Date: Mon, 18 Feb 2002 15:53:34 +0100 From: Miguel Mendez <flynn@energyhq.homeip.net> To: Raf_Schietekat@ieee.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. Message-ID: <20020218155334.A29845@energyhq.homeip.net> In-Reply-To: <3C70A7E1.5080900@skynet.be>; from sky92136@skynet.be on Mon, Feb 18, 2002 at 08:06:09AM %2B0100 References: <200202162009.g1GK90C96120@mail.visp.co.nz> <3C6FF51C.4090602@skynet.be> <20020217193936.A25423@energyhq.homeip.net> <3C70A7E1.5080900@skynet.be>
next in thread | previous in thread | raw e-mail | index | archive | help
--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Feb 18, 2002 at 08:06:09AM +0100, Raf Schietekat wrote:
Hi Raf,
I'm not sure if you just missed my point or you are trolling, but I'll bite
:-)
> Yeah, good idea, nuke all them Billysoft suckers and save the world!=20
> Meanwhile, how about if I sent an innocent FreeBSD user an attack (this=
=20
> looked like a Trojan horse, not an Outlook worm/virus (?), after my=20
> forwarding cum "virus" filtering service released it to me)? Would s/he=
=20
Well, you have a point here, as we all know: Security is a process, not
a product. But you seem to forget one thing. FreeBSD is *not* by any
means a mainstream OS. And that means that the people who use it usually
know what they're doing, at least to the point of not executing a file
they got from a stranger. Even if they did, all they could lose is the
files they own, which, of course, should be backed up somewhere if they
are worth anything. Considering the fact the 9 out of 10 computers run
some MS OS, the probability that a clueless user is running BSD is
almost 0.
> be protected by what Java would call a sand box? I don't think so. Unix=
=20
> security may be based more on marginality than on technical prowess, and=
=20
> little if any progress seems to be being made. What good does it do to=20
> me as an ordinary user that the superuser is safe and smug about his=20
> continued service, if all my personal stuff goes down the drain?
I see two cases where this could apply. Someone who just installed MacOS
X and for some weird reason decided to play with permissions and the
typical moron who joins a unix irc channel and says:"EYE HAEV INSTALLED
TEH MANDRAEK!!!!". Well, not really, but you get the point. It is pretty
safe to assume that those running BSD are worth their salt. I think Theo
de Raadt once said it pretty nicely:"If you are too stupid to read
documentation go and run Linux", it wasn't exactly those words, but that
was the meaning. And no, I don't expect my mother to be a unix guru, but
the freebsd-security list is a technical discussion forum, not the place
for newbies.
</rant>
> Raf Schietekat <Raf_Schietekat@ieee.org>
> Running Netscape 6.2 (because I still can) on MS Windows 2000=20
> Professional on my laptop (because I have to).
^^^^^^^
My deepest sympathies :-P
Cheers,
--=20
Miguel Mendez - flynn@energyhq.homeip.net
GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt
EnergyHQ :: http://www.energyhq.tk
FreeBSD - The power to serve!
--liOOAslEiF7prFVr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8cRVtnLctrNyFFPERAtrSAKCauDejlcT/c6PYxwbqcrWXW7q6zwCfd22k
YpxZ5XgV9nRgNQaFFvirmu8=
=w1YX
-----END PGP SIGNATURE-----
--liOOAslEiF7prFVr--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020218155334.A29845>