Date: Sun, 3 Sep 2000 11:15:49 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: cjclark@alum.mit.edu Cc: Nate Williams <nate@yogotech.com>, Allen Campbell <allenc@verinet.com>, Ian Smith <smithi@nimnet.asn.au>, freebsd-stable@FreeBSD.ORG Subject: Re: bad 16550A maybe? Message-ID: <200009031715.LAA03829@nomad.yogotech.com> In-Reply-To: <20000903012428.G62475@149.211.6.64.reflexcom.com> References: <Pine.BSF.3.96.1000902074531.8872A-100000@gaia.nimnet.asn.au> <39B19295.3D66E41@verinet.com> <200009030158.TAA01926@nomad.yogotech.com> <20000903012428.G62475@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The only modifications were to continually upgrade the software such as > > BIND and SENDMAIL where remote root exploits were possible, but > > otherwise it's a stock FreeBSD 2.2.8 system. (No X, of course.) > > I assume you mean it is a FreeBSD 2.2.8-STABLE. Right. > There are some > security fixes that were never backported to 2.2.8. True, but none of them involve remote root exploits, only local root exploits. (The TCP/IP stack ones I acctually backported). > I hope you don't have /proc mounted for example. If it's 2.2.8-RELEASE > there are more things to be fixed. If security is a concern on this > platform, the fact that security fixes have not been and will no > longer be backported is something to consider. Given it's not a machine that can be logged into (except by the sys-admin), it's really not a concern. *IF* the box had usable local accounts, then it would be a concern. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009031715.LAA03829>