From owner-freebsd-security Wed Aug 7 09:32:09 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA14474 for security-outgoing; Wed, 7 Aug 1996 09:32:09 -0700 (PDT) Received: from kdat.calpoly.edu (kdat.csc.calpoly.edu [129.65.54.101]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA14466 for ; Wed, 7 Aug 1996 09:32:08 -0700 (PDT) Received: (from nlawson@localhost) by kdat.calpoly.edu (8.6.12/N8) id JAA02642; Wed, 7 Aug 1996 09:32:04 -0700 From: Nathan Lawson Message-Id: <199608071632.JAA02642@kdat.calpoly.edu> Subject: Two problems I have with FreeBSD security To: lchamber@ec.camitel.com (Luc Chamberland) Date: Wed, 7 Aug 1996 09:32:04 -0700 (PDT) Cc: freebsd-security@freebsd.org In-Reply-To: from "Luc Chamberland" at Aug 6, 96 07:27:31 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >I'm actually interested in a 'secure' release of FreeBSD, with daemons not > >running as root, no complicated mailers, few to no setuid binaries -- in > >essence, what I do to my FreeBSD systems as soon as I install them. > > > >Unfortunately, I have recently started a very demanding job and do not have > >the time to contribute to such a project. My apologies. > > The FreeBSD on a scale of 10, how many points do you gives for security? > FreeBSD seems insecure for you!, this is same for all intruders!!!! I'd give FreeBSD an 8. Usually, patches for security holes come out very quickly, and the developers are reachable. I took one point off of ten because of the legacy issues (refusals to relinquish bin ownership of files in /bin and /usr/bin) and one for too much desire to cater to new users at the expense of security (setuid root ppp/sliplogin... Why can't these be setgid uucp to open the modem device?) If the developers handled these two issues, I think I'd upgrade my rating to a 9.5. :-) -- Nate Lawson "There are a thousand hacking at the branches of CPE Senior evil to one who is striking at the root." CSL Admin -- Henry David Thoreau, 'Walden', 1854