have been evaluated to B1/E3 and C2/E3 on SPARC and x86 using
ITSEC criteria.  We also have 4 superuser emulation modes, plus
restrictions on root even if you want to use standard superuser.
*** End of commercial message ***

But we aren't alone.  I can think of at least half a dozen other
companies that have UNIX OS versions that don't have root (HP, DEC,
SCO, Harris, Loral (AIX), Addamax, Sun Federal, etc.).  There are
others that are working on it but I don't think they are there yet.

Any of these OSes will add a lot to security for systems used as
firewalls, gateways, servers, etc.  And before anyone flames --
a secure OS by itself won't solve all the security problems.

paul

------------------------------------------------------------
Paul McNabb                     mcnabb () argus cu-online com
Argus Systems Group, Inc.       TEL 217-384-6300
1405A East Florida Avenue       FAX 217-384-6404
Urbana, IL 61801 USA
------------------------------------------------------------