Date: Mon, 18 Oct 1999 10:01:22 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: tom brown <tmcb1971@yahoo.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: General securiy of vanilla install WAS [FreeSSH] Message-ID: <Pine.BSF.4.10.9910180940240.50020-100000@anchovy.orem.iserver.com> In-Reply-To: <19991017043046.5909.rocketmail@web115.yahoomail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 16 Oct 1999, tom brown wrote: > It's a mean world out there, and FreeBSD is a good contender as > security goes, but not straight out of the box! I think this borders more on hyperbole. What is it "straight out of the box" that strikes you as so insecure? When was the last time that a daemon considered "part of FreeBSD" (i.e. not one of the ports) had a remote root vulnerability? And what about local root vulnerabilities? The fts-bug-and-core-dumping-follows-symbolic-links hole was the last one in recent memory, but how would restricting what gets installed at installation time have affected that in any way? Just saying something like "I have X number of SUID/SGID programs installed or Y number of daemons running from inetd on my fresh vanilla install so I am insecure" makes it sound scary, but how many exploits do you have for each of those? And if you're advanced enough to be reading this list, then you'd be advanced enough to turn off services you don't need (which is always a good idea). I feel that the vanilla install strikes a delicate balance between security and usability. Inexperienced users will have enough running to see how FreeBSD works without undue exposure, and experienced users have only a few things to turn off if they're worried about them. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910180940240.50020-100000>