Date: Fri, 17 Sep 1999 16:29:27 -0600 From: Brett Glass <brett@lariat.org> To: "Matthew D. Fuller" <fullermd@futuresouth.com> Cc: security@FreeBSD.ORG Subject: Re: Securing a system that's been rooted remotely (Was: BPF on in 3.3-RC GENERIC kernel) Message-ID: <4.2.0.58.19990917162715.047cbb10@localhost> In-Reply-To: <19990917171656.H4975@futuresouth.com> References: <4.2.0.58.19990917155850.047bd680@localhost> <4.2.0.58.19990916232349.047c27a0@localhost> <4.2.0.58.19990916185341.00aaf100@localhost> <Pine.SOL.3.96L.990916210821.19993A-100000@unix8.andrew.cmu <4.2.0.58.19990916232349.047c27a0@localhost> <19990917134343.P16305@futuresouth.com> <4.2.0.58.19990917155850.047bd680@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem is similar to that of having a standard "administrator" password that has to be changed during installation of a hardware/software product. A certain percentage of people -- no matter how smart -- will neglect to change it. Just as a general rule of thumb and guiding principle, things that make the system more insecure should be off by default. --Brett At 05:16 PM 9/17/99 -0500, Matthew D. Fuller wrote: >You missed my main thrust. >Why would you go to all the trouble to enable securelevels (usefully. >read; flagging everyone and their mother), and still be running GENERIC? >If you're not running GENERIC, you're running a custom kernel. If you're >running a custom kernel, you're customizing stuff anyway, so you can take >out/put in bpf or whatever you want. Where's the problem? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990917162715.047cbb10>