On Tue, Oct 29, 2002 at 04:18:38PM -0800, Jacob Meuser wrote: > > From: Andreas Schuldei <[EMAIL PROTECTED]> > > There are several indications that openbsd's security is more or > > less up to the level what can be achived with todays debian > > gnu/linux. > > Can be achieved != by default.
Also, OpenBSD comes with systrace by default (Debian doesn't even come with file(1), diff(1) or make(1) by default, you call that a UNIX-like system?). systrace can be used to allow or deny programs to make certain system calls. http://www.openbsd.org/cgi-bin/man.cgi?query=systrace http://www.citi.umich.edu/u/provos/systrace/ And in OpenBSD -current, systrace has privilege elevation. Theoretically, this could let an administrator remove all SUID and SGID bit from the system, and set up systrace policy files to allow programs that need higher privileges for specific system calls to run them with the privilege it needs. The security benefits should be obvious. So, if we're talking "can be achieved" (not to mention, no need to recompile the kernel or sweet talk a package manager into getting the packages you need since it's all there, ready to go) OpenBSD is still a few steps ahead of the pack. And of course, Neils and Marius are nice guys ... http://www.citi.umich.edu/u/provos/systrace/linux.html As I said, as long as Debian continues to import ... Hey, looks like I'm not the only one disappointed with Debian's installation "mess" ... http://www.debianplanet.org/node.php?id=831 -- <[EMAIL PROTECTED]> _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
