FreeBSD Security Survey

Constant, Benjamin bconstant at
Mon May 22 00:27:23 PDT 2006


We don't use binary update as we use custom kernels.
We're using portaudit for security flaw with the installed ports but I don't
think there is any equivalent for the base and kernel? I'm subscribed and 
I'm monitoring the FreeBSD Security Advisories mailing-list but there is (as
far as I know) no easy system like portaudit to compare you installed base
and kernel source tree against security advisories. Are there best practices
in this area knowing that all my system are not running the same level of
patches and non of them are running something else then -STABLE? I'll
probably switch from -STABLE to -RELENG in the future (was not possible in
the beginning as features we're looking for were only in -STABLE) and apply
security fixes but I think it won't change the amount of work to perform
compared to a non source based operating system.


Benjamin Constant

> -----Original Message-----
> From: owner-freebsd-stable at [mailto:owner-freebsd-
> stable at] On Behalf Of Colin Percival
> Sent: lundi 22 mai 2006 5:55
> To: freebsd security; FreeBSD Stable
> Subject: FreeBSD Security Survey
> Dear FreeBSD users and system administrators,
> While the FreeBSD Security Team has traditionally been very good at
> investigating and responding to security issues in FreeBSD, this only
> solves half of the security problem: Unless users and administrators
> of FreeBSD systems apply the security patches provided, the advisories
> issued accomplish little beyond alerting potential attackers to the
> presence of vulnerabilities.
> The Security Team has been concerned for some time by anecdotal reports
> concerning the number of FreeBSD systems which are not being promptly
> updated or are running FreeBSD releases which have passed their End of
> Life dates and are no longer supported. In order to better understand
> which FreeBSD versions are in use, how people are (or aren't) keeping
> them updated, and why it seems so many systems are not being updated, I
> have put together a short survey of 12 questions. The information gathered
> will inform the work done by the Security Team, as well as my own personal
> work on FreeBSD this summer.
> If you administrate system(s) running FreeBSD (in the broad sense of "are
> responsible for keeping system(s) secure and up to date"), please visit
> and complete the survey below before May 31st, 2006.
> Thanks,
> Colin Percival
> FreeBSD Security Officer
> _______________________________________________
> freebsd-stable at mailing list
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at"

The information contained in this transmission may contain privileged and
confidential information.  It is intended only for the use of the
person(s) named above. If you are not the intended recipient, you are
hereby notified that any review, dissemination, distribution or
duplication of this communication is strictly prohibited. If you are not
the intended recipient, please contact the sender by reply email and
destroy all copies of the original message.

More information about the freebsd-stable mailing list