Root exploit for FreeBSD

Anton Shterenlikht mexas at bristol.ac.uk
Thu Dec 10 16:21:59 UTC 2009 

On Thu, Dec 10, 2009 at 09:51:22AM -0500, Bill Moran wrote:
> In response to Anton Shterenlikht <mexas at bristol.ac.uk>:
> 
> > >From my information security manager:
> > 
> > 	FreeBSD isn't much used within the University (I understand) and has a
> > 	(comparatively) poor security record. Most recently, for example:
> > 
> > 	http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
> 
> Are you trying to make your infosec guy look like an idiot?  Does he
> realize that FreeBSD has a grand total of 16 security problems for all
> of 2009?  Hell, Microsoft has that many in an average month.
> 
> If he can find something (other than OpenBSD) with a better record than
> that, I'd love to hear about it.

I was just stressed after being forced by him
to explain why I wanted firewall exceptions
for two ports to my FreeBSD portscluster nodes.
I explained the reasons and that was settled.

I wouldn't be surprised if I'm the sole fbsd user
at my Uni. The situation with computing is not
great and getting worse.

The Uni is, of course,
addicted to Microsoft, but having realised all
the problems with that, lately the policy has
been to deny (!) MS users admin access to their
own desktops. The situation is just ridiculous - 
if a MS user wants to install a piece of software
on their PC he/she has to ask for permission,
and then wait until some computer officer would
come and do install for them.

Also recently, well.. about a year ago, no
host (!) could be accessed from outside the
Uni firewall. Special exception has to be
obtained even for ssh. There is only one dedicated
sun server which accepts only ssh. The users
are supposed to dial to this frontend server
first, and from there to hosts on the local net.

Honestly, the situation is so bad that I 
sometimes wonder - perhaps it's me who is mad.
It seems IT services look at anybody who
wants to escape MS with suspicion at best.
 
I had to fight a long battle, well.. I had
some support from other academics, to have
a linux class in my Faculty. Here the
opposition wasn't so much security, as
"why would any undegraduate need linux",
as if MS solutions are a pinnacle of human thought.

And from I understand it's going to get worse.
Apparently the IT services are drawing up
plans to completely forbid use of "non-autorized"
OS. I imagine fbsd will not be authorized.
So I'm anticipating another battle already.

Perhaps I should start putting together
some statistics to make my case more forcefully.

many thanks for your support, as always

-- 
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423

More information about the freebsd-current mailing list