Re: [Gnue-dev] Appserver/Common Issues

[Stanley A. Klein]

At 11:39 PM 11/21/2002 +0100, Jan Ischebeck wrote:
>Hi Stanley,
>
>First, I agree with you in the most points. The only impression I get is
that 
>we just talk about very high security. I'm not shure how popular NSA Linux, 
>or the Linux Security Modules will become in the next years, but I doubt
that 
>many IT managers of SMBs are using it.
>Thats the reason, why I would like that gnue gets a very flexible security 
>structure. A structure which let the user choose about using the very secure 
>version of GNUe possibly bundled with NSA Linux, or a less secure one with 
>some more features :).
>


Jan -

I very strongly agree with you on the need for a flexible security
structure.  That is what I described in the previous version of my draft
proposed security framework (the one you can find in CVS), and it continues
in the revision I'm working on.  (If I can ever get OpenOffice.org to
format the document the way I want it and not do the crazy things its
styles seem to want to do, I will be able to provide it and you can see
more of what I mean. :-)

The main reason I seem to be focused on the high security requirements is
that they are the greatest challenge.  It is easy to back off and provide
less security.  All a user has to do is select Windows as the operating
system, and most security goes away. :-)  

Linux is also moving to a much more flexible structure.  The Loadable
Kernel Module effort has provided some "kernel hooks" that can be used by a
wide range of modules.  They will come with the system.  All you will need
to do is select a module and "insmod" it and you will have the security
policy it provides.  IIRC, there is actually one module that gets rid of
the security that is already in the kernel.  It is there for some real-time
critical users who can't afford the time it takes for the existing,
built-in access control.  BTW, I understand that Kernel 2.6 won't be
available until some time next year.  I have seen postings on slashdot that
they are beginning to place freeze deadlines on changes in preparation for
an eventual release.  Until then most of this stuff is available only to
people who enjoy playing with kernel patches and recompilation.  :-)

Regarding SMB's, I think some will need very little security and others
will need relatively high security.  It depends on whatever legal and
contractual requirements apply to them, and on what the governing entity of
the business (such as the Board of Directors) wants to do for the business
itself.  For example, an individual independent consultant might need
protection only from inadvertent error, while a small law firm or
accounting firm might have very stringent security requirements arising
from the kinds of legal or accounting matters they handle.

BTW, on another matter we have discussed, I saw something (I think in the
GNUe-sb CVS) that refers to "XML includes" (I think for managing gsd's).
So the technology for that is somewhere in the project.

This has been a good discussion.  You may see some of it in the revised
security framework proposal document.  Discussions like this are very
useful in helping clarify these issues.


Stan Klein