From owner-freebsd-current@FreeBSD.ORG Thu Dec 10 14:55:46 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E78971065695; Thu, 10 Dec 2009 14:55:46 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.freebsd.org (Postfix) with ESMTP id B2DF48FC18; Thu, 10 Dec 2009 14:55:46 +0000 (UTC) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.14.3/8.14.3) with ESMTP id nBAEtcXo063322; Thu, 10 Dec 2009 09:55:38 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <200912101455.nBAEtcXo063322@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 10 Dec 2009 09:55:40 -0500 To: Anton Shterenlikht , freebsd-questions@freebsd.org, freebsd-current@freebsd.org From: Mike Tancsa In-Reply-To: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Subject: Re: Root exploit for FreeBSD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 14:55:47 -0000 At 09:41 AM 12/10/2009, Anton Shterenlikht wrote: > >From my information security manager: > > FreeBSD isn't much used within the University (I > understand) and has a > (comparatively) poor security record. Most recently, for example: > > >http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html > Some say... world flat... some say roundish. There are lots of opinions to choose from. It would be nice to see an actual properly designed study quoted... or even some raw data referenced. and I am not talking about something vendor sponsored that examines such track records. In the case of the above mentioned zero day exploit someone posted, I think FreeBSD did a GREAT job at getting a fast unofficial patch out and then 2 days later an official advisory and patch out. Take a look at their actual track record at http://www.freebsd.org/security and judge for yourself based on that. Note, a good chunk of whats there is common across multiple operating systems (e.g ntpd, BIND, openssl etc) There are lots of reasons why someone might use or not use FreeBSD. In my _opinion_, a "poor security record" is not one of them... But judge for yourself based on their actual track record. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike