Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Gets a New Security Officer

Posted by CmdrTaco on from the don't-crack-on-me dept.

ve2asm writes "As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer. The core team has approved Jacques Vidrine as the new security officer.

15 comments

  1. OT: Missing html tag by c.r.o.c.o · · Score: 1

    Is it just me, or did CmdrTaco forget a tag? After this article, everything below it is italic. The quoted paragraphs, the moderator comments, everything.

    However, the story right above this one is displaying normaly.

    BTW, don't moderate me as off topic, I'm just asking a question that would not fit anywhere else but here.

    1. Re:OT: Missing html tag by Anonymous Coward · · Score: 0

      he did miss the

      i have my prefs set to show all articles on the front page, and it's clear that this story is the bug

  2. BlatantWhoring: A good "secure your BSD" link. by WasterDave · · Score: 2

    http://draenor.org/securebsd/secure.txt

    A clear simple guide to securing FreeBSD, including use of secure levels.

    Two links off the homepage, so it's blatant whoring.

    Dave

    --
    I write a blog now, you should be afraid.
    1. Re:BlatantWhoring: A good "secure your BSD" link. by __past__ · · Score: 2, Interesting
      BTW, am I the only one who thinks that securelevels stink?

      IMHO it would be a better idea to be able to select the features securelevels imply individually. That way, one could still use the securelevel settings in /etc/rc.conf by just making /etc/rc setting a group of individual "securesettings".

      I mean, just because I happen to like rewriting my firewall rules doesn't mean I want anybody to be able to write to kmem, or to remove noschg!
      --
      Programming can be fun again. Film at 11.
    2. Re:BlatantWhoring: A good "secure your BSD" link. by Anonymous Coward · · Score: 1, Interesting

      You want something like Linux's capability bits.

      Of course, to actually use them in a non-trivial way you pretty much HAVE to roll your own distro from scratch.

    3. Re:BlatantWhoring: A good "secure your BSD" link. by cperciva · · Score: 3, Interesting

      am I the only one who thinks that securelevels stink?

      Nope. Every time the topic came up in freebsd-security, Kris used to lead the "securelevels are broken, don't use them" charge.

      To be fair, they could be a useful security feature (although a more fine-grained control would of course be superior), but you'd have to do all sorts of stuff in order for that to happen. They are still quite useful as an anti-foot-shooting device, however.

      --
      Tarsnap: Online backups for the truly paranoid
    4. Re:BlatantWhoring: A good "secure your BSD" link. by kkenn · · Score: 1

      Or FreeBSD's capability bits, available in 5.0.

  3. hmm by nomadic · · Score: 5, Funny

    As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer.

    I didn't know any actually managed to make it long enough to resign. Aren't they usually killed a few minutes after they beam down to a planet, or blown up by an exploding console?

  4. FreeBSD security by Roger+Watson · · Score: 0, Troll
    Since the NetBSD/OpenBSD split became final several years back, the FreeBSD developers have been in constant competition with the OpenBSD developers with regard to providing a secure, yet usable system. Appointing Mr. Vidrine, a personable yet strict taskmaster, is the latest of many steps that have been taken to continue to improve the security of FreeBSD users' systems. Here is a short list of other security-related projects:
    • TrustedBSD. Though it has taken some time (and who could write a B1 system overnight?), it now supports MLS extensions, ACLs on files, SAE privilege isolation, and process segmentation spacing to provide a system on which users at different levels cannot interfere with more privileged users.
    • Improvements in the -CURRENT branch. Many security improvements, some independent and some from TrustedBSD, are destined to be included in FreeBSD 5.0.
    • jail(2). Jail provides process isolation superior to anything found in another UNIX or in Linux. We like to call it "chroot with teeth," and continue to wonder why existing chroot(5) implementations are so hopelessly broken in other lessor unices.
    • Protocol support. FreeBSD currently ships without a telnet daemon installed, to keep people from using daemons that have known weaknesses (such as the environment variable handling design flaw) and that allow plaintext passwords to leak onto the network.
    • Strong NIS authentication. We've combined the versatility of NIS and the simplicity of Kerberos, and produced an armoured version of NIS that withstands network and host based attacks.
    These are only a few of the many improvements that the FreeBSD team has been working on, to make your computing experience more stable and secure. FreeBSD 5.0 will be a landmark release and will far surpass anything that Microsoft and Linus has to offer.

    --rwatson

    1. Re:FreeBSD security by Anonymous Coward · · Score: 0

      Who the hell are you and why are you pretending to be Robert Watson?

  5. *BSD is dead by Anonymous Coward · · Score: 0

    and SO ARE YOU