Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!uunet!in2.uu.net!newsfeed.internetmci.com!howland.reston.ans.net!blackbush.xlink.net!rz.uni-karlsruhe.de!not-for-mail From: ig25@fg70.rz.uni-karlsruhe.de (Thomas Koenig) Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: need secure OS to entrust millions to Followup-To: comp.os.linux.misc Date: 25 Feb 1996 04:01:45 +0100 Organization: =?ISO-8859-1?Q?Universit=E4t_Karlsruhe_(TH),_Germany_?= Lines: 29 Message-ID: <4gojep$o0v@fg70.rz.uni-karlsruhe.de> References: <4gi6t6$3h9@lace.colorado.edu> Reply-To: Thomas.Koenig@ciw.uni-karlsruhe.de NNTP-Posting-Host: fg70.rz.uni-karlsruhe.de Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit NNTP-Posting-User: ig25 Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18780 comp.os.linux.misc:90260 comp.os.linux.networking:30841 comp.unix.bsd.freebsd.misc:14972 comp.unix.bsd.netbsd.misc:2396 comp.unix.bsd.bsdi.misc:2559 [CC: to author] In comp.os.linux.development.system, bryce@c2.org wrote: >1. Security Linux 1.2.13 has a few flaws; the /proc filesystem has some weaknesses which mean that some users may gain access which they should not have. The networking is basically sound, if you don't depend on Linux's own firewalling. Wether or not that's acceptable to you, I don't know. >2. Reliability That's fine. >3. Availability/support >4. Performance If you add the kswap patches, you should be ok. >It would be nice if it turned out that some distribution >company like Red Hat has produced just such a stripped-down >stable distribution which has the minimal set of utilities >to do simple system management (single-user), do PCI >Ethernet and TCP/IP sockets, and do ftp out but not in. Don't start up any networking daemons. For communication with your firewalls and beyond, I'd strongly recommend ssh.