Date: Tue, 27 Aug 2002 12:55:12 -0700 (PDT) From: twig les <twigles@yahoo.com> To: Erick Mechler <emechler@techometer.net>, David Olbersen <dave@slickness.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Ports are insecure? Message-ID: <20020827195512.6124.qmail@web10104.mail.yahoo.com> In-Reply-To: <20020827170508.GI90157@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I think the view that 'more ports = less security' has to do with the idea that if you don't need, don't install it (or with non-BSD systems...uninstall it). Almost any program has the potential to be a security hole, so if you need to run BIND, just run BIND and ssh, not AIM and FTP etc.... In this sense it's not a ports issue, but rather an overall approach (one that most vendors still ignore). --- Erick Mechler <emechler@techometer.net> wrote: > :: I read (in this list I think) that somebody was > of the opinion that > :: every port installed decreases the security of a > machine. > > I'm not sure I would go that far, but I would say > that for every network > port you have open, the amount of admin time does > increase. In a way it > does make it more insecure, but only if you don't > keep up with security > upgrades, patches, etc. > > :: How exactly does that work? Is this based in the > idea that nearly > :: anybody can contribute a port, but the core > system is reviewed by a > :: team? > > Not just anybody can contribute to a FreeBSD port > entry; the commit still > has to be done by an authorized committer. However, > it's true that just > about anybody's software package can become a port, > so if you just blindly > start installing ports, you might, on rare > occasions, install a piece of > software that's been trojaned (take the recent > OpenSSH trojan for example). > > I hope (maybe) this addressed some of your questions > :) If you have more > questions about the ports system, I'd check out the > relevant section of the > Handbook: > > http://www.freebsd.org/doc/handbook/ports.html > > Cheers - Erick > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020827195512.6124.qmail>