Rumen Yotov <rumen_yotov <at> dir.bg> writes:
> IMO OpenBSD initial goal was just that - to be very secure even in it's > default install. Haven't seen such claim for Gentoo (plain). Huh? "This release also gives provides two additional x86 LiveCD images, in combination with the minimal and universal InstallCDs seen in previous releases: a new x86 LiveCD from the Hardened project " And the corresponding CD: http://open-systems.ufl.edu/mirrors/gentoo/experimental/x86/hardened/livecd > Have some experience with Grsec2+PaX and RSBAC (SElinux brother ;) > IMHO they are significantly better than OpenBSD in overall security. > The "new/next" version of OpenBSD will have some sort of protection > against memory overflow attacks (writting this by memory only, might not > be 100% correct) so they are slowing nest release to test this 'new' > feature - which one and others too are already used by Hardened Gentoo. > Check 'Adamantix' - Debian + PaX (memory protection) + RSBAC (DAC). > Example: see 'gibraltar' router/firewall distro - uses RSBAC-kernel. Beautiful Prose! Any Other contributors care to 'Stand Up'? > No flames please, just my opinion. > HTH. Rumen Rumen, I never flame. I try to inspire, sometimes making my community and friends ashamed of ourselves and myself. Surely, I run the risk of becoming an outcast within a group of radicals (GENTOO)? Not the first time I've been 86'd from a place where they never toss out radical and dreamers.... Certainly, there are others feeling the pain of less than fantastic security on Gentoo! Hacking the raw files will allow migration of proven security models to countless (embedded) gentoo devices. Once perfected, the GUI frontends can be honestly tested and evaluated for robustness. AT www.shorewall.net (interestingly not www.shorewall.org) WE see in big red bold letters: "Security vulnerability in Shorewall 2.x" I'll stick with iptables/netfilter directly, until multiple, proven scripts and configurations are published. Then we can all play with GUI tools....... Business vs Integrity(Freedom)..... Funny, Gentoo was very quick to dump XFree for Xorg, in name of righteous OpenSource propaganda. Yet the same level of detail with documented usage of a 2.6 kernel and iptables/netfilter alludes us? Business versus Integrity? or just an oversight? Common man, we're all guilty. Let's group together, straighten out this sess_pool, and live with Integrity! -- the most guilty of all, James -- gentoo-user@gentoo.org mailing list
