*BSD News Article 62907


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!uunet!in2.uu.net!newsfeed.internetmci.com!howland.reston.ans.net!blackbush.xlink.net!rz.uni-karlsruhe.de!not-for-mail
From: ig25@fg70.rz.uni-karlsruhe.de (Thomas Koenig)
Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc
Subject: Re: need secure OS to entrust millions to
Followup-To: comp.os.linux.misc
Date: 25 Feb 1996 04:01:45 +0100
Organization: =?ISO-8859-1?Q?Universit=E4t_Karlsruhe_(TH),_Germany_?=
Lines: 29
Message-ID: <4gojep$o0v@fg70.rz.uni-karlsruhe.de>
References: <4gi6t6$3h9@lace.colorado.edu>
Reply-To: Thomas.Koenig@ciw.uni-karlsruhe.de
NNTP-Posting-Host: fg70.rz.uni-karlsruhe.de
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
NNTP-Posting-User: ig25
Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18780 comp.os.linux.misc:90260 comp.os.linux.networking:30841 comp.unix.bsd.freebsd.misc:14972 comp.unix.bsd.netbsd.misc:2396 comp.unix.bsd.bsdi.misc:2559

[CC: to author]

In comp.os.linux.development.system, bryce@c2.org wrote:

>1.  Security

Linux 1.2.13 has a few flaws; the /proc filesystem has some
weaknesses which mean that some users may gain access which
they should not have.  The networking is basically sound, if you
don't depend on Linux's own firewalling.  Wether or not that's
acceptable to you, I don't know.

>2.  Reliability

That's fine.

>3.  Availability/support
>4.  Performance

If you add the kswap patches, you should be ok.

>It would be nice if it turned out that some distribution 
>company like Red Hat has produced just such a stripped-down 
>stable distribution which has the minimal set of utilities 
>to do simple system management (single-user), do PCI 
>Ethernet and TCP/IP sockets, and do ftp out but not in.  

Don't start up any networking daemons.  For communication with your
firewalls and beyond, I'd strongly recommend ssh.