From owner-freebsd-security@FreeBSD.ORG Sat Jul 26 10:35:48 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 872B437B407 for ; Sat, 26 Jul 2003 10:35:48 -0700 (PDT) Received: from ns.pro.sk (proxy.pro.sk [195.80.161.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6B3943F75 for ; Sat, 26 Jul 2003 10:35:46 -0700 (PDT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.11.3/8.11.3) with SMTP id h6QHZjE99342; Sat, 26 Jul 2003 19:35:45 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <011501c3539c$462c0740$3501a8c0@pro.sk> From: "Peter Rosa" To: "Peter Rosa" Date: Sat, 26 Jul 2003 19:35:15 +0200 Organization: PRO, s.r.o. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 cc: FreeBSD Security Subject: Re: suid bit files and securing FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 17:35:49 -0000 Of course, I wanted to say not OPTION but CHOICE :-) Peter Rosa ----- Original Message ----- From: "Peter Rosa" To: Cc: "FreeBSD Questions" Sent: Saturday, July 26, 2003 7:33 PM Subject: Re: suid bit files and securing FreeBSD > Hello Matthew, > > thank you very much. It's excatly you say. FreeBSD is my option because of > "historical reasons". Someone has installed it for me two years ago, and now > I love it (he installed it after two hacks and two reinstallations of RedHat > Linux [I don't want to say, RHL is not good, but FBSD is better :-) {now I > see the storm, like with I'm christian...... mail to this list :-))) } ] ). > > Wow, such a short sentence I just produced :-) > > Peter Rosa > > > ----- Original Message ----- > From: "Matthew Graybosch" > To: "Peter Rosa" > Cc: > Sent: Saturday, July 26, 2003 7:22 PM > Subject: Re: suid bit files and securing FreeBSD > > > > > > > Second question is: Has anybody an exact wizard, how to secure > > > the FreeBSD machine. Imagine the situation, the only person who > > > can do anything on that machine is me, and nobody other. I have > > > set very restrictive firewalling, I have removed ALL tty's except > > > two local tty's (I need to work on that machine), but there are > > > still open port 25 and 53 (must be forever), so someone very > > > tricky can compromite my machine. > > > > > > I'm a little bit paranoic, don't I :-))))))) > > > > Uhm, yes, you *are* just a wee bit paranoid. But it helps to be > > paranoid if you're root on somebody else's machine. Great power and > > great responsibility, right? > > > > But if you're concerned with security uber alles, I'm surprised you > > didn't look into OpenBSD first. According to their site > > (openbsd.org), they've had "only one remote hole in the default > > install, in more than 7 years!" > > > > FreeBSD certainly can be secured, but it appears that the developers > > put performance and reliability first, and then security. Theo de > > Raadt puts security first. > > > > -- > > Matthew Graybosch > > http://www.starbreaker.net > > "I am become root, shatterer of kernels." > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > >