Date: Tue, 11 Feb 1997 08:40:27 -0700 From: Warner Losh <imp@village.org> To: Alexander Snarskii <snar@lucky.net> Cc: michaelh@cet.co.jp (Michael Hancock), freebsd-hackers@freebsd.org Subject: Re: Increasing overall security.... Message-ID: <E0vuKJn-0006Ph-00@rover.village.org> In-Reply-To: Your message of "Tue, 11 Feb 1997 16:18:19 %2B0200." <199702111418.QAA06995@burka.carrier.kiev.ua> References: <199702111418.QAA06995@burka.carrier.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199702111418.QAA06995@burka.carrier.kiev.ua> Alexander Snarskii writes: : But do Theo checks : every new sendmail distribution ? Yes. He does. And he routinely applies additional tweaks the sources in OpenBSD from what I can tell. : Or did he checked all the FreeBSD : packages/ports which can use this functions and have enough privileges : to destroy your system if exploited? No. He hasn't. That's a FreeBSD thing :-). However, now that ports are part of the OpenBSD system (or at least supported), I think this may change. : Or did anybody checks it and : published patches to ones (if the holes are found) ? Often time Theo is behind the scenes and knows about these before the great unwashed masses know about them. And he fixes those problems in OpenBSD that are present. Keep in mind, as was recently pointed out to me, that just bringing in the OpenBSD patches will not make FreeBSD secure. For that a top to bottom audit of code running at elevated priviledge must be completed. The patches will tend to make FreeBSD more secure, but you won't know until after you've audited if you've grabbed everything or not. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vuKJn-0006Ph-00>