Re:I see they fixed lots of security issues...
on
OpenBSD 2.9 Released
·
· Score: 1
from www.openbsd.org's main page: "Four years without a remote hole in the default install!"
OpenBSD installs with a minimum of services running, syslog, sendmail running only to listen locally and send remotely, and a couple of other services required for running (init, etc). Even a full install of the entire system including xwindows, the same limited number of services start.
Compare this with a few other vendors, full install leaves your system running with apache, fully functional sendmail listening everywhere, ftpd, nntpd, xfs, xdm, etc.
Most likely, the fixed buffer overflows are in programs that are not running after a default install. They make no guarantees about what happens once the user gets in and starts mucking around with stuff.
If ipf were to remain in the source tree, how quick do you think everyone would get to work on finding a suitable alternative? Taking it out now prompts people to get on the ball and start trying to find a solution, rather than just using what works until someone else steps up to the plate to handle it.
The release of 2.9 scheduled for June 1st will still contain ipf. As I understand it, the distribution was frozen before this mess with the licensing. Unless of course you were planning on running -current on your firewalls, in which case you would probably be dealing with a lot more issues than not having ipf.
Trademarks are intended to prevent confusion among competing businesses. For example, say I have a successful company trademarked Foo. Someone comes along and decides to create a company that competes with me called Fu. If I can prove that because of the confusion between his name and mine, I am losing business, and because my company is trademarked, I have legal grounds to dispute Fu for trademark infringement. This does not apply to people that do not make a profit, as you can not show lost profits to competitors with similar names. However, if a trademarked business can show that it is losing profits to a competitor, whether the competitor's product is free or not, the competitor would be in violation of the trademark.
As always, IANAL, most of this stuff was picked up from reading about the recent SSH/OpenSecSH debate.
just a couple of points about the files you listed. Keep in mind that this is for my home machines where I am the only user. I remove the suid bits from mount and umount, because I am the only one that should need to mount drives anyway. If I start giving out accounts on my home system, this is something I won't have to worry about then, as it's already been taken care of. I don't use at, so I disable it, if an exploit does happen to come out, I don't have to worry about patching it right away, but it's still a good idea to do so. The same thing goes for gpm, I don't use it when I'm in console mode, so when that exploit came out a couple of weeks ago, it wasn't a major concern.
The Bastille hardening script for RedHat based systems has the option to remove suid bits from ping and traceroute. It doesn't break them, you just have to be root to use them. There are debates about whether or not regular users should have access to tools such as ping and traceroute anyway, and it's likely I won't be the one to end the debate, but I prefer on my own machine to limit it to root. After all, I am root, and if I give out an account to a friend, he can just as easily run ping from his own machine. if you want to give permissions to some people and not others, sudo is extremely easy to install and configure and works great for limiting su access to specific users for specific applications.
Once again, a lot of this was learned from experience, I spent time using the system and learned what I need and what I don't need, and now I know what comes enabled and how to disable it shortly after install, before connecting to the Internet. This doesn't mean every vendor should ship their systems to my specs, after all, I'm a nobody and really have no say over what vendors put in their OS.
One thing I don't agree with is some of the default behaviors of certain parts of the OS. For example, a friend of mine got cracked with one of the latest wu-ftpd exploits. The attacker added a user with uid 0 and removed/etc/securetty. I don't know if you know what this does, but the default behavior is that if securetty doesn't exist, rather than restricting a root login (especially a remote one), it compalins that it can't find the file and then lets the user login anyway. For this, I would prefer the default behavior to be something more along the lines of "if/etc/securetty doesn't exist, don't let someone with uid 0 login anywhere." Even if the administrator accidently removes securetty, if they were security conscious, they would have created a non-root user, and nothing would stop them from logging in as an unpriviledged user and su'ing to root to fix the securetty file. Of course, the whole incident stemmed from him running an insecure ftpd that he didn't even need.
