From owner-freebsd-stable Fri Apr 17 11:18:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA18789 for freebsd-stable-outgoing; Fri, 17 Apr 1998 11:18:13 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from set.spradley.tmi.net (set.spradley.tmi.net [207.170.107.99]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA18621; Fri, 17 Apr 1998 18:17:57 GMT (envelope-from tsprad@set.spradley.tmi.net) Received: from localhost (set.spradley.tmi.net) [127.0.0.1] by set.spradley.tmi.net with esmtp (Exim 1.82 #2) id 0yQFh3-00071V-00; Fri, 17 Apr 1998 13:16:57 -0500 X-Mailer: exmh version 2.0zeta 7/24/97 To: Robert Watson cc: Dima Ruban , Matthew Hunt , stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions In-reply-to: Your message of "Fri, 17 Apr 1998 01:45:29 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 17 Apr 1998 13:16:56 -0500 From: Ted Spradley Message-Id: Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk Robert Watson writes: > With all this discussion of various things that might or might not improve > the security of a FreeBSD system, I'd like to propose the FreeBSD > Hardening Project. Good idea. [...] > Some other thoughts I had were instructions for rolling a custom system CD > + possibly a boot disk to create read-only machines for use as proxy > servers or routers. Swap + MFS would be the only writable areas of the > system, and neither of those would persist over boot. I think this is a *particularly* good idea. Much less to worry about if most if the important stuff is read-only or write-once-read-many. [...] > Robert N Watson > > > ---- > Carnegie Mellon University http://www.cmu.edu/ > Trusted Information Systems http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message