Bezpecnost.

[Frantisek Krupka]

Leos Bitto wrote:
> 
> 
> Pokud by C2 mel ziskat Linux, dostala by to zase jen jedna konkretni
> konfigurace - rekneme RedHat 4.2 s veskerymi updaty ke dni X.Y. 
> Jakmile byste nainstalovali neco jineho, uz byste nemeli OS splnujici 

Nemusi byt pravda. Necertifikuje se cely system. Podle TCSECu muze
certifikovany system obsahovat i necertifikovane casti nebo casti
certifikovane na odlisne urovni :

The scope of these criteria is to be applied to the set of components
comprising a trusted system, and is not necessarily to be applied to
each system component individually.  Hence, some components of a system
may be completely untrusted, while others may be individually evaluated
to a lower or higher evaluation class than the trusted product
considered as a whole system.  In trusted products at the high end of
the range, the strength of the reference monitor is such that most of
the components can be completely untrusted.  Though the criteria are
intended to be application-independent, the specific security feature
requirements may have to be interpreted when applying the criteria to
specific systems with their own functional requirements, applications or
special environments (e.g., communications processors, process control
computers, and embedded systems in general).  The underlying assurance
requirements can be applied across the entire spectrum of ADP system or
application processing environments without special interpretation.

Urcite by jste nemohl vymenit kernel, ale opatchovat trebas telnet
daemona by jste mohl.

> C2. Pri tempu jakym se Linux vyviji by to bylo k nicemu. A navic ta 
> certifikace na C2 stoji opravdu _hodne_ penez a kde by se vzaly?

Tuhle uvahu uz ponecham na jinych..

> 
> Leos Bitto

                                       Krupka F.,