From owner-freebsd-advocacy Wed Sep 20 12:54:41 2000 Delivered-To: freebsd-advocacy@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 27A0D37B423; Wed, 20 Sep 2000 12:54:35 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 20 Sep 2000 12:53:03 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8KJs5D23187; Wed, 20 Sep 2000 12:54:05 -0700 (PDT) (envelope-from cjc) Date: Wed, 20 Sep 2000 12:54:05 -0700 From: "Crist J . Clark" To: Jordan Hubbard Cc: Laurence Berland , Bill Fumerola , clefevre@citeweb.net, Akbar , freebsd-advocacy@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: wats so special about freeBSD? Message-ID: <20000920125405.D22272@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <99016.969437392@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <99016.969437392@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Wed, Sep 20, 2000 at 01:09:52AM -0700 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Sep 20, 2000 at 01:09:52AM -0700, Jordan Hubbard wrote: > > (a) "They have done the big code audit." (You got that one.) > > (b) They ship a secure default. > > > > Not FreeBSD, nor any other open source OS I am aware of, has done > > (a). FreeBSD sacrifices (b) for having some stuff work "out of the > > box." > > I'd appreciate more specifics. I think (a) is largely a perceptual > advantage since software never stands still and I have to wonder just > how much of a "rolling audit" any project of a largely voluntary > nature can consistently manage. Since FreeBSD and OpenBSD share any "rolling audit" issues, it cannot be used as a factor to compare them. But OpenBSD went back and did the line-by-line audit of legacy code. Yes, bugs got past them, but a real audit is done by people (despite what some say about Theo) and people are going to miss some of them. And yes, I can only take their word for it. FreeBSD has made significant efforts to audit security-related code, but there is no denying that it has not has been as comprehensive as the OpenBSD effort or that it has had the same priority level. Again, FreeBSD is a darn secure system (relatively). In fact, the base OS /may/ be pretty much just as secure as OpenBSD. But one needs an audit to backup any such claim, and OpenBSD is the one that has the audit. Without an audit one has no way to really compare the security except for gut feel and notoriously unreliable exploit statistics. If I am behind on my facts (I thought FreeBSD had a security audit webpage, but I cannot find it now) or have been mislead, please let me know. > As for (b), I think FreeBSD has > already made some very sensible decisions there and would very much > appreciate knowing just where you think it's failed to do so, using > -current as a baseline if possible since there's not much point in > arguing about default security policies which have already been > changed. From a review of /etc/defaults/rc.conf, 5.0-CURRENT has turned off the three biggies that I didn't like the default YES, inetd_enable="NO" sendmail_enable="NO" portmap_enable="NO" But I assume /stand/sysinstall will ask if these should be turned on. This is good. One thing that, IMHO, should still be changed. Everything in /etc/inetd.conf should be turned off, i.e. commented out. Yes, in spite of the fact inetd is not on by default, you still should need to explicitly turn on each service inetd runs. And if one were to get really paraniod (and it is my job to be these days), /proc should not be put in a sysinstall generated fstab without warning the user due to its checkered security history (and it may just give out a little too much info to the mortal user). But I have not been able to examine 5.0-CURRENT enough to see how this is handled. It may do this for all I know. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message