On Mon, Feb 18, 2002 at 08:06:09AM +0100, Raf Schietekat wrote:

Hi Raf,

I'm not sure if you just missed my point or you are trolling, but I'll bite
:-)

> Yeah, good idea, nuke all them Billysoft suckers and save the world!
> Meanwhile, how about if I sent an innocent FreeBSD user an attack (this
> looked like a Trojan horse, not an Outlook worm/virus (?), after my
> forwarding cum "virus" filtering service released it to me)? Would s/he

Well, you have a point here, as we all know: Security is a process, not
a product. But you seem to forget one thing. FreeBSD is *not* by any
means a mainstream OS. And that means that the people who use it usually
know what they're doing, at least to the point of not executing a file
they got from a stranger. Even if they did, all they could lose is the
files they own, which, of course, should be backed up somewhere if they
are worth anything. Considering the fact the 9 out of 10 computers run
some MS OS, the probability that a clueless user is running BSD is
almost 0.

> be protected by what Java would call a sand box? I don't think so. Unix
> security may be based more on marginality than on technical prowess, and
> little if any progress seems to be being made. What good does it do to
> me as an ordinary user that the superuser is safe and smug about his
> continued service, if all my personal stuff goes down the drain?

I see two cases where this could apply. Someone who just installed MacOS
X and for some weird reason decided to play with permissions and the
typical moron who joins a unix irc channel and says:"EYE HAEV INSTALLED
TEH MANDRAEK!!!!". Well, not really, but you get the point. It is pretty
safe to assume that those running BSD are worth their salt. I think Theo
de Raadt once said it pretty nicely:"If you are too stupid to read
documentation go and run Linux", it wasn't exactly those words, but that
was the meaning. And no, I don't expect my mother to be a unix guru, but
the freebsd-security list is a technical discussion forum, not the place
for newbies.
</rant>

> Raf Schietekat <Raf_Schietekatieee.org>
> Running Netscape 6.2 (because I still can) on MS Windows 2000
> Professional on my laptop (because I have to).
                              ^^^^^^^
My deepest sympathies :-P

Cheers,

-- 
        Miguel Mendez - flynnenergyhq.homeip.net
        GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt
        EnergyHQ :: http://www.energyhq.tk
        FreeBSD - The power to serve!

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org

iD8DBQE8cRVtnLctrNyFFPERAtrSAKCauDejlcT/c6PYxwbqcrWXW7q6zwCfd22k YpxZ5XgV9nRgNQaFFvirmