SECURITY: NSA Security-enhanced Linux updated

From: Howard Holm (hdholm_at_epoch.ncsc.mil)
Date: 05/14/04

  • Next message: Frederick Noronha (FN): "Wizards of OS 3. The Future of the Digital Commons (June, Berlin) (fwd)" 
    Date: Thu, 13 May 2004 18:12:21 CST

    The SELinux web site <http://www.nsa.gov/selinux/> has been updated. The
    site includes a new release of the SELinux prototype. The current
    prototype and the experimental NFS code are now based on Linux kernel
    2.6.6. Several races and kernel socket creation have been fixed and a
    runtime disable has been added. The old linux 2.4-based kernel patch has
    been ported to 2.4.26. The userland patches have been updated from
    Fedora Core 2 development. There are now man pages for libselinux. X
    server security classes and access vector definitions were added and
    many policy updates were made.

    Security-enhanced Linux incorporates a strong, flexible mandatory
    access control architecture into the major subsystems of the Linux
    kernel. The system provides a mechanism to enforce the separation of
    information based on confidentiality and integrity requirements. This
    allows threats of tampering and bypassing of application security
    mechanisms to be addressed and enables the confinement of damage that
    can be caused by malicious or flawed applications. The SELinux web
    site <http://www.nsa.gov/selinux/> contains background information,
    documentation, source code, and archives for the selinux mailing-list. 

    -- 
Howard Holm <hdholm@epoch.ncsc.mil>
Office of Defensive Computing Research
National Security Agency

    ##########################################################################
    # Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
    # PLEASE remember a short description of the software and the LOCATION. #
    # This group is archived at http://stump.algebra.com/~cola/ #
    ##########################################################################

  • Next message: Frederick Noronha (FN): "Wizards of OS 3. The Future of the Digital Commons (June, Berlin) (fwd)"

    Relevant Pages

    • Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
      ... As for the ASLR component of PageExec: in kernel space, ... soon to issue from the varied and sundry organisations who bundle the Linux ... the reason is intersintg too; linus considers security ... lot of bug classes from the start, ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] Linux Exec Shield (was: Linux (in)security)
      ... > Speaking about kernel hardening, I was wondering if anyone on the list could ... > comment on Ingo Molnar's Exec Shield Linux kernel patches. ... Linux kernel you can execute any data inside a process's memory or overwrite ... From a security point of view ...
      (Full-Disclosure)
    • MDKSA-2001:071 - kernel 2.4 update
      ... Subject: MDKSA-2001:071 - kernel 2.4 update ... of other bugs for the 2.4 kernel shipped with Mandrake Linux 8.0 ... You can get the GPG public key of the Mandrake Linux Security Team at ...
      (Bugtraq)
    • Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory
      ... Most of the security professionals I ... know are simply scared by the way the kernel developers and distributors ... most people assume that vendor-sec has not been told about this ... recommend and working contact address for security issues with Linux, ...
      (Full-Disclosure)
    • Re: Linux Security is a Joke!
      ... > Security on Linux and Unix is a joke - it makes Windows look like Fort ... > sometimes down to the kernel. ...
      (alt.os.linux)