dca-pgs@ddn1.arpa (P. Sullivan) (12/12/86)
Gould is advertising "secure Unix"; they claim that it has been certified to the C2 level. They don't mention what kind of Unix. Did Gould actually get a version of Unix certified to the C2 level? What was the date of the certification? What kind of Unix is it? Please reply directly to this acct as I am not on this list. Thanks, Pat Sullivan
ron@BRL.ARPA (Ron Natalie) (12/13/86)
It's certified all right, but by the time they got done with it, it doesn't look much like UNIX. -Ron
dpw@unisec.USI.COM (Darryl P. Wagoner) (12/15/86)
In article <1485@brl-adm.ARPA> ron@BRL.ARPA (Ron Natalie) writes: >It's certified all right, but by the time they got done with it, >it doesn't look much like UNIX. I think that you got caught up in the wording of their ad's. It is certifiable (maybe). From what I have heard they have just finished the paper review of the design. That Not quite the same thing. -- Darryl Wagoner UniSecure Systems, Inc.; dpw@unisec.usi.com Newport, RI; (401)-849-0857
mjranum@gouldsd.UUCP (Marcus J Ranum) (12/17/86)
In article <399@unisec.USI.COM>, dpw@unisec.USI.COM (Darryl P. Wagoner) writes: > In article <1485@brl-adm.ARPA> ron@BRL.ARPA (Ron Natalie) writes: > >It's certified all right, but by the time they got done with it, > >it doesn't look much like UNIX. Oh course it doesn't look 100% like UNIX. For example, the entire setuid concept is thrown away. In order to be certifiable, if I am correct, the networking was thrown away. A lot of the old favorite UNIX ideas are big security loopholes and in order to be certified they had to be gotten rid of. I am sure this subject is good ground for lots of argument. I gather that the approach Gould took was to place an emphasis on producing a secure UNIX at the expense of making it necessarily different. From the ad (I assume the same as yours) it sounds like it'd be tougher to crack. I really don't think anything is ever 100% secure, unless it's write-only hardware technology :-) There was a posting a few months back from a fellow who did hack up secure UNIX. From what he said, it was not a flaw in secure UNIX that allowed him to break in, but rather a goof on the part of the systems administrator. No UNIX system is secure without a suitably paranoid sysadmin. > I think that you got caught up in the wording of their ad's. It is > certifiable (maybe). From what I have heard they have just finished the > paper review of the design. That Not quite the same thing. If I am correct, it is certified. Certainly that is more than can be said for 4.2BSD > -- > Darryl Wagoner > UniSecure Systems, Inc.; dpw@unisec.usi.com UniSecure systems ? What do they manufacture, unicycle locks ? I, incidentally, work for a completely different section of Gould, and have no personal stake in this matter. Live Free mjr