From owner-freebsd-security  Fri Jun 18 16:47:58 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lazlo.internal.steam.com (lazlo.steam.com [199.108.84.37])
	by hub.freebsd.org (Postfix) with ESMTP id 163C614CE5
	for <freebsd-security@FreeBSD.ORG>; Fri, 18 Jun 1999 16:47:41 -0700 (PDT)
	(envelope-from cliff@steam.com)
Received: from lazlo.internal.steam.com (cliff@lazlo.internal.steam.com [192.168.32.2])
	by lazlo.internal.steam.com (8.9.3/8.9.3) with ESMTP id QAA78688;
	Fri, 18 Jun 1999 16:48:28 -0700 (PDT)
Date: Fri, 18 Jun 1999 16:48:28 -0700 (PDT)
From: Cliff Skolnick <cliff@steam.com>
X-Sender: cliff@lazlo.internal.steam.com
To: Frank Tobin <ftobin@bigfoot.com>
Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG>
Subject: Re: securelevel descr
In-Reply-To: <Pine.BSF.4.10.9906181815330.58049-100000@srh0710.urh.uiuc.edu>
Message-ID: <Pine.BSF.4.10.9906181642561.6218-100000@lazlo.internal.steam.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


While I don't think the pain would be worth it for a general purpose office
server, it would have it's place in the embeded world or as a border
firewall.  Typically these machine change rarely and have very few ports
open.  You really want this type of box to be secure.


I would say something about a shell system here too, but I don't want to
give anyone hope of securing a shell system with untrusted users. :)

Cliff

On Fri, 18 Jun 1999, Frank Tobin wrote:

> Harry M. Leitzell, at 19:09 on Fri, 18 Jun 1999, wrote:
> 
> > 	Correct me if I am wrong, but that would make admining a running
> > machine a rather large pain in the ass if every time a daemon stopped and
> > had to be restarted you would have to reboot.
> 
> Well, 1) how often do you have daemons crash?  2)  use inetd.
> 
> -- 
> Frank Tobin			"To learn what is good and what is to be
> http://www.bigfoot.com/~ftobin	 valued, those truths which cannot be
> 				 shaken or changed." Myst: The Book of Atrus
> FreeBSD: The Power To Serve
> 
> PGPenvelope = GPG and PGP5 + Pine             PGP:  4F86 3BBB A816 6F0A 340F
> http://www.bigfoot.com/~ftobin/resources.html       6003 56FF D10A 260C 4FA3
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

--
Cliff Skolnick          | "They that can give up essential liberty to obtain
Steam Tunnel Operations |  a little temporary safety deserve neither liberty
cliff@steam.com         |  nor safety."
http://www.steam.com/   |                   -- Benjamin Franklin, 1759



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message