On Mon, 7 May 2001, Jonas Luster wrote:
> Security is a process and a state of mind, not a product.
right. and OpenBSD exemplifies this in a striking manner.
remember that OpenBSD didn't sit down and do one audit, they started in
1995 and have been continuing since then. and when they find a bug, they
go back and rid the system of it, not just where they found the one piece.
when a new class of bugs emerges they didn't forsee (ie string format
attacks), they go through and fix them.
i say this, preaching in part to the choir, because no linux team has yet
done this. there have been attempts (ie the linux auditing project) to do
this, but no one has yet done it. no one has sat down and looked through
all the code in a distribution and fixed it. i'm with the folks who have
stated, "we'll believe it when we start seeing real fixes coming out in
droves." linus has explicitely stated that security is not his concern,
though he's allowing for hooks to be put in there to enhance it. as such,
i can't, in good faith, call linux a secure system. it can be secured,
sure, as can anything (IIS, your old C-64, etc ...), but it's certainly
not inherently secure.
(dont even get me started on netfilter.)
anyhow, as was stated earlier during some netbsd/openbsd confusion about
"who's more secure", i want everyone to realize that netbsd has an
excellent security track record, as well. through the KAME project you can
also add IPsec to the system, for example (and also to FreeBSD, its just
integrated already in OpenBSD, and tuned and such).
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
