suid bit files and securing FreeBSD

Peter Rosa prosa at pro.sk
Sat Jul 26 10:35:49 PDT 2003 

Of course, I wanted to say not OPTION but CHOICE :-)

Peter Rosa


----- Original Message -----
From: "Peter Rosa" <prosa at pro.sk>
To: <matthew at starbreaker.net>
Cc: "FreeBSD Questions" <freebsd-questions at freebsd.org>
Sent: Saturday, July 26, 2003 7:33 PM
Subject: Re: suid bit files and securing FreeBSD


> Hello Matthew,
>
> thank you very much. It's excatly you say. FreeBSD is my option because of
> "historical reasons". Someone has installed it for me two years ago, and
now
> I love it (he installed it after two hacks and two reinstallations of
RedHat
> Linux [I don't want to say, RHL is not good, but FBSD is better :-) {now I
> see the storm, like with I'm christian...... mail to this list
:-))) } ] ).
>
> Wow, such a short sentence I just produced :-)
>
> Peter Rosa
>
>
> ----- Original Message -----
> From: "Matthew Graybosch" <matthew at starbreaker.net>
> To: "Peter Rosa" <prosa at pro.sk>
> Cc: <freebsd-questions at freebsd.org>
> Sent: Saturday, July 26, 2003 7:22 PM
> Subject: Re: suid bit files and securing FreeBSD
>
>
> >
> > > Second question is: Has anybody an exact wizard, how to secure
> > > the FreeBSD machine. Imagine the situation, the only person who
> > > can do anything on that machine is me, and nobody other. I have
> > > set very restrictive firewalling, I have removed ALL tty's except
> > > two local tty's (I need to work on that machine), but there are
> > > still open port 25 and 53 (must be forever), so someone very
> > > tricky can compromite my machine.
> > >
> > > I'm a little bit paranoic, don't I :-)))))))
> >
> > Uhm, yes, you *are* just a wee bit paranoid. But it helps to be
> > paranoid if you're root on somebody else's machine. Great power and
> > great responsibility, right?
> >
> > But if you're concerned with security uber alles, I'm surprised you
> > didn't look into OpenBSD first. According to their site
> > (openbsd.org), they've had "only one remote hole in the default
> > install, in more than 7 years!"
> >
> > FreeBSD certainly can be secured, but it appears that the developers
> > put performance and reliability first, and then security. Theo de
> > Raadt puts security first.
> >
> > --
> > Matthew Graybosch
> > http://www.starbreaker.net
> > "I am become root, shatterer of kernels."
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> >
>

More information about the freebsd-security mailing list