l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re: OpenBSD and Security




Sounds like a different philosophy to me.  Openbsd provides minimal
functionality by default, but allows users to add there own via
the PORTS collection.  Redhat includes a wide range of network services
by default, requiring tweaking a GUI tool to get them to start on
bootup.

Redhat has security auditors, and contributes patches to numerous tools.

So if you need a DNS server, you installed openbsd, then installed
ISC's named from ports you have the same DNS security problems of the
rest of the world:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/038_named.patch

Similar with ftpd I.e.:
http://www.openbsd.com/advisories/ftpd_replydirname.txt

So as long as your smart enough to enable only what you need the
security isn't any different.

For the most part openbsd seems to follow the same
OhMyGodThereIsAnotherRootExploit and issues patches accordingly.

Not that openbsd isn't a fine unix distribution, I just fail to
see this "huge" security difference just because the exploitable
programs are in PORTS instead of installed by default.

Personally I like redhat simply because it has good functionality
out of the box, offers significantly more verification/coverage testing
then other distributions I've used (mandrake, slackware, even the old SLS),
and they get the security patches out usually within 24 hours minimizing
my security exposure.

Often redhat has to "reissue" patches because they receive wide
publicity months after redhat patches them.  For instance the April 1st
adore virus uses an exploit that was patched in October 2000.

--
Bill


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.