suid bit files and securing FreeBSD

[Matthew Graybosch]

> Second question is: Has anybody an exact wizard, how to secure
> the FreeBSD machine. Imagine the situation, the only person who
> can do anything on that machine is me, and nobody other. I have
> set very restrictive firewalling, I have removed ALL tty's except
> two local tty's (I need to work on that machine), but there are
> still open port 25 and 53 (must be forever), so someone very
> tricky can compromite my machine.
>
> I'm a little bit paranoic, don't I :-)))))))

Uhm, yes, you *are* just a wee bit paranoid. But it helps to be 
paranoid if you're root on somebody else's machine. Great power and 
great responsibility, right?

But if you're concerned with security uber alles, I'm surprised you 
didn't look into OpenBSD first. According to their site 
(openbsd.org), they've had "only one remote hole in the default 
install, in more than 7 years!"

FreeBSD certainly can be secured, but it appears that the developers 
put performance and reliability first, and then security. Theo de 
Raadt puts security first.

-- 
Matthew Graybosch
http://www.starbreaker.net
"I am become root, shatterer of kernels."