Date: Mon, 2 Apr 2012 17:48:05 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Erich Dollansky <erichfreebsdlist@ovitrap.com> Cc: "Julian H. Stacey" <jhs@berklix.com>, schultz@ime.usp.br, Da Rock <freebsd-questions@herveybayaustralia.com.au>, freebsd-questions@freebsd.org Subject: Re: FreeBSD Security in Multiuser Environments Message-ID: <20120402163942.K2060@sola.nimnet.asn.au> In-Reply-To: <20120401045919.246CE1065672@hub.freebsd.org> References: <20120401045919.246CE1065672@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 408, Issue 10, Message: 5 On Sat, 31 Mar 2012 21:05:00 +0700 Erich Dollansky <erichfreebsdlist@ovitrap.com> wrote: > On Saturday 31 March 2012 20:26:14 Julian H. Stacey wrote: [..] > > Da Rock wrote: > > > On 03/31/12 17:46, Julian H. Stacey wrote: [..] > > > > schultz@ime.usp.br wrote: > > > >> Hello, > > > >> > > > >> I would like to raise a discussion about the security features > > > >> of FreeBSD as a whole and how they might be employed to actually > > > >> derive some meaningful guarantees. > > > > We have a list specialy for freebsd-security@. Please use it. I thought this to be sensible advice. Before seeing that I'd thought of copying it to rwatson@ who I figured might take an interest due to his involvement with Capsicum, acl(3) and such, but he certainly reads that list anyway (and more than likely, not this one :) > > > Hang on, hold the phone: The security list (specifically) is for > > > security announcements. At least that what it said when I subscribed to > > > it... > > > > Wrong. Correct :) > > For list of mail lists see: > > http://lists.freebsd.org/mailman/listinfo > > > > Specifically: > > freebsd-security@freebsd.org > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > > > freebsd-security-notifications@freebsd.org > > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > this sounds very confusing for people who have simple question: > > 'General system administrator questions of an FAQ nature are > off-topic for this list, but the creation and maintenance of a FAQ is > on-topic. Thus, the submission of questions (with answers) for > inclusion into the FAQ is welcome. Such question/answer sets should > be clearly marked as (at least "FAQ submission") such in the subject. > ' schultz' post was nothing in the way of an FAQ issue, but a request for discussion of a wide range of system security issues, far indeed from a 'simple question'. Had you posted the two paragraphs before the one you quote above, this may have been a little clearer. To wit: "This is a technical discussion list covering FreeBSD security issues. The intention is for the list to contain a high-signal, low-noise discussion of issues affecting the security of FreeBSD. "Welcome topics include Cryptography (as it relates to FreeBSD), OS bugs that affect security, and security design issues. Denial-of-service (DoS) issues are less important than problems that allow an attacker to achieve elevated privelige, but are still on-topic." > This sounds that 'schultz' would be wrong there. Not at all Erich, quite the opposite in my view; as someone who's been subscribed to freebsd-security@ for 12 or so years, I look forward to seeing informed responses to some of schultz' issues. In any event, {s,}he promptly took Julian's advice to post it there, where one aspect has already attracted responses from des@ and pjd@ The best way to get a good sense of what issues are acceptible and/or useful topics for which lists, without having to subscribe, is to browse a list's archives for several months. Works for me. In this case try: http://lists.freebsd.org/pipermail/freebsd-security/ cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120402163942.K2060>