Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP-LX 1.0 Secure Linux

Posted by michael on from the thirty-percent-fewer-rootkits dept.

kengreenebaum writes: "Webtechniques has a short but interesting article on HP's approach to a secure but expensive LINUX distro. Basically they started with RedHat 7.1 and added compartments; an extension to the age-old chroot jail concept where the processes representing major services run. Kernel extensions allow HP (or the administrator) to specify which compartments can access which kernel resources including individual files, network stacks, and each other. HP has Technical Product Brief as well as other material online. Interesting to compare HP's approach to that of the NSA's Secure Linux projects. These concepts sound like a solid way to prevent buffer overflow type security holes in individual services from compromising the entire machine. At $3000 HP-LX is too expensive for many to experiment with but the NSA's code seems to be more readily available. Anybody have experience with these distributions or with similar approaches to Linux security?"

2 of 182 comments (clear)

  1. Re:What about GPL, GNU, etc? by pmcneill · · Score: 5, Insightful

    Yes and no. They have to release the source to the people to whom the product is distributed. However, they don't have to make it publically available. The catch is that the people who receive the source can also redistribute it at will. As someone else pointed out, the source is available here.

    I expect, however, that HP has some proprietary stuff that's included in non-GPLd binaries.

  2. Re:Low confidence in anything from HP by Bruce+Perens · · Score: 5, Insightful
    I agree that the HPUX folks do sometimes seem to lose sight of the fact that there is an outside world that, for the most part, doesn't run HPUX. But fortunately I work on Linux. HP has contributed a lot to free software: the IA-64 port of the Linux kernel is led by David Mosberger of HP and is all GPL, of course. HP spends about 1/2 Million per year just on salaries, benefits, and overhead for 4 of the key Samba developers. And a number of HP projects like Cooltown have come under the GPL. And of course they pay for all of my political efforts on behalf of free software - working on software patent issues, speaking, writing, etc.

    Bruce

    --
    Bruce Perens.