Thus said Gabriel Gunderson on Sat, 21 May 2005 09:18:37 MDT: > That's seems strange to me. Why would you run Apache by default? I can > see running an MTA listening on the localhost but a web server if you > don't need/want it?
OpenBSD does not run Apache by default. It is installed as part of the base OS, but it doesn't run by default. The only public service that runs by default is OpenSSH and only then if you answer ``Yes'' when it asks if you want to run it. > I appreciate their desire to ship a security oriented OS. Like I said, > they tell an interesting story and they have me listening. I kinda > wonder what happens when the slip up again. Will we have to listen to > "only *two* remote security flaws" for the next eight years? They put in a lot of work to clean up the possibility that such a flaw could lead to a compromise by introducing privsep. It separates the privileged code (aka having root access to setup tty's and fun stuff like that) into a separate process from the one that reads input from the network (which is unprivileged). That's obviously doesn't guarantee that OpenSSH won't ever have a security bug again. Also, while sendmail does run by default it does not listen on any public interfaces, only on lo0. Andy -- GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204 2219 A43E F450 A638 88C9) [-----------[system uptime]--------------------------------------------] 12:05am up 46 days, 1:26, 2 users, load average: 1.16, 1.13, 1.10 .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
