FreeBSD Gets a New Security Officer

ve2asm writes "As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer. The core team has approved Jacques Vidrine as the new security officer.

BlatantWhoring: A good "secure your BSD" link.

[WasterDave]

http://draenor.org/securebsd/secure.txt

A clear simple guide to securing FreeBSD, including use of secure levels.

Two links off the homepage, so it's blatant whoring.

Dave

Re:BlatantWhoring: A good "secure your BSD" link.

[__past__]

BTW, am I the only one who thinks that securelevels stink?

IMHO it would be a better idea to be able to select the features securelevels imply individually. That way, one could still use the securelevel settings in /etc/rc.conf by just making /etc/rc setting a group of individual "securesettings".

I mean, just because I happen to like rewriting my firewall rules doesn't mean I want anybody to be able to write to kmem, or to remove noschg!

Re:BlatantWhoring: A good "secure your BSD" link.

[cperciva]

am I the only one who thinks that securelevels stink?

Nope. Every time the topic came up in freebsd-security, Kris used to lead the "securelevels are broken, don't use them" charge.

To be fair, they could be a useful security feature (although a more fine-grained control would of course be superior), but you'd have to do all sorts of stuff in order for that to happen. They are still quite useful as an anti-foot-shooting device, however.

hmm

[nomadic]

As sent to the freebsd-announce mailing list, Kris Kennaway is resigning as Security Officer.

I didn't know any actually managed to make it long enough to resign. Aren't they usually killed a few minutes after they beam down to a planet, or blown up by an exploding console?