From owner-freebsd-security Sat Dec 1 11:37:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail1.zer0.org (klapaucius.zer0.org [204.152.186.45]) by hub.freebsd.org (Postfix) with ESMTP id B61B737B405 for ; Sat, 1 Dec 2001 11:37:04 -0800 (PST) Received: by mail1.zer0.org (Postfix, from userid 1001) id 94181239A06; Sat, 1 Dec 2001 11:37:04 -0800 (PST) Date: Sat, 1 Dec 2001 11:37:04 -0800 From: Gregory Sutter To: Colin Percival Cc: security@FreeBSD.ORG Subject: Re: philosophical question... Message-ID: <20011201113704.F96703@klapaucius.zer0.org> References: <200112011642.JAA09819@lariat.org> <5.0.2.1.1.20011201171925.035156f8@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="O98KdSgI27dgYlM5" Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20011201171925.035156f8@popserver.sfu.ca> User-Agent: Mutt/1.3.22.1i Organization: Zer0 X-Purpose: For great justice! Mail-Copies-To: poster Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --O98KdSgI27dgYlM5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2001-12-01 17:31 +0000, Colin Percival = wrote: > At 17:22 01/12/2001 +0100, Extended Laurent Fabre wrote: > >Seems like an OpenBSD feature :P > > > >But from a security point of view, if an attacker can guess > >the random seed, i can't see the protection offered... > >It will just raise the number of brute force attacks... >=20 > Still, I have to agree that this sounds pretty OpenBSDish... looking at= =20 > the BSDs as a whole I'd say it would make sense for this to be added into= =20 > OpenBSD first and ported to FreeBSD once it has proved itself. Aren't you both putting the cart before the horse? Just because OpenBSD bill themselves as particularly security-conscious doesn't mean that nobody else is allowed to improve security. I'd also much rather be targeted with a brute-force attack against my malloc than with the pinpoint accuracy that has compromised wu-ftpd and dlmalloc. Let's stop the empty rhetoric and concentrate on what can help improve FreeBSD security. Greg --=20 Gregory S. Sutter "I think not," said Descartes... mailto:gsutter@zer0.org and promptly disappeared. http://www.zer0.org/~gsutter/ =20 hkp://wwwkeys.pgp.net/0x845DFEDD =20 --O98KdSgI27dgYlM5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQE8CTFgIBUx1YRd/t0RAhrYAKCO0poV5KUbo8cVeUj+lYrExqMV4QCdH3qK dT9e3dp7SL8UhuIOpqvJqx0= =IaFb -----END PGP SIGNATURE----- --O98KdSgI27dgYlM5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message