suid bit files and securing FreeBSD

Peter Rosa prosa at pro.sk
Sat Jul 26 10:33:44 PDT 2003 

Hello Matthew,

thank you very much. It's excatly you say. FreeBSD is my option because of
"historical reasons". Someone has installed it for me two years ago, and now
I love it (he installed it after two hacks and two reinstallations of RedHat
Linux [I don't want to say, RHL is not good, but FBSD is better :-) {now I
see the storm, like with I'm christian...... mail to this list :-))) } ] ).

Wow, such a short sentence I just produced :-)

Peter Rosa


----- Original Message -----
From: "Matthew Graybosch" <matthew at starbreaker.net>
To: "Peter Rosa" <prosa at pro.sk>
Cc: <freebsd-questions at freebsd.org>
Sent: Saturday, July 26, 2003 7:22 PM
Subject: Re: suid bit files and securing FreeBSD


>
> > Second question is: Has anybody an exact wizard, how to secure
> > the FreeBSD machine. Imagine the situation, the only person who
> > can do anything on that machine is me, and nobody other. I have
> > set very restrictive firewalling, I have removed ALL tty's except
> > two local tty's (I need to work on that machine), but there are
> > still open port 25 and 53 (must be forever), so someone very
> > tricky can compromite my machine.
> >
> > I'm a little bit paranoic, don't I :-)))))))
>
> Uhm, yes, you *are* just a wee bit paranoid. But it helps to be
> paranoid if you're root on somebody else's machine. Great power and
> great responsibility, right?
>
> But if you're concerned with security uber alles, I'm surprised you
> didn't look into OpenBSD first. According to their site
> (openbsd.org), they've had "only one remote hole in the default
> install, in more than 7 years!"
>
> FreeBSD certainly can be secured, but it appears that the developers
> put performance and reliability first, and then security. Theo de
> Raadt puts security first.
>
> --
> Matthew Graybosch
> http://www.starbreaker.net
> "I am become root, shatterer of kernels."
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list