From owner-freebsd-stable  Sun Sep  3 10:16:19 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP id 3A11B37B423
	for <freebsd-stable@FreeBSD.ORG>; Sun,  3 Sep 2000 10:16:12 -0700 (PDT)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id LAA16120;
	Sun, 3 Sep 2000 11:15:50 -0600 (MDT)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id LAA03829;
	Sun, 3 Sep 2000 11:15:49 -0600 (MDT)
	(envelope-from nate)
Date: Sun, 3 Sep 2000 11:15:49 -0600 (MDT)
Message-Id: <200009031715.LAA03829@nomad.yogotech.com>
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: cjclark@alum.mit.edu
Cc: Nate Williams <nate@yogotech.com>,
	Allen Campbell <allenc@verinet.com>,
	Ian Smith <smithi@nimnet.asn.au>, freebsd-stable@FreeBSD.ORG
Subject: Re: bad 16550A maybe?
In-Reply-To: <20000903012428.G62475@149.211.6.64.reflexcom.com>
References: <Pine.BSF.3.96.1000902074531.8872A-100000@gaia.nimnet.asn.au>
	<39B19295.3D66E41@verinet.com>
	<200009030158.TAA01926@nomad.yogotech.com>
	<20000903012428.G62475@149.211.6.64.reflexcom.com>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > The only modifications were to continually upgrade the software such as
> > BIND and SENDMAIL where remote root exploits were possible, but
> > otherwise it's a stock FreeBSD 2.2.8 system.  (No X, of course.)
> 
> I assume you mean it is a FreeBSD 2.2.8-STABLE.

Right.

> There are some
> security fixes that were never backported to 2.2.8.

True, but none of them involve remote root exploits, only local root
exploits.  (The TCP/IP stack ones I acctually backported).

> I hope you don't have /proc mounted for example. If it's 2.2.8-RELEASE
> there are more things to be fixed. If security is a concern on this
> platform, the fact that security fixes have not been and will no
> longer be backported is something to consider.

Given it's not a machine that can be logged into (except by the
sys-admin), it's really not a concern.

*IF* the box had usable local accounts, then it would be a concern.


Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message