Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Jul 2000 16:24:40 -0700 (PDT)
From:      Kris Kennaway <kris@FreeBSD.org>
To:        Susie Ward <sward@voltage.net>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: SecureBSD (Was: Re: Firewalls and the endless story!)
Message-ID:  <Pine.BSF.4.21.0007051615140.98975-100000@freefall.freebsd.org>
In-Reply-To: <4.3.1.2.20000705165602.00da1ee0@mail.voltage.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Wed, 5 Jul 2000, Susie Ward wrote:

> At 05:09 PM 7/5/00 -0400, Bill Fumerola wrote:
> >Yes, and the original poster demonstrated even further stupidity
> >by adding a proprietary product (SecureBSD 1.0) into the mix and
> >then expect that we support it.
> 
> Speaking of SecureBSD, does anyone have any opinions on the usefulness of 
> SecureBSD?  I've thought about testing it out, but I don't have any servers 
> at the moment to be playing with so I've been putting it off.

A lot of the features it provides aren't likely to be that useful in the
real world (limiting the ability to perform common syscalls to members of
a particular group, etc). The ability to only execute binaries with a
signature preloaded into the kernel, or to only execute binaries owned by
root may be of some use given enough work to tighten your system down, but
on the other hand you'd better not have any scripting languages installed
on your system (/bin/sh, anyone?) ;-)

I haven't looked at it beyond reading the (minimal) supplied documentation
because I'm scared of the license terms and what the securebsd people
might do to me if they catch up with me after I've read the code, but as
an end user by all means take a look and see if you think it's useful for
you.

My opinion so far is that it probably doesn't do enough to present more
than an annoyance to a determined intruder unless you really spend a lot
of time to tighten down your system (and severely limit its
functionality).

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007051615140.98975-100000>