Date: Sat, 21 Aug 1999 12:02:07 -0400 (EDT) From: Mikhail Teterin <mi@aldan.algebra.com> To: stable@freebsd.org Cc: jkb@freebsd.org Subject: Re: setting up -STABLE for hack contest Message-ID: <199908211602.MAA06275@misha.cisco.com> In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB4401105BBB@site2s1> from Christopher Michaels at "Aug 21, 1999 10:47:59 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Michaels once wrote: > Take a look here. > http://www.freebsd.org/~jkb/howto.html Is the "http://www.freebsd.org/~jkb/howto.html#pp" an official point of view? Ports and Packages It is best not to use ports or packages when building a secure system. You don't really know which ports or packages will install suid-root binaries on your system - and you don't want more then what you have already, trust me. Even though you can give different switches to the pkg_add command (such as "-v" or "-n"), it is best to download the software in source code form and compile it yourself. I do not see how building the software manualy is "more secure" -- unless you study the Makefiles and INSTALL/README files. This is something you can do with ports prior to doing `make install' anyway. Perhaps, that's what the web-page should encourage, rather then dismissing the whole ports system as "insecure". The web-page also has no mention of xinetd -- a pretty good, IMHO, replacement for inetd. -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908211602.MAA06275>