Date: Fri, 29 Apr 2005 09:28:40 -1000 From: Clifton Royston <cliftonr@tikitechnologies.com> To: freebsd-questions@freebsd.org Subject: Re: longest uptime Message-ID: <20050429192839.GC16177@tikitechnologies.com> In-Reply-To: <14390987.20050429044933@wanadoo.fr> References: <42713B77.5020000@aixa.rot-1.de> <200504281941.50460.krinklyfig@spymac.com> <14390987.20050429044933@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 29, 2005 at 04:49:33AM +0200, Anthony Atkielski wrote:
> Joshua Tinnin writes:
>
> > An long-unpatched FreeBSD install on a DMZ server makes me a bit
> > more edgy than knowing the uptime will reset to zero when it's rebooted
> > after updating.
>
> Is FreeBSD so insecure that it must be patched every few days?
No.
Are FreeBSD security issues released more than once a year?
Yes.
> I hardly
> ever see FreeBSD security issues on Bugtraq, and the ones I see often
> have nothing to do with Net attacks. A properly configured FreeBSD
> server with no local logins should be quite secure.
Do some FreeBSD security issues require local logins for exploit?
Yes.
Do all of them?
No.
Are some of them remotely attackable?
Yes.
Does it depend what services you're running?
Often.
Are there some remotely attackable security issues which don't depend
on specific services you're running, or involve always-running
services?
Sometimes.
Can you get away without patching and rebooting FreeBSD for every
security update?
Usually for long periods of time, depending on what you're running.
Is it a good idea to patch anyway?
Yes.
-- Clifton
--
Clifton Royston -- cliftonr@tikitechnologies.com
Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
-- 'Whip-Smart', Liz Phair
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050429192839.GC16177>