Date: Wed, 11 Jul 2001 16:21:58 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Another Security-related Question Message-ID: <20010711162157.G90157@xor.obsecurity.org> In-Reply-To: <E15KQGo-000092-00@dc.cis.okstate.edu>; from martin@dc.cis.okstate.edu on Wed, Jul 11, 2001 at 03:07:38PM -0500 References: <E15KQGo-000092-00@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--j2AXaZ4YhVcLc+PQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 11, 2001 at 03:07:38PM -0500, Martin McCormick wrote: > After reading the Security section of the FreeBSD web > site, I still have a question which has been asked of me and > which I am relaying. >=20 > If security holes are discovered in other versions of > UNIX, say, Solaris or one of the Linux varieties, is there any > mechanism under FreeBSD to see whether or not the same hole or > exploit possibility exists in FreeBSD? There are a number of us in the FreeBSD community who check this sort of thing, and when problems are found to occur they are corrected ASAP and an appropriate advisory is released. FreeBSD has a much more rapid and complete response to security vulnerabilities than the commercial OS vendors, who often take months to acknowledge and fix publically known vulnerabilities. The worst case I've seen for this is HP who took something like 6 months to fix a remotely-exploitable BIND hole. Sun also routinely take months to release fixes for serious things like root holes. Kris --j2AXaZ4YhVcLc+PQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7TN+VWry0BWjoQKURAiNRAJ48ExdFK4R0wswEjfX/zsg/Ces/dQCgvy42 LU96wl/qCCQNrprG2kFbzXI= =tIqj -----END PGP SIGNATURE----- --j2AXaZ4YhVcLc+PQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010711162157.G90157>