From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 12 23:36:00 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 65BE41065692;
	Sat, 12 Dec 2009 23:36:00 +0000 (UTC) (envelope-from imp@bsdimp.com)
Received: from harmony.bsdimp.com (bsdimp.com [199.45.160.85])
	by mx1.freebsd.org (Postfix) with ESMTP id 271CB8FC1D;
	Sat, 12 Dec 2009 23:36:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by harmony.bsdimp.com (8.14.3/8.14.1) with ESMTP id nBCNXSB0055176;
	Sat, 12 Dec 2009 16:33:29 -0700 (MST) (envelope-from imp@bsdimp.com)
Date: Sat, 12 Dec 2009 16:33:52 -0700 (MST)
Message-Id: <20091212.163352.850602504923947435.imp@bsdimp.com>
To: wmoran@potentialtech.com
From: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <20091210095122.a164bf95.wmoran@potentialtech.com>
References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk>
	<20091210095122.a164bf95.wmoran@potentialtech.com>
X-Mailer: Mew version 6.3 on Emacs 22.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-current@FreeBSD.org, mexas@bristol.ac.uk,
	freebsd-questions@FreeBSD.org
Subject: Re: Root exploit for FreeBSD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2009 23:36:00 -0000

In message: <20091210095122.a164bf95.wmoran@potentialtech.com>
            Bill Moran <wmoran@potentialtech.com> writes:
: In response to Anton Shterenlikht <mexas@bristol.ac.uk>:
: 
: > >From my information security manager:
: > 
: > 	FreeBSD isn't much used within the University (I understand) and has a
: > 	(comparatively) poor security record. Most recently, for example:
: > 
: > 	http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
: 
: Are you trying to make your infosec guy look like an idiot?  Does he
: realize that FreeBSD has a grand total of 16 security problems for all
: of 2009?  Hell, Microsoft has that many in an average month.

And many of them were for code supplied by others...

: If he can find something (other than OpenBSD) with a better record than
: that, I'd love to hear about it.

Are you sure that OpenBSD has a better record?

Warner