Ways to promote FreeBSD?
Giorgos Keramidas
keramida at ceid.upatras.gr
Wed May 2 14:00:52 UTC 2012
On Wed, May 2, 2012 at 2:33 PM, Richard Yao <ryao at cs.stonybrook.edu> wrote:
>On 05/02/12 04:55, Giorgos Keramidas wrote:
>> Judging from the amount of effort it takes to "harden" a system
>> that already starts a thousand services (typical "desktop Linux"
>> scenario these days), and the number of times I've seen this
>> sort of customization cause even more headaches, I'd say this
>> is a slightly exaggerated statement.
>
> You might be thinking of SELinux, which is not the only option for
> hardening.
Not really, no. I was referring to the practice of starting a gazillion
services by default, including dbus, avahi, ftp and http services,
file sharing components, and all the rest of the stuff that is now
commonly installed as part of a "Linux desktop". SELinux is indeed
one form of hardening, but I wasn't referring specifically to it; exactly
the opposite, in fact.
>> You are right that a "plain user" does not care about why their
>> CD-ROM is not accessible after installation, but there are two
>> different ways to approach this:
>>
>> - Install and enable everything by default, hoping that nothing
>> bad happens when an unused service is exploitable.
>> - Install a minimal system and build from there.
>>
>> Most Linux distributions pick the first option. _Some_ Linux
>> distributions pick the second option (e.g. Gentoo).
>
> You might be thinking of Gentoo Linux, rather than Gentoo. The term
> Gentoo also covers Gentoo/FreeBSD and Gentoo Prefix. Gentoo/FreeBSD
> replaces the Linux kernel and GNU userland with FreeBSD while Gentoo
> Prefix provides a userland package manager to UNIX-compatible systems:
Gentoo Linux is what I was talking about. It's one of the distributions
that does lean towards the "install only what is necessary" side of the
spectrum.
The main point is not whether Gentoo/Linux or Gentoo/BSD is the
best color for the particular bikeshed though. It was that one _has_
the option both with Linux and BSD as a base to implement both
types of installations. Hardening can be either an install-time
property or an after-effect. It's really not OS-dependent at all.
More information about the freebsd-hackers
mailing list