[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pretty-secure-linux
Subject:    Comments
From:       peter () vpro ! nl (Peter Busser)
Date:       1998-08-08 9:57:24
[Download RAW message or body]

Hi,

I've been reading the PSL web page and I have a few comments. First the web
page talks about obtaining C2 or even B1 and tradeoffs are made towards
security and not usability. Then, on the developer page, I see lots of stuff
that is contradictory to this. I mean, you cannot tell me Linuxconf is a very
secure program. It is installed with suid root and the pieces of the source I
read are full of potential buffer overruns. Same goes for other programs, like
for instance pine.

Second, I think it is better not to run any services. If that is possible of
course. On very secure systems, I don't even run inetd. The services that run
should be audited and rewritten where necessary. Like e.g. bind, to run in a
chrooted environment so it can do less harm when it is hacked.

Third, I think a distribution is not worth the trouble downloading if it
does not have a proper package management system. I think that RPM would not
be a bad idea, because it can handle PGP signed packages and MD5 checksums.
Also rpm -Va can be used as a kind of tripwire.

Just my two cents.

Groetjes,
Peter Busser
-- 
Consultant: Solaris, Linux, Internet, C, Java, security and Sybase
Tel.: +31-24-6450412 E-mail: peter@vpro.nl
Our continuing mission: To seek out knowledge of C, to explore strange UNIX 
commands, and to boldly code where no one has man page 4.
UNIX is user friendly... it's just picky about who it chooses to befriend.

[prev in list] [next in list] [prev in thread] [next in thread]