I don't know how many other examples there are of insecurity like this, I mean it's probably something someone just over-looked. I'm not a kernel developer, I'm trying my best not to throw stones, as I realize the kernel hackers and OS people are lightyears ahead of what I can do, but as a user, it's those kinds of things that worry me. disabling services is something I can do, re-writing the kernel or the os, I'm not quite to that level yet...
MR. COOPER: I tell you what, if you want to spend the time in this deposition arguing about issues I'll be glad to.
God forbid a pair of lawyers would get together to actually debate the issues, it's not like that's what their clients are paying them for
On a side note: for a guy that's been running the company for 34 years, Mr. Valenti doesn't seem to know a whole lot about anything relating to this case. Here's another great quote:
Q Do you know the names of any devices that can capture the digital signal without de-encryption?
THE WITNESS: I don't know.
This can be taken several ways, the more humorous of which is, Mr. Valenti doesn't know if he knows the names of any devices that can capture the digital signal without de-encryption. If I were on the BOD, I might start re-evaluating my choice for CEO if he didn't know what he knows and doesn't know. Isn't that one of the warning signs of senility?
What about the intermingling of those amino acids that resulted in the first single celled organisms on the face of the earth. I think that was truly unique, especially since it had never been done before (on this planet)...
" And when it becomes a reality, it does not destroy all cryptography. Quantum computing reduces the complexity of arbitrary calculations by a factor of a square root. This means that key lengths are effectively halved. 128-bit keys are more than secure enough today; 256-bit keys are more than secure enough against quantum computers. "
"We are gratified that the court has once again upheld GoTo's rights to our logo, and the right of consumers not to be confused in the Internet marketplace,"
And to answer the question of "Why?", I think it all goes back to Sunday's User Friendly. And people are always asking my why stupid people shouldn't be allowed to breed....What was that song about how they should all have to wear a sign?
Slashdot Mirror
from www.openbsd.org's main page: "Four years without a remote hole in the default install!"
OpenBSD installs with a minimum of services running, syslog, sendmail running only to listen locally and send remotely, and a couple of other services required for running (init, etc). Even a full install of the entire system including xwindows, the same limited number of services start.
Compare this with a few other vendors, full install leaves your system running with apache, fully functional sendmail listening everywhere, ftpd, nntpd, xfs, xdm, etc.
Most likely, the fixed buffer overflows are in programs that are not running after a default install. They make no guarantees about what happens once the user gets in and starts mucking around with stuff.
If ipf were to remain in the source tree, how quick do you think everyone would get to work on finding a suitable alternative? Taking it out now prompts people to get on the ball and start trying to find a solution, rather than just using what works until someone else steps up to the plate to handle it.
The release of 2.9 scheduled for June 1st will still contain ipf. As I understand it, the distribution was frozen before this mess with the licensing. Unless of course you were planning on running -current on your firewalls, in which case you would probably be dealing with a lot more issues than not having ipf.
Trademarks are intended to prevent confusion among competing businesses. For example, say I have a successful company trademarked Foo. Someone comes along and decides to create a company that competes with me called Fu. If I can prove that because of the confusion between his name and mine, I am losing business, and because my company is trademarked, I have legal grounds to dispute Fu for trademark infringement. This does not apply to people that do not make a profit, as you can not show lost profits to competitors with similar names. However, if a trademarked business can show that it is losing profits to a competitor, whether the competitor's product is free or not, the competitor would be in violation of the trademark.
As always, IANAL, most of this stuff was picked up from reading about the recent SSH/OpenSecSH debate.
"SSH" is simply an acronym for "Secure Shell", how can you take a descriptive term, turn it into an acronym, and have it be any less descriptive?
just a couple of points about the files you listed. Keep in mind that this is for my home machines where I am the only user. I remove the suid bits from mount and umount, because I am the only one that should need to mount drives anyway. If I start giving out accounts on my home system, this is something I won't have to worry about then, as it's already been taken care of. I don't use at, so I disable it, if an exploit does happen to come out, I don't have to worry about patching it right away, but it's still a good idea to do so. The same thing goes for gpm, I don't use it when I'm in console mode, so when that exploit came out a couple of weeks ago, it wasn't a major concern.
