FreeBSD Security in Multiuser Environments

Ian Smith smithi at nimnet.asn.au
Mon Apr 2 08:00:35 UTC 2012 

In freebsd-questions Digest, Vol 408, Issue 10, Message: 5
On Sat, 31 Mar 2012 21:05:00 +0700 Erich Dollansky <erichfreebsdlist at ovitrap.com> wrote:
 > On Saturday 31 March 2012 20:26:14 Julian H. Stacey wrote:
[..]
 > > Da Rock wrote:
 > > > On 03/31/12 17:46, Julian H. Stacey wrote:
[..]
 > > > > schultz at ime.usp.br wrote:
 > > > >> Hello,
 > > > >>
 > > > >> I would like to raise a discussion about the security features
 > > > >> of FreeBSD as a whole and how they might be employed to actually
 > > > >> derive some meaningful guarantees.

 > > > > We have a list specialy for freebsd-security at . Please use it.

I thought this to be sensible advice.  Before seeing that I'd thought of 
copying it to rwatson@ who I figured might take an interest due to his 
involvement with Capsicum, acl(3) and such, but he certainly reads that 
list anyway (and more than likely, not this one :)

 > > > Hang on, hold the phone: The security list (specifically) is for 
 > > > security announcements. At least that what it said when I subscribed to 
 > > > it...
 > > 
 > > Wrong.

Correct :)

 > > For list of mail lists see:
 > > 	http://lists.freebsd.org/mailman/listinfo
 > > 
 > > Specifically:
 > > 	freebsd-security at freebsd.org
 > > 	http://lists.freebsd.org/mailman/listinfo/freebsd-security
 > > 
 > > 	freebsd-security-notifications at freebsd.org
 > > 	http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications

 > this sounds very confusing for people who have simple question:
 > 
 > 'General system administrator questions of an FAQ nature are 
 > off-topic for this list, but the creation and maintenance of a FAQ is 
 > on-topic. Thus, the submission of questions (with answers) for 
 > inclusion into the FAQ is welcome. Such question/answer sets should 
 > be clearly marked as (at least "FAQ submission") such in the subject. 
 > '

schultz' post was nothing in the way of an FAQ issue, but a request for 
discussion of a wide range of system security issues, far indeed from a 
'simple question'.  Had you posted the two paragraphs before the one you 
quote above, this may have been a little clearer.  To wit:

"This is a technical discussion list covering FreeBSD security issues. 
The intention is for the list to contain a high-signal, low-noise 
discussion of issues affecting the security of FreeBSD.

"Welcome topics include Cryptography (as it relates to FreeBSD), OS bugs 
that affect security, and security design issues. Denial-of-service 
(DoS) issues are less important than problems that allow an attacker to 
achieve elevated privelige, but are still on-topic."

 > This sounds that 'schultz' would be wrong there.

Not at all Erich, quite the opposite in my view; as someone who's been 
subscribed to freebsd-security@ for 12 or so years, I look forward to 
seeing informed responses to some of schultz' issues.  In any event, 
{s,}he promptly took Julian's advice to post it there, where one aspect 
has already attracted responses from des@ and pjd@

The best way to get a good sense of what issues are acceptible and/or 
useful topics for which lists, without having to subscribe, is to browse 
a list's archives for several months.  Works for me.  In this case try:

http://lists.freebsd.org/pipermail/freebsd-security/

cheers, Ian

More information about the freebsd-questions mailing list