From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 29 19:28:40 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CEB0116A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 29 Apr 2005 19:28:40 +0000 (GMT)
Received: from malasada.lava.net (malasada.lava.net [64.65.64.17])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A513843D41
	for <freebsd-questions@freebsd.org>;
	Fri, 29 Apr 2005 19:28:40 +0000 (GMT)
	(envelope-from cliftonr@lava.net)
Received: by malasada.lava.net (Postfix, from userid 102)
	id 37AC2153883; Fri, 29 Apr 2005 09:28:40 -1000 (HST)
Date: Fri, 29 Apr 2005 09:28:40 -1000
From: Clifton Royston <cliftonr@tikitechnologies.com>
To: freebsd-questions@freebsd.org
Message-ID: <20050429192839.GC16177@tikitechnologies.com>
Mail-Followup-To: freebsd-questions@freebsd.org
References: <42713B77.5020000@aixa.rot-1.de>
	<200504281941.50460.krinklyfig@spymac.com>
	<14390987.20050429044933@wanadoo.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <14390987.20050429044933@wanadoo.fr>
User-Agent: Mutt/1.4.2i
Subject: Re: longest uptime
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2005 19:28:40 -0000

On Fri, Apr 29, 2005 at 04:49:33AM +0200, Anthony Atkielski wrote:
> Joshua Tinnin writes:
> 
> > An long-unpatched FreeBSD install on a DMZ server makes me a bit
> > more edgy than knowing the uptime will reset to zero when it's rebooted
> > after updating.
> 
> Is FreeBSD so insecure that it must be patched every few days? 

  No.

Are FreeBSD security issues released more than once a year?

  Yes.

> I hardly
> ever see FreeBSD security issues on Bugtraq, and the ones I see often
> have nothing to do with Net attacks.  A properly configured FreeBSD
> server with no local logins should be quite secure. 

Do some FreeBSD security issues require local logins for exploit?

  Yes.

Do all of them?

  No.

Are some of them remotely attackable?

  Yes.

Does it depend what services you're running?

  Often.

Are there some remotely attackable security issues which don't depend
on specific services you're running, or involve always-running
services?

  Sometimes.

Can you get away without patching and rebooting FreeBSD for every
security update?

  Usually for long periods of time, depending on what you're running.

Is it a good idea to patch anyway?

  Yes.

  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair