Date: Fri, 11 Dec 2009 08:18:58 -0500 From: Robert Huff <roberthuff@rcn.com> To: Paul Schmehl <pschmehl_lists@tx.rr.com> Cc: freebsd-questions@freebsd.org Subject: Re: Root exploit for FreeBSD Message-ID: <19234.18114.158979.591345@jerusalem.litteratus.org> In-Reply-To: <1802D62A06A3A0AF64412A2C@Macintosh-2.local> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <20091210095122.a164bf95.wmoran@potentialtech.com> <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk> <5d6848b00912101211m20c20995x212ac7e5093df42c@mail.gmail.com> <1802D62A06A3A0AF64412A2C@Macintosh-2.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl writes: > >> And from I understand it's going to get worse. > >> Apparently the IT services are drawing up > >> plans to completely forbid use of "non-autorized" > >> OS. I imagine fbsd will not be authorized. > >> So I'm anticipating another battle already. > > > > Does this extend to computers used for academic research, student > > owned computers being used on campus, etc? > > > > Perhaps it's because we're conditioned to think this way but a lot of > > us at universities in the US see a lot of this as being commonplace > > and to *not* do them is generally considered bad security practice. > > > > This last part is surprising to me. Not only are we not > Windows-centric, the very idea of not allowing a diversity of > OSes is foreign to our operation. We are a heavy Solaris shop > (as are many universities), have a good amount of Suse and RHEL > and far less Windows servers exposed to the Internet. At the > desktop users may install whatever they want, so long as it's > maintained properly (which we audit routinely) and used in an > acceptable manner (which you agree to when you get an account.) > We have just about every OS you can imagine, including some you > wouldn't believe still exist. I haven't worked directly with academic IT in decades ... but I live in Boston, which has the highest concentration of colleges on the planet, and talk to peopke who do. If any of the major local colleges tried to ban non-Windows OSs as either or desktop, the only question would be who got to IT first - the students with the stakes and holy water, or the professors with the tar and feathers. On the other hand a well considered security policy specifying ends and not means, and accompanied by end-user detection/correction mechanisms, would be adopted quite happily. Robert Huff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19234.18114.158979.591345>