From owner-freebsd-hackers Thu Feb 8 12:11:57 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp.interlog.com (bretweir.total.net [154.11.89.176]) by hub.freebsd.org (Postfix) with SMTP id 38D8937B6AB for ; Thu, 8 Feb 2001 12:11:39 -0800 (PST) Received: (qmail 23703 invoked from network); 8 Feb 2001 20:11:37 -0000 Received: from unknown (HELO vws3.interlog.com) (207.34.202.29) by bretweir.total.net with SMTP; 8 Feb 2001 20:11:37 -0000 Received: by vws3.interlog.com (8.9.0/8.9.0) id PAA29813; Thu, 8 Feb 2001 15:11:37 -0500 (EST) Date: Thu, 8 Feb 2001 15:11:37 -0500 (EST) Message-Id: <200102082011.PAA29813@vws3.interlog.com> To: freebsd-hackers@freebsd.org From: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ============================================================================= FreeBSD-SA-01:INSERT_NUMBER_HERE Security Advisory FreeBSD, Inc. Topic: FreeBSD on record to set most advisory releases for year 2001 Category: All Announced: 2001-02-07 Credits: sil@loopback.antioffline.com http://www.antioffline.com Vendor status: Developers sleeping right now FreeBSD only: Yes I. Background FreeBSD is the most robust chopperating sysdumb in the world and we mean it. Our TCP stack will kick your TCP stacks hynee. Currently we are releasing an advisory every 1.95 days which means we are bound to surpass Microsoft. II. Problem Description We normally do not assess security when creating the ports distribution often allowing anyone to build any program we decide to run in the ports directory. Recently we have noticed that we can no longer fool users into thinking because we provide checksumming for the programs, that they will be secure. Unlinke other operating systems and the developers of them who audit their ports, we feel it is not our problem if someone accessess your system because we're too lazy to do things right the first time. III. Impact Obviously anyone can end up control your machine or worse. IV. Workaround We will not be mentioning the ultra secure OpenBSD operating system since we feel it is not our problem and does not help to promote a better OS than our own. V. Solution One of the following: 1) Rub a magic lamp and wait for the security genie to fix it. 2) Download NSA Linux so you too can have miniscule backdoors in it which you won't see. 3) Pray to the hacker god Kevin Mitnick for assistance. 4) Install a more secure O(penBSD)S NOTE: FreeBSD developers are now red faced VI. Shouts Hard Lee Strange Mike Hunt Ivana Swallows Mike Hock Dick Famous Kathie Lee Gifford To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message