Date: Tue, 29 Jun 2004 11:42:25 -0700 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Kevin Lyons <kevin_lyons@ofdengineering.com> Cc: freebsd-chat@freebsd.org Subject: Re: "TrustedBSD" addons Message-ID: <6.1.0.6.1.20040629112919.03bcffc8@popserver.sfu.ca> In-Reply-To: <40E1A6C0.2040406@ofdengineering.com> References: <40E1A6C0.2040406@ofdengineering.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:28 29/06/2004, Kevin Lyons wrote: >I was reading with some surprise that some of the MAC and other "addons" from trusted bsd are to be incorporated. > >I can already see the security advisories for these things like we've had for tcpwrapper, kerberos, heimdal, jail, openssl, etcetera ad infinitum. It's worth noting that some of these advisories are rather esoteric. For example, FreeBSD-SA-04:09.kadmind doesn't affect any binary installations of FreeBSD, since it requires that both Kerberos 4 and Kerberos 5 are built. Meanwhile, despite having two security issues with jails (issues which weakened jails, but did not allow any privilege beyond that of an un-jailed user), there was one advisory (FreeBSD-SA-04:06.ipv6) for which jails (in their default configuration) were a specific workaround. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.1.20040629112919.03bcffc8>