Root exploit for FreeBSD
Robert Huff
roberthuff at rcn.com
Fri Dec 11 13:19:45 UTC 2009
Paul Schmehl writes:
> >> And from I understand it's going to get worse.
> >> Apparently the IT services are drawing up
> >> plans to completely forbid use of "non-autorized"
> >> OS. I imagine fbsd will not be authorized.
> >> So I'm anticipating another battle already.
> >
> > Does this extend to computers used for academic research, student
> > owned computers being used on campus, etc?
> >
> > Perhaps it's because we're conditioned to think this way but a lot of
> > us at universities in the US see a lot of this as being commonplace
> > and to *not* do them is generally considered bad security practice.
> >
>
> This last part is surprising to me. Not only are we not
> Windows-centric, the very idea of not allowing a diversity of
> OSes is foreign to our operation. We are a heavy Solaris shop
> (as are many universities), have a good amount of Suse and RHEL
> and far less Windows servers exposed to the Internet. At the
> desktop users may install whatever they want, so long as it's
> maintained properly (which we audit routinely) and used in an
> acceptable manner (which you agree to when you get an account.)
> We have just about every OS you can imagine, including some you
> wouldn't believe still exist.
I haven't worked directly with academic IT in decades ... but I
live in Boston, which has the highest concentration of colleges on
the planet, and talk to peopke who do.
If any of the major local colleges tried to ban non-Windows OSs
as either or desktop, the only question would be who got to IT
first - the students with the stakes and holy water, or the
professors with the tar and feathers.
On the other hand a well considered security policy specifying
ends and not means, and accompanied by end-user detection/correction
mechanisms, would be adopted quite happily.
Robert Huff
More information about the freebsd-questions
mailing list