Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.uwa.edu.au!classic.iinet.com.au!swing.iinet.net.au!news.uoregon.edu!newsfeed.internetmci.com!in2.uu.net!van-bc!uniserve!usenet From: tom@uniserve.com (Tom Samplonius) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: What OS for an ISP to use? Date: 16 Nov 1995 06:26:23 GMT Organization: UNIServe Online Lines: 43 Distribution: world Message-ID: <48elif$b97@atlas.uniserve.com> References: <1995Nov15.130421.1503@hobbes.kzoo.edu> <48dbgq$g4s@agate.berkeley.edu> NNTP-Posting-Host: pc.sdf.com Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.6 In article <48dbgq$g4s@agate.berkeley.edu>, nickkral@parker.EECS.Berkeley.EDU says... > >In article <1995Nov15.130421.1503@hobbes.kzoo.edu>, >Kirby Baker <k060639@hobbes.kzoo.edu> wrote: >>If anyone could point me to some documentation that would discuss the >>security of freebsd (and linux for that matter) i would greatly >>appreciate it. I know that cdrom.com uses freebsd, but i dont want to >>have to tweak the OS very much, i want to install it and go! > >If your interested in security, Linux has mailing lists and WWW >sites dedicated to security under Linux. Check out: > > http://bach.cis.temple.edu/linux/linux-security/ > > mailing lists: > linux-security@linux.nrao.edu > linux-alert@linux.naro.edu > >Most of the security problems in the Linux community are the result >of applications, not kernel holes. The only exception that I can >think of is the /proc/ related security holes that existed in the >early 1.3.* linux kernels, but which are fixed in the latest versions. > >Does FreeBSD have any security related WWW sites or mailing lists? Use majordomo@freebsd.org to get on freebsd-security >Also, security coverage under Linux appears to be more extensive than >under FreeBSD. For example, there was wide coverage in the Linux groups >and the Linux security mailing lists, regarding the telnetd >environment variable security hole (see comp.security.announce for >more information). Even those this problem effected FreeBSD, >there was no discussion in c.u.b.f.m regarding this. (Note: this >might be due to the wording of the announcement. I suggest reading the >alert message before following up to this paragraph). I didn't see >any posts in the freebsd newsgroups regarding how to fix this hole, >or even warning people that this hole existed. The problem was discussed in agonizing detail on various mailing lists. Tom