Re: Is 6.0 released?
From: Timmy (timmy15_at_notformail.com)
Date: 07/18/05
- Next message: Steven G. Kargl: "Re: disk full during 'make install'"
- Previous message: mr_scary: "Re: honeyd will not start on OpenBSD 3.7"
- In reply to: bsder: "Is 6.0 released?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 18 Jul 2005 11:44:17 -0400
bsder wrote:
> Hi,
>
> I saw some posts from the Current mailing list, some ppl asking issues
> on 6.0 beta1. Is that mean 6.0 Release was out a while ago?
>
> Sam.
I just checked. This ISO's for 6-BETA1 are out.
ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/6.0/
FBSD-6 looks like its going to be too cool!
Robert N M Watson: TrustedBSD elements have now appeared in 4.x, 5.x, and
6.x. 5.x brought in many of our most significant features -- some were
infrastructure to support our goals, and others were security features
we've been targetting as primary goals. Supporting TrustedBSD features
included OpenPAM, GEOM, UFS2 with extended attributes, and a lot of kernel
and user space cleanup for access control. It turns out that our extensive
SMP work in 5.x was also very important, as the mature kernel
synchronization architecture of 5.x allows us to generate access control
decisions in many code paths that would not easily have supported it in
4.x, such as in software interrupt paths in the network stack.
The direct feature set in 5.x included the TrustedBSD MAC Framework, which
allows compile-time and run-time extension of the FreeBSD security model, a
set of sample system policy modules, such as Multi-Level Security, Biba
Integrity, and a variey of hardening policies, and also support for Access
Control Lists (ACLs). So the TrustedBSD work was really key to the 5.x
release line, especially if you include the supporting features I listed
above.
In 6.x, many of the experimental features from 5.x are considered production
quality, and extended in a variety of ways. Two of the biggest "new"
projects are SEBSD, a port of NSA's FLASK/TE implementation from SELinux
and its predecessors (DTOS, FLUX), and support for CAPP security event
audit, which is derived from OpenBSM, which is in turn derived from Apple's
CAPP Audit implementation. SEBSD will be an add-on distribution on top of
FreeBSD 6.x, and allow the authoring of fine-grained Type Enforcement (TE)
policies similar to those in SELinux. OpenBSM provides us with a
implementation of both kernel event auditing, as well as a BSD-licensed
user space audit library implementing Sun's BSM audit file format and
service API. Adding support for Audit really fleshes out our trusted
operating system feature set, and NSA's FLASK/TE provides a powerful policy
language to for tuning system security for specific applications and
configurations.
These are security features that our network appliance, security, financial,
and military consumers will appreciate greatly. They're also features that
end users will be able to use to customize and monitor security operation
of their systems in a manner currently unsupported by any other open or
closed source operating system.
You can read more at the url below.
http://www.osnews.com/story.php?news_id=10951
- Next message: Steven G. Kargl: "Re: disk full during 'make install'"
- Previous message: mr_scary: "Re: honeyd will not start on OpenBSD 3.7"
- In reply to: bsder: "Is 6.0 released?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
