Fair point. What about a kernel image booted from write protected media (a
floppy or CD) that is removed from the machine after booting? Such a kernel
could be compiled with the secret filesystem key built in. :^)
> >At this stage, I'm interested mostly in peoples' comments. I'm becoming
> >fascinated by what it would take to make Linux conform to Orange-Book Class B
> >security. This modification to the filesystem would be relevant to getting it
> >over C1 (sub-paragraph 2.1.3.1.1!)
>
> Sounds great!
>
> If there is a good copy of these security standards on the net could you
> please give me the URL? Otherwise could you please provide a brief summary of
> the important points?
OK! A little bit of over-enthusiasm in the morning; take a look at
http://parc.power.net/morgan/Orange-Linux/index.html
Best wishes
Andrew
-- Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html libpwdb: http://parc.power.net/morgan/libpwdb/index.html [ For those that prefer FTP --- ftp://ftp.lalug.org/morgan ]