From owner-freebsd-security@FreeBSD.ORG Tue May 23 02:39:45 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 985CC16A4C1 for ; Tue, 23 May 2006 02:39:45 +0000 (UTC) (envelope-from claim@rinux.net) Received: from rinux.net (rinux.net [81.169.157.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2478043D45 for ; Tue, 23 May 2006 02:39:45 +0000 (GMT) (envelope-from claim@rinux.net) Received: from localhost (localhost [127.0.0.1]) by rinux.net (Postfix) with ESMTP id 5D2A935309C; Tue, 23 May 2006 04:39:43 +0200 (CEST) X-Virus-Scanned: by amavisd-new using F-Prot/ClamAV at rinux.net Received: from rinux.net ([127.0.0.1]) by localhost (rinux.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8i10vaQQHM7; Tue, 23 May 2006 04:39:39 +0200 (CEST) Received: from [10.0.0.3] (i53878CFC.versanet.de [83.135.140.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rinux.net (Postfix) with ESMTP id 59A7135307B; Tue, 23 May 2006 04:39:39 +0200 (CEST) Message-ID: <447275EA.10505@rinux.net> Date: Tue, 23 May 2006 04:39:38 +0200 From: Clemens Renner User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Peter Jeremy References: <20060522152011.10728.qmail@do.sefao.com> <20060522192350.GB712@turion.vk2pj.dyndns.org> In-Reply-To: <20060522192350.GB712@turion.vk2pj.dyndns.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd security Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 02:39:46 -0000 > Finally, it only takes one security failure in the update process for > someone undesirable to "own" all the FreeBSD machines that have been > left in this default mode. Despite the best efforts of FreeBSD > developers, FreeBSD will always contain bugs and some of them will > be security holes. Any automatic update process needs to balance > the benefits of reducing the number of unpatched boxes against the > risks of the update system being subverted. I couldn't agree more. One of the major problems with unattended/automatic updating is that it is hard to filter them. I don't install updates on a system that doesn't _need_ them. I think that the solution to this problem lies in a reliable and comprehensive notification mechanism for admins that tells them to upgrade once some part (base or ports) of the system is vulnerable to attacks. And as a second part of the solution, I'd like to see handy tools to ease the actual upgrading process for the admin. The notification mechanism is okay via mailing lists, although that requires an admin to memorize a list of installed packages/ports which can be a pain with lots of boxes to take care of. Personally, I like the way portaudit works, notifying me (via the daily run) of any pending issues. It's a very effective system mainly because it keeps nagging you every day and makes it hard to forget about an issue that still applies. In a different corner is portupgrade which basically constitutes a highly usable tool but has minor annoyances that really complicate things. For example, when upgrading MySQL -- even with mysql_enable=YES in rc.conf, portupgrade will stop the sever but not restart it. Is there any plausible reason for this behaviour? I can't think of any. In fact, I resort to # portupgrade mysql-server && /usr/local/etc/rc.d/mysql restart which is really annyoing if a lot of services will be upgraded that aren't automatically restarted. This would be a good thing to take care of. All in all: FreeBSD is my system of choice for servers, Gentoo for workstations (which is pretty much like a Linux-flavoured FreeBSD). Especially due to the still almost painless way of keeping the system current. Cheers Clemens