FreeBSD Security Advisory FreeBSD-SA-14:31.ntp
Dan Lukes
dan at obluda.cz
Sat Dec 27 00:21:22 UTC 2014
On 12/26/14 23:35, Darren Pilgrim:
>>>> IV. Workaround
>>>> No workaround is available,
>> We talk explicitly about the base system, not about ports. We never
>> mentioned them and I do not see a reason to start doing so.
> I don't understand why you wouldn't.
Hm ...
We can turn off vulnerable service.
We can replace vulnerable software by another, non vulnerable.
We can leave vulnerable service running, but block access to it.
Security advisory is advisory. An administrator should make own
decisions based on it.
I'm pretty sure the system administrators are recognizing those obvious
things despite not mentioned explicitly. It require basic skills only.
I disagree that obvious things should be enumerated in SA. The SA should
be short and readable.
In advance, Security Officer should not recommend other software as
secure replacement unless he consider it secure. Such analysis take a
lot of time and it will cause unacceptable delay of SA.
Just my $0.02
Dan
More information about the freebsd-security
mailing list