> From: "Geo." 
> "Adam Flinton"  wrote in message
> news:509264.5140f7{at}harborwebs.com...
>> SE Linux comes with the source rpm'es for the fedora stuff but seeing how
>> they're not even compiled to binaries I fail to see how they would count
> as
>> applications.
> Lets say today you have a current SE Linux CD, put it in a safe, on december
> 31st you take it out and install everything on the cd. Now if you are
> exploitable then those count as security issues that need to be addressed.
> The product is defective.

Yup. & there are 2 easy ways round that:

1) If machines are in a closed network then you can maintain an up to date CD.

2) If the machines are allowed onto the internet (with a broadband
connection) then you can design a distie such that the install has the
"minimum to get you on the network" on the CD itself such that
the chances of that part being exploitable are low. Equally it makes the
install bit that much easier to keep up to date as per point (1).

You then always install the most recent versions of the applications from a
distribution's server when you install.

> That's all I'm saying, I'm not trying to label one an OS flaw and another an
> Application flaw because todays software has become so integrated and there
> are so many dependencies you just can't do that. You of all people should
> realize that a flaw in some piece of portable code that's exploitable on one
> platform and not exploitable on another forces you to view this a different
> way than that.
> Geo.


There are dependencies but I'm not so sure stuff is so integrated as you
make out. Sure lots of stuff depends on there being a TCP network stack,
however that doesn't mean anything is dependant upon a specific
implementation of a TCP stack.

It's a bit like this "Service based architecture" thingy. I.e.
you see tcp as a service of which you use a portion. Disk access &
storage is another service etc. Do you need to care if the bits are on a
local IDE, local SCSI, Local CD, SAN etc.etc.etc.? Nope, you ask an address
for a stream/file & it services your request.

I would say apps are actually less integrated in many ways that they used
to be. It's been a while since a app came with it's own vid drivers or
memory management for example (OK some games still might if running on
Win-DOS).

You have CP (Cross Platform) toolkits like say QT etc. which allow you to
build your app to a set of common services (e.g. disk access, network etc)
w/o bothering if the app is compiled for Linux on intel, linux on ppc,
windows on intel etc.

Adam

--- BBBS/NT v4.01 Flag-5