Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!msunews!agate!nickkral From: nickkral@parker.EECS.Berkeley.EDU (Nick Kralevich) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: What OS for an ISP to use? Date: 15 Nov 1995 18:28:42 GMT Organization: Electrical Engineering Computer Science Department, University of California at Berkeley Lines: 38 Message-ID: <48dbgq$g4s@agate.berkeley.edu> References: <1995Nov15.130421.1503@hobbes.kzoo.edu> NNTP-Posting-Host: parker.eecs.berkeley.edu In article <1995Nov15.130421.1503@hobbes.kzoo.edu>, Kirby Baker <k060639@hobbes.kzoo.edu> wrote: >If anyone could point me to some documentation that would discuss the >security of freebsd (and linux for that matter) i would greatly >appreciate it. I know that cdrom.com uses freebsd, but i dont want to >have to tweak the OS very much, i want to install it and go! If your interested in security, Linux has mailing lists and WWW sites dedicated to security under Linux. Check out: http://bach.cis.temple.edu/linux/linux-security/ mailing lists: linux-security@linux.nrao.edu linux-alert@linux.naro.edu Most of the security problems in the Linux community are the result of applications, not kernel holes. The only exception that I can think of is the /proc/ related security holes that existed in the early 1.3.* linux kernels, but which are fixed in the latest versions. Does FreeBSD have any security related WWW sites or mailing lists? Also, security coverage under Linux appears to be more extensive than under FreeBSD. For example, there was wide coverage in the Linux groups and the Linux security mailing lists, regarding the telnetd environment variable security hole (see comp.security.announce for more information). Even those this problem effected FreeBSD, there was no discussion in c.u.b.f.m regarding this. (Note: this might be due to the wording of the announcement. I suggest reading the alert message before following up to this paragraph). I didn't see any posts in the freebsd newsgroups regarding how to fix this hole, or even warning people that this hole existed. Take care, -- Nick Kralevich nickkral@cory.eecs.berkeley.edu