From owner-freebsd-security  Fri Aug  1 22:01:32 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA02161
          for security-outgoing; Fri, 1 Aug 1997 22:01:32 -0700 (PDT)
Received: from python.shoal.net.au (perrya@python.shoal.net.au [203.26.44.5])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA02150
          for <freebsd-security@FreeBSD.ORG>; Fri, 1 Aug 1997 22:01:24 -0700 (PDT)
Received: from localhost (perrya@localhost)
	by python.shoal.net.au (8.8.6/8.8.5) with SMTP id PAA04620;
	Sat, 2 Aug 1997 15:00:35 +1000 (EST)
Date: Sat, 2 Aug 1997 15:00:34 +1000 (EST)
From: Andrew <perrya@python.shoal.net.au>
To: yossman <yossman@yoss.canweb.net>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: security hole in FreeBSD
In-Reply-To: <Pine.BSF.3.95q.970731115903.9474U-100000@yoss.canweb.net>
Message-ID: <Pine.BSI.3.95.970802145234.3603B-100000@python.shoal.net.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

So write one :-)
I'm sure that if you wrote the things you do and submitted it for comment 
you could end up with a relatively complete document. Probably wouldn't be
a substitute for reading a few of the recommended books but it might be
somewhere to start.

Andrew Perry
andrew@shoal.net.au


 On Thu, 31 Jul 1997, yossman wrote:

> On Tue, 29 Jul 1997 sthaug@nethelp.no wrote:
> 
> > I like the FreeBSD distributions - but I would be much happier if there
> > was an easy way to make a system more secure. For instance a document
> > which told you:
> > 
> > - These files are only necessary if you need functionality X (uucp is
> > an example here). If you don't need functionality X, they can be safely
> > removed.
> 
> [...]
> 
> i would be VERY happy if such a document was released and was reasonably
> complete.  setting up a new unix machine takes me at least a week of
> futzing around with security-related issues before i'm satisfied it's
> ready to be used with some assurance it's not going to be easily broken.
> having such a document as an additional information source would be
> awesome.
> 
> 
> yossman
> 
> ------------------------------------------------------------------------
> Yossarian Holmberg (yossman)             yossman@canweb.net
> System Administrator, National Online    http://www.canweb.net/~yossman/
> my statements are my own, not my employer's -- i do not speak for them.
> 
> '... and if i die, before i learn to speak .. can money pay for all the
> days i've lived awake but half asleep?' -- Primitive Radio Gods,
> "Standing Outside a Broken Phone Booth With Money In My Hand"
> 
> 
>