[FUG-BR] Fwd: Kylin kernel source code now online
Trober
trober em trober.com
Quinta Outubro 7 09:52:10 BRT 2010
> se alguem tiver interessado...
>
> Jean
>
> Begin forwarded message:
>
>> From: "Robert N. M. Watson" <robert.watson em cl.cam.ac.uk>
>> Date: 6 October 2010 15:50:29 GMT+01:00
>> To: cl-security-research em lists.cam.ac.uk
>> Subject: Kylin kernel source code now online
>>
>> For those interested in secure operating systems, or even possibly
>> secure operating systems, the Kylin kernel source code is now online:
>>
>> http://code.google.com/p/kylin-2
>>
>> For those who don't follow Schneier et al, Kylin is a FreeBSD-derived
>> operating system developed for use by the Chinese military. It was
>> forked in around 2004/2005, as far as I know, but contains significant
>> enhancements since then. A talk was given on Kylin at EuroBSDCon in
>> Milan a few years ago, I can see if I can dig up the paper if folks are
>> interested.
>>
>> I was interested to see that they appear to make moderate use of the MAC
>> Framework, a reference monitor I designed as part of DARPA work about
>> ten years ago. They have a different implementation of security event
>> auditing than the version I did for Mac OS X and FreeBSD, however
>> (presumably due to branching before that went into FreeBSD), and also
>> don't have the fine-grained privilege work I did for nCircle that made
>> its way back into FreeBSD.
>>
>> Among MAC models, they have what appears to be a LOMAC-derived data
>> tainting model, although I've not looked closely at the specifics of the
>> policy so may be misreading. They've also adapted a version of FLASK/TE
>> that my team developed at NAI Labs, based on the version from SELinux;
>> this didn't make it into mainstream FreeBSD, but does appear to have
>> found a home in Kylin.
>>
>> There's probably quite a few interesting things to say here if someone
>> has to time to do a more serious analysis.
>>
>> Robert
>
> -------------------------
>
Complementando sobre o (ripadão) Kylin.
Pegaram um FreeBSD descontinuado, alteraram alguns valores de parâmetros
em "vers.c" e compilaram, dando assim "novo nome ao boi".
http://www.fug.com.br/historico/html/freebsd/2009-05/msg00349.html
Saudações,
Trober
-
-
-
-
-
Mais detalhes sobre a lista de discussão freebsd