Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Gets a New Security Officer

Posted by CmdrTaco on from the don't-crack-on-me dept.

ve2asm writes "As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer. The core team has approved Jacques Vidrine as the new security officer.

15 comments

  1. First post! by Anonymous Coward · · Score: -1, Troll

    www.goatse.cx

  2. OT: Missing html tag by c.r.o.c.o · · Score: 1

    Is it just me, or did CmdrTaco forget a tag? After this article, everything below it is italic. The quoted paragraphs, the moderator comments, everything.

    However, the story right above this one is displaying normaly.

    BTW, don't moderate me as off topic, I'm just asking a question that would not fit anywhere else but here.

    1. Re:OT: Missing html tag by Anonymous Coward · · Score: 0

      he did miss the

      i have my prefs set to show all articles on the front page, and it's clear that this story is the bug

  3. BlatantWhoring: A good "secure your BSD" link. by WasterDave · · Score: 2

    http://draenor.org/securebsd/secure.txt

    A clear simple guide to securing FreeBSD, including use of secure levels.

    Two links off the homepage, so it's blatant whoring.

    Dave

    --
    I write a blog now, you should be afraid.
    1. Re:BlatantWhoring: A good "secure your BSD" link. by __past__ · · Score: 2, Interesting
      BTW, am I the only one who thinks that securelevels stink?

      IMHO it would be a better idea to be able to select the features securelevels imply individually. That way, one could still use the securelevel settings in /etc/rc.conf by just making /etc/rc setting a group of individual "securesettings".

      I mean, just because I happen to like rewriting my firewall rules doesn't mean I want anybody to be able to write to kmem, or to remove noschg!
      --
      Programming can be fun again. Film at 11.
    2. Re:BlatantWhoring: A good "secure your BSD" link. by Anonymous Coward · · Score: 1, Interesting

      You want something like Linux's capability bits.

      Of course, to actually use them in a non-trivial way you pretty much HAVE to roll your own distro from scratch.

    3. Re:BlatantWhoring: A good "secure your BSD" link. by cperciva · · Score: 3, Interesting

      am I the only one who thinks that securelevels stink?

      Nope. Every time the topic came up in freebsd-security, Kris used to lead the "securelevels are broken, don't use them" charge.

      To be fair, they could be a useful security feature (although a more fine-grained control would of course be superior), but you'd have to do all sorts of stuff in order for that to happen. They are still quite useful as an anti-foot-shooting device, however.

      --
      Tarsnap: Online backups for the truly paranoid
    4. Re:BlatantWhoring: A good "secure your BSD" link. by kkenn · · Score: 1

      Or FreeBSD's capability bits, available in 5.0.

  4. Let me be the 1st to say... by Anonymous Coward · · Score: -1, Troll



    Netcraft officially confirms: *BSD is dying

    Yet another crippling bombshell hit the beleaguered *BSD community when recently IDC confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last [samag.com] [samag.com] in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin [amdest.com] [amdest.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

    Fact: *BSD is dead

  5. *BSD is dying by Anonymous Coward · · Score: -1, Troll
    It is now official - Netcraft has confirmed: *BSD is dying

    Yet another crippling bombshell hit the beleaguered *BSD community when recently IDC confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD s very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

    Fact: *BSD is dead

  6. hmm by nomadic · · Score: 5, Funny

    As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer.

    I didn't know any actually managed to make it long enough to resign. Aren't they usually killed a few minutes after they beam down to a planet, or blown up by an exploding console?

  7. FreeBSD security by Roger+Watson · · Score: 0, Troll
    Since the NetBSD/OpenBSD split became final several years back, the FreeBSD developers have been in constant competition with the OpenBSD developers with regard to providing a secure, yet usable system. Appointing Mr. Vidrine, a personable yet strict taskmaster, is the latest of many steps that have been taken to continue to improve the security of FreeBSD users' systems. Here is a short list of other security-related projects:
    • TrustedBSD. Though it has taken some time (and who could write a B1 system overnight?), it now supports MLS extensions, ACLs on files, SAE privilege isolation, and process segmentation spacing to provide a system on which users at different levels cannot interfere with more privileged users.
    • Improvements in the -CURRENT branch. Many security improvements, some independent and some from TrustedBSD, are destined to be included in FreeBSD 5.0.
    • jail(2). Jail provides process isolation superior to anything found in another UNIX or in Linux. We like to call it "chroot with teeth," and continue to wonder why existing chroot(5) implementations are so hopelessly broken in other lessor unices.
    • Protocol support. FreeBSD currently ships without a telnet daemon installed, to keep people from using daemons that have known weaknesses (such as the environment variable handling design flaw) and that allow plaintext passwords to leak onto the network.
    • Strong NIS authentication. We've combined the versatility of NIS and the simplicity of Kerberos, and produced an armoured version of NIS that withstands network and host based attacks.
    These are only a few of the many improvements that the FreeBSD team has been working on, to make your computing experience more stable and secure. FreeBSD 5.0 will be a landmark release and will far surpass anything that Microsoft and Linus has to offer.

    --rwatson

    1. Re:FreeBSD security by Anonymous Coward · · Score: 0

      Who the hell are you and why are you pretending to be Robert Watson?

  8. pfft. by PFAK · · Score: -1, Flamebait

    *Watches freebsd security go down the drain.*

    --

    Free means no restrictions, ironic the FSF's GPL forces restrictions, isn't it? What's your definition of free?
  9. *BSD is dead by Anonymous Coward · · Score: 0

    and SO ARE YOU