FreeBSD Gets a New Security Officer

← Back to Stories (view on slashdot.org)

FreeBSD Gets a New Security Officer

Posted by CmdrTaco on Monday January 28, 2002 @06:55AM from the don't-crack-on-me dept.

ve2asm writes "As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer. The core team has approved Jacques Vidrine as the new security officer.

3 of 15 comments (clear)

Min score:

Reason:

Sort:

Re:BlatantWhoring: A good "secure your BSD" link. by __past__ · 2002-01-28 09:52 · Score: 2, Interesting

BTW, am I the only one who thinks that securelevels stink?
IMHO it would be a better idea to be able to select the features securelevels imply individually. That way, one could still use the securelevel settings in /etc/rc.conf by just making /etc/rc setting a group of individual "securesettings".
I mean, just because I happen to like rewriting my firewall rules doesn't mean I want anybody to be able to write to kmem, or to remove noschg!

--
Programming can be fun again. Film at 11.
Re:BlatantWhoring: A good "secure your BSD" link. by Anonymous Coward · 2002-01-28 13:22 · Score: 1, Interesting

You want something like Linux's capability bits.

Of course, to actually use them in a non-trivial way you pretty much HAVE to roll your own distro from scratch.
Re:BlatantWhoring: A good "secure your BSD" link. by cperciva · 2002-01-28 13:26 · Score: 3, Interesting

am I the only one who thinks that securelevels stink?

Nope. Every time the topic came up in freebsd-security, Kris used to lead the "securelevels are broken, don't use them" charge.

To be fair, they could be a useful security feature (although a more fine-grained control would of course be superior), but you'd have to do all sorts of stuff in order for that to happen. They are still quite useful as an anti-foot-shooting device, however.

--
Tarsnap: Online backups for the truly paranoid