From owner-freebsd-security Mon Feb 18 6:54:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 2C78337B404 for ; Mon, 18 Feb 2002 06:54:41 -0800 (PST) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 5AC353FC49; Mon, 18 Feb 2002 15:53:34 +0100 (CET) Date: Mon, 18 Feb 2002 15:53:34 +0100 From: Miguel Mendez To: Raf_Schietekat@ieee.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. Message-ID: <20020218155334.A29845@energyhq.homeip.net> References: <200202162009.g1GK90C96120@mail.visp.co.nz> <3C6FF51C.4090602@skynet.be> <20020217193936.A25423@energyhq.homeip.net> <3C70A7E1.5080900@skynet.be> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C70A7E1.5080900@skynet.be>; from sky92136@skynet.be on Mon, Feb 18, 2002 at 08:06:09AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 18, 2002 at 08:06:09AM +0100, Raf Schietekat wrote: Hi Raf, I'm not sure if you just missed my point or you are trolling, but I'll bite :-) > Yeah, good idea, nuke all them Billysoft suckers and save the world!=20 > Meanwhile, how about if I sent an innocent FreeBSD user an attack (this= =20 > looked like a Trojan horse, not an Outlook worm/virus (?), after my=20 > forwarding cum "virus" filtering service released it to me)? Would s/he= =20 Well, you have a point here, as we all know: Security is a process, not a product. But you seem to forget one thing. FreeBSD is *not* by any means a mainstream OS. And that means that the people who use it usually know what they're doing, at least to the point of not executing a file they got from a stranger. Even if they did, all they could lose is the files they own, which, of course, should be backed up somewhere if they are worth anything. Considering the fact the 9 out of 10 computers run some MS OS, the probability that a clueless user is running BSD is almost 0. > be protected by what Java would call a sand box? I don't think so. Unix= =20 > security may be based more on marginality than on technical prowess, and= =20 > little if any progress seems to be being made. What good does it do to=20 > me as an ordinary user that the superuser is safe and smug about his=20 > continued service, if all my personal stuff goes down the drain? I see two cases where this could apply. Someone who just installed MacOS X and for some weird reason decided to play with permissions and the typical moron who joins a unix irc channel and says:"EYE HAEV INSTALLED TEH MANDRAEK!!!!". Well, not really, but you get the point. It is pretty safe to assume that those running BSD are worth their salt. I think Theo de Raadt once said it pretty nicely:"If you are too stupid to read documentation go and run Linux", it wasn't exactly those words, but that was the meaning. And no, I don't expect my mother to be a unix guru, but the freebsd-security list is a technical discussion forum, not the place for newbies. > Raf Schietekat > Running Netscape 6.2 (because I still can) on MS Windows 2000=20 > Professional on my laptop (because I have to). ^^^^^^^ My deepest sympathies :-P Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8cRVtnLctrNyFFPERAtrSAKCauDejlcT/c6PYxwbqcrWXW7q6zwCfd22k YpxZ5XgV9nRgNQaFFvirmu8= =w1YX -----END PGP SIGNATURE----- --liOOAslEiF7prFVr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message