freebsd Re: Alternate DNS resolvers
George Georgalis
george at galis.org
Thu Mar 21 12:14:34 PST 2002
cvsup and make update make FreeBSD easier to maintain than linux.
// George
On Thu, Mar 21, 2002 at 11:46:07AM -0800, Tracy R Reed wrote:
>On Thu, Mar 21, 2002 at 11:40:12AM -0800, John H. Robinson, IV wrote:
>> i don't think that ssh is part of the ``base'' OpenSSH installation.
>>
>> once you go beyond OpenSSH's ``base' you are no longer covered by their
>> ``No exploits in the default install in three years'' or some other such
>> nonsense.
>
>I see. Unfortunately, "base" installations are rarely useful.
>
>> HOWEVER, OpenBSD also does some other things, like an _encrypted_ swap
>> partition. so things like gpg don't have to be suid root just to use
>> secure memory (because if gpg gets swapped out, who cares? it's
>> encrypted anyway!)
>
>That's neat. I'm most interested in solving the most often exploited
>problems first and I don't know of anyone who has ever had a gpg key
>stolen from their swap.
>
>This is why I think SE Linux will have a far greater and more practical
>impact on security. Even if you get root through a flawed daemon (which we
>have seen happen countless times) it doesn't buy you much and doesn't
>compromise the entire system.
>
>--
>Tracy Reed http://www.ultraviolet.org
>Sorry, please try again. Thank you for taking the Turing test.
>--
> http://www.kernel-panic.org
> list archives http://www.ultraviolet.org
> To unsubscribe, send a message to the address shown in the list-unsubscribe
> header of this message.
--
GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229
Security Services, Web, Mail, mailto:george at galis.org
File, Print, DB and DNS Servers. http://www.galis.org/george
More information about the KPLUG-List
mailing list