Sun-isms Debunked

Newman writes "We're all aware of the hole-ridden arguments that Sun executives Scott McNealy and Jonathan Schwartz use to attack Linux. This guy at NewsForge really grilled them at the Solaris launch party last Monday, and actually got some straight answers out of them. At the end of the article, both execs have some specific words for Slashdot readers."

Security, et al

[jd]

First, the Government takes this really warped view that everything has to be FIPS-approved and NSA-approved, even if the NSA wrote the bloody thing.

In consequence, Netscape's SSL is considered acceptable for Government use (and DES has only just had its permission revoked), but the DoD's own implementation of IPSec and the NSA's work on SELinux are not. Rijndael-128 is OK, but Rijndael-256 is not. Even though all the evidence so far is that both versions of Rijndael are perfectly good.

A version of SuSE Linux (with help and funding from IBM) has been certified by the NSA as secure under the "Common Criteria" at about the same sort of level as Windows NT. This was on a PC I believe. No other platform for Linux, and no other distribution of Linux, has been certified.

So, you CAN run that specific version of SuSE on the specific PC platform it was tested on on military unclassified or confidential networks. Because so few OS' have been certified (only a tiny number of Unix manufacturers have the money for the approval process, never mind the development!!!) it's common practice to run any "approved" OS on Secret and Top Secret networks, even though they're not supposed to.

(Having worked as a contractor for the DoD, I can tell you that it is also not uncommon for software companies to request and receive waivers exempting them from NSA security auditing. The main appeal of COTS solutions, such as Microsoft, is that it's a lot cheaper than most GOTS solutions and the quality is about the same.)

For real "military grade" security (the stuff the military would like, if they weren't spending all their money in strip clubs) you'd need to take one of the existing security patches and add the following:

• Mandatory Access Controls on packets and sockets
• Mandatory Access Controls on allocated memory (and either MAC or secure wiping on freed memory)
• Mandatory Access Controls on all files (SELinux does this, not all the others do)
• FIPS compliance on all hash and encryption algorithms
• If MOSIX (or some other clustering patch) is applied, MACs should migrate between nodes. Nodes should also have a security label, and it should be impossible to migrate unauthorized material between any two nodes, or authorized material to an unauthorized node.
• There's no real specification on handling network QoS algorithms, as far as I know, but the NSA would likely be happier if queues also had security labels. That way, there could be no attack which allowed a packet of lower clearance to run into a packet of higher clearance in such a way as to expose the higher clearance material to a lower clearance process.
• The kernel and the core packages would need to be fairly watertight against buffer overruns and other common coding bugs. It should also be fairly fail-safe, such that if such a bug did exist, it would be hard to use that to bypass the access control system.

All that would give Linux a clearance comparable to the old B2 or B1 levels, which would be more than adequate for most classified networks. Relative to the work already put into Linux, it's really not that much. If IBM and SGI wanted to pool resources to make a B2/B1 version of Linux, I see absolutely no reason why they couldn't.

Now comes the fun part! What if you were to do all the above, and then do a line-by-line full coding audit with formal validation? IBM has something like 10,000 Linux coders. There are 50,000,000 lines of code. Assuming you could do the audit at no more than 10 lines a day, it would take 100 days to audit the kernel to this degree. For a real bare-bones box, it would probably take about the same to do the user-space stuff.

What would this give you? Well, the ONLY COTS Operating System to be A1-certifiable. There simply aren't any other. Nobody makes software to the A1 standard. At least, not that

Re:What day of the week is it?

[upsidedown_duck]

I'm tired of the bullshit.

Bullshit? Sun's stock has steadily gone up over 60% since August, all in anticipation of Solaris 10, Niagara, fighting off losers like Kodak, etc. Sun is going through another one of its re-invention cycles, and will have massively-multi-threaded systems in the next two years with Solaris 10, complete with super-fast TCP/IP and through-and-through checksums on ZFS (among other things).