From owner-freebsd-security Thu Aug 8 05:32:14 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA04242 for security-outgoing; Thu, 8 Aug 1996 05:32:14 -0700 (PDT) Received: from ec.camitel.com ([206.231.123.130]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA04237 for ; Thu, 8 Aug 1996 05:32:12 -0700 (PDT) Received: from jaba.ec.camitel.com (m0.ec.camitel.com [206.231.123.150]) by ec.camitel.com (8.7.5/8.7.3) with SMTP id IAA16548; Thu, 8 Aug 1996 08:30:49 GMT Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-ID: X-Mailer: XFMail 0.5-alpha [p0] on FreeBSD In-Reply-To: <199608071632.JAA02642@kdat.calpoly.edu> Date: Wed, 07 Aug 1996 23:42:50 -0000 () Organization: Labyrinthe Bbs 8-) From: Luc Chamberland To: Nathan Lawson Subject: RE: Two problems I have with FreeBSD security Cc: freebsd-security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On 07-Aug-96 Nathan Lawson wrote: >>> >I'm actually interested in a 'secure' release of FreeBSD, with daemons not >> >running as root, no complicated mailers, few to no setuid binaries -- in >> >essence, what I do to my FreeBSD systems as soon as I install them. >> > >> >Unfortunately, I have recently started a very demanding job and do not have >> >the time to contribute to such a project. My apologies. >> >> The FreeBSD on a scale of 10, how many points do you gives for security? >> FreeBSD seems insecure for you!, this is same for all intruders!!!! > >I'd give FreeBSD an 8. Usually, patches for security holes come out very >quickly, and the developers are reachable. I took one point off of ten >because of the legacy issues (refusals to relinquish bin ownership of files >in /bin and /usr/bin) and one for too much desire to cater to new users at >the expense of security (setuid root ppp/sliplogin... Why can't these be >setgid uucp to open the modem device?) > >If the developers handled these two issues, I think I'd upgrade my rating to >a 9.5. :-) > In this case, where you cut off the last .5???? 8-) and how much do you give t o Unix System V release 4 and why? HAve a nice day Wolfrider >-- >Nate Lawson "There are a thousand hacking at the branches of >CPE Senior evil to one who is striking at the root." >CSL Admin -- Henry David Thoreau, 'Walden', 1854 []-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=--=-=-=-=-=[] | E-Mail : Luc Chamberland | Date: 08/07/96 | Time: 23:42:50 | Programmeur, Electro-Conception []-=-=-=-=-=-=-=-=--=-=-=-=--=-=-=-=-=-=-=-=-=[] Il n'y a pas de jours sans bonheur.... Il n'y a que des jours ou nous sommes aveugles! ur, Electro-Conception []-=-=-=-=-=-=-=-=--=-=-=-=--=-=-=-=-=-=-=-=-=[] Il n'y a pas de jours sans bonheur.... Il n'y a que des jours ou nous sommes aveugles!