Date: Wed, 2 May 2012 16:00:47 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Richard Yao <ryao@cs.stonybrook.edu> Cc: Jerry McAllister <jerrymc@msu.edu>, freebsd-hackers@freebsd.org, Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com>, Andy@freebsd.org, Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>, Young <ayoung@mosaicarchive.com> Subject: Re: Ways to promote FreeBSD? Message-ID: <CAKR2__1rgORJ6FKDDYEb=uYG==RA=puOyzssaR-JjS3evLbg3Q@mail.gmail.com> In-Reply-To: <4FA12980.6080101@cs.stonybrook.edu> References: <CAHMRaQf=M0ULOH=KnqzOXvczSM0Lb6apCoQkJegqyU3e8%2BgShA@mail.gmail.com> <alpine.BSF.2.00.1204272025080.5846@wojtek.tensor.gdynia.pl> <20120427203117.GA2055@gizmo.acns.msu.edu> <CAOgwaMv_9c_W4fek-kGhQV3B5bKv4RnEFn_6ixn2LS7qDPma6Q@mail.gmail.com> <CAKR2__3C2r1LTk3Sf0w52Jjp3KZhPduqrN0vsvr1VCCb%2BtF4UQ@mail.gmail.com> <4FA12980.6080101@cs.stonybrook.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 2, 2012 at 2:33 PM, Richard Yao <ryao@cs.stonybrook.edu> wrote: >On 05/02/12 04:55, Giorgos Keramidas wrote: >> Judging from the amount of effort it takes to "harden" a system >> that already starts a thousand services (typical "desktop Linux" >> scenario these days), and the number of times I've seen this >> sort of customization cause even more headaches, I'd say this >> is a slightly exaggerated statement. > > You might be thinking of SELinux, which is not the only option for > hardening. Not really, no. I was referring to the practice of starting a gazillion services by default, including dbus, avahi, ftp and http services, file sharing components, and all the rest of the stuff that is now commonly installed as part of a "Linux desktop". SELinux is indeed one form of hardening, but I wasn't referring specifically to it; exactly the opposite, in fact. >> You are right that a "plain user" does not care about why their >> CD-ROM is not accessible after installation, but there are two >> different ways to approach this: >> >> - Install and enable everything by default, hoping that nothing >> =C2=A0 bad happens when an unused service is exploitable. >> - Install a minimal system and build from there. >> >> Most Linux distributions pick the first option. _Some_ Linux >> distributions pick the second option (e.g. Gentoo). > > You might be thinking of Gentoo Linux, rather than Gentoo. The term > Gentoo also covers Gentoo/FreeBSD and Gentoo Prefix. Gentoo/FreeBSD > replaces the Linux kernel and GNU userland with FreeBSD while Gentoo > Prefix provides a userland package manager to UNIX-compatible systems: Gentoo Linux is what I was talking about. It's one of the distributions that does lean towards the "install only what is necessary" side of the spectrum. The main point is not whether Gentoo/Linux or Gentoo/BSD is the best color for the particular bikeshed though. It was that one _has_ the option both with Linux and BSD as a base to implement both types of installations. Hardening can be either an install-time property or an after-effect. It's really not OS-dependent at all.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKR2__1rgORJ6FKDDYEb=uYG==RA=puOyzssaR-JjS3evLbg3Q>