Date: Wed, 24 Apr 2002 05:21:49 -0700 From: David Schultz <dschultz@uclink.berkeley.edu> To: Terry Lambert <tlambert2@mindspring.com> Cc: Jochem Kossen <j.kossen@home.nl>, frank@exit.com, "Greg 'groggy' Lehey" <grog@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <20020424052149.A5289@HAL9000.wox.org> In-Reply-To: <3CC68910.453A3865@mindspring.com>; from tlambert2@mindspring.com on Wed, Apr 24, 2002 at 03:29:36AM -0700 References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl> <3CC5A7DC.FD06DC11@mindspring.com> <20020423222357.D3593@HAL9000.wox.org> <3CC68910.453A3865@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Terry Lambert <tlambert2@mindspring.com>: > David Schultz wrote: > > Aah...we'd better put uucp back in the base system, then. Never mind > > that it might have security problems that we don't know about. :P > > I can guarantee you that having a computer booted has security > problems that we don't know about, so the logical thing to do, > from that persepective, is to power everything off. > > 8^p back at ya... That would, of course, be impractical. If you want to take everything to extremes, the other option is to ignore security entirely. Statistically, it makes sense not to leave potentially insecure fluff lying around unless removing the fluff would be vastly inconvenient. The whole business of what is enabled by default is of particular concern because many FreeBSD users are not Unix gurus. You learned Unix before security was a major concern, but many people don't have that advantage. The defaults should afford a reasonable degree of security, and people should be able to turn on other features as they begin to understand them. I am not proposing to create a system that is virtually unusable by default, a la OpenBSD, but it is not unreasonable to disable by default a feature that most people do not use. People who want and understand the feature can turn it on easily enough. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020424052149.A5289>