Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Gets a New Security Officer

Posted by CmdrTaco on from the don't-crack-on-me dept.

ve2asm writes "As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer. The core team has approved Jacques Vidrine as the new security officer.

1 of 15 comments (clear)

  1. FreeBSD security by Roger+Watson · · Score: 0, Troll
    Since the NetBSD/OpenBSD split became final several years back, the FreeBSD developers have been in constant competition with the OpenBSD developers with regard to providing a secure, yet usable system. Appointing Mr. Vidrine, a personable yet strict taskmaster, is the latest of many steps that have been taken to continue to improve the security of FreeBSD users' systems. Here is a short list of other security-related projects:
    • TrustedBSD. Though it has taken some time (and who could write a B1 system overnight?), it now supports MLS extensions, ACLs on files, SAE privilege isolation, and process segmentation spacing to provide a system on which users at different levels cannot interfere with more privileged users.
    • Improvements in the -CURRENT branch. Many security improvements, some independent and some from TrustedBSD, are destined to be included in FreeBSD 5.0.
    • jail(2). Jail provides process isolation superior to anything found in another UNIX or in Linux. We like to call it "chroot with teeth," and continue to wonder why existing chroot(5) implementations are so hopelessly broken in other lessor unices.
    • Protocol support. FreeBSD currently ships without a telnet daemon installed, to keep people from using daemons that have known weaknesses (such as the environment variable handling design flaw) and that allow plaintext passwords to leak onto the network.
    • Strong NIS authentication. We've combined the versatility of NIS and the simplicity of Kerberos, and produced an armoured version of NIS that withstands network and host based attacks.
    These are only a few of the many improvements that the FreeBSD team has been working on, to make your computing experience more stable and secure. FreeBSD 5.0 will be a landmark release and will far surpass anything that Microsoft and Linus has to offer.

    --rwatson