On Wed, Mar 14, 2001 at 01:43:19PM -0800, Cory Petkovsek wrote:
>
>OpenBSD is touted as "secure" out of the box. But I believe that when it's
>installed, it may very well become "unsecure", depending on the installer.
>
>However, OpenBSD says they haven't had a remote r00t exploit from the
>default installation in 3 years and running. They also say they are the
>only OS that can claim this.
>
There is also the problem of the ports; they explicitly exclude the ports
from their security guarantee, despite the fact that problems in ported
applications like sendmail or bind can bring r00+5311 exploits. They try
to keep current on as much as they can, but they can't audit it all to the
standards they apply to the kernel and toolset.
>[snip]
>Lets say there was this REALLY BAD vulnerability in BIND, and your server
>was terribly open because of it. Security advisories you receive say the
>latest version is out and you should upgrade to it.
>
>Or, how about a worse scenario.
>
>Let's say there's a really bad vulnerability in a program that you have
>installed, but don't know there is a security problem with it.
>
>With Debian, there is a debian auto-upgrade server: security.debian.org.
>When one runs the:
>apt-get update
>apt-get upgrade
>the security upgrade server is polled and all packages one has installed are
>checked against what's available on the server. They are downloaded,
>upgraded, reconfigured(if need be) and restarted (if daemons) all
>automagically.
>
The same functionality can be implemented in *BSDland :
1. set up CVSup and run it regularly (maybe from cron) ;
2. run make world with ports included ;
3. reboot.
--
/* efdtt.c Author: Charles M. Hannum <[EMAIL PROTECTED]> */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
#define K(i)(x[i]^s[i+84])<<
unsigned char x[5],y,z,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1
,s,n))if(s[y=s[13]%8+20]/16%4==1){int i=K(1)17^256+K(0)8,k=K(2)0,j=K(4)17^K(3)9
^k*2-k%8^8,a=0,b=0,c=26;for(s[y]-=16;--c;i/=2,j/=2)a=a*2^i&1,b=b*2^j&1;for(j=
127;++j<n;c=z+c>y)a^=a>>14,a=a>>8^(y=a^a*8^a<<6)<<9,b=b>>8^(z=b^b/8^b>>4^b>>12)
<<17,i=s[j],i="7Wo~'G_\216"[i&7]+2^"cr3sfw6v;*k+>/n."[i>>4]*2^i*257/8,s[j]=i^(i
&i*2&34)*6^z+c+~y;}}