/etc/securetty. I don't know if you know what this does, but the default behavior is that if securetty doesn't exist, rather than restricting a root login (especially a remote one), it compalins that it can't find the file and then lets the user login anyway. For this, I would prefer the default behavior to be something more along the lines of "if /etc/securetty doesn't exist, don't let someone with uid 0 login anywhere." Even if the administrator accidently removes securetty, if they were security conscious, they would have created a non-root user, and nothing would stop them from logging in as an unpriviledged user and su'ing to root to fix the securetty file. Of course, the whole incident stemmed from him running an insecure ftpd that he didn't even need.
The Bastille hardening script for RedHat based systems has the option to remove suid bits from ping and traceroute. It doesn't break them, you just have to be root to use them. There are debates about whether or not regular users should have access to tools such as ping and traceroute anyway, and it's likely I won't be the one to end the debate, but I prefer on my own machine to limit it to root. After all, I am root, and if I give out an account to a friend, he can just as easily run ping from his own machine. if you want to give permissions to some people and not others, sudo is extremely easy to install and configure and works great for limiting su access to specific users for specific applications.
Once again, a lot of this was learned from experience, I spent time using the system and learned what I need and what I don't need, and now I know what comes enabled and how to disable it shortly after install, before connecting to the Internet. This doesn't mean every vendor should ship their systems to my specs, after all, I'm a nobody and really have no say over what vendors put in their OS.
One thing I don't agree with is some of the default behaviors of certain parts of the OS. For example, a friend of mine got cracked with one of the latest wu-ftpd exploits. The attacker added a user with uid 0 and removed
I don't know how many other examples there are of insecurity like this, I mean it's probably something someone just over-looked. I'm not a kernel developer, I'm trying my best not to throw stones, as I realize the kernel hackers and OS people are lightyears ahead of what I can do, but as a user, it's those kinds of things that worry me. disabling services is something I can do, re-writing the kernel or the os, I'm not quite to that level yet...
MR. COOPER: I tell you what, if you want to spend the time in this deposition arguing about issues I'll be glad to.
God forbid a pair of lawyers would get together to actually debate the issues, it's not like that's what their clients are paying them for
On a side note: for a guy that's been running the company for 34 years, Mr. Valenti doesn't seem to know a whole lot about anything relating to this case. Here's another great quote:
Q Do you know the names of any devices that can capture the digital signal without de-encryption?
THE WITNESS: I don't know.
This can be taken several ways, the more humorous of which is, Mr. Valenti doesn't know if he knows the names of any devices that can capture the digital signal without de-encryption. If I were on the BOD, I might start re-evaluating my choice for CEO if he didn't know what he knows and doesn't know. Isn't that one of the warning signs of senility?
What about the intermingling of those amino acids that resulted in the first single celled organisms on the face of the earth. I think that was truly unique, especially since it had never been done before (on this planet)...
in this interview he gave with /.
" And when it becomes a reality, it does not destroy all cryptography. Quantum computing reduces the complexity of arbitrary calculations by a factor of a square root. This means that key lengths are effectively halved. 128-bit keys are more than secure enough today; 256-bit keys are more than secure enough against quantum computers. "
"We are gratified that the court has once again upheld GoTo's rights to our logo, and the right of consumers not to be confused in the Internet marketplace,"
And to answer the question of "Why?", I think it all goes back to Sunday's User Friendly.
And people are always asking my why stupid people shouldn't be allowed to breed....What was that song about how they should all have to wear a sign?
it's a step up from "smart chicks" I suppose, but what do I know, I'm just a pig, a sexist one at that...