Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Dec 2009 08:18:58 -0500
From:      Robert Huff <roberthuff@rcn.com>
To:        Paul Schmehl <pschmehl_lists@tx.rr.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Root exploit for FreeBSD
Message-ID:  <19234.18114.158979.591345@jerusalem.litteratus.org>
In-Reply-To: <1802D62A06A3A0AF64412A2C@Macintosh-2.local>
References:  <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <20091210095122.a164bf95.wmoran@potentialtech.com> <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk> <5d6848b00912101211m20c20995x212ac7e5093df42c@mail.gmail.com> <1802D62A06A3A0AF64412A2C@Macintosh-2.local>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Paul Schmehl writes:

>  >> And from I understand it's going to get worse.
>  >> Apparently the IT services are drawing up
>  >> plans to completely forbid use of "non-autorized"
>  >> OS. I imagine fbsd will not be authorized.
>  >> So I'm anticipating another battle already.
>  >
>  > Does this extend to computers used for academic research, student
>  > owned computers being used on campus, etc?
>  >
>  > Perhaps it's because we're conditioned to think this way but a lot of
>  > us at universities in the US see a lot of this as being commonplace
>  > and to *not* do them is generally considered bad security practice.
>  >
>  
>  This last part is surprising to me.  Not only are we not
>  Windows-centric, the very idea of not allowing a diversity of
>  OSes is foreign to our operation.  We are a heavy Solaris shop
>  (as are many universities), have a good amount of Suse and RHEL
>  and far less Windows servers exposed to the Internet.  At the
>  desktop users may install whatever they want, so long as it's
>  maintained properly (which we audit routinely) and used in an
>  acceptable manner (which you agree to when you get an account.)
>  We have just about every OS you can imagine, including some you
>  wouldn't believe still exist.

	I haven't worked directly with academic IT in decades ... but I
live in Boston, which has the highest concentration of colleges on
the planet, and talk to peopke who do.
	If any of the major local colleges tried to ban non-Windows OSs
as either or desktop, the only question would be who got to IT
first - the students with the stakes and holy water, or the
professors with the tar and feathers.
	On the other hand a well considered security policy specifying
ends and not means, and accompanied by end-user detection/correction
mechanisms, would be adopted quite happily.


					Robert Huff




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?19234.18114.158979.591345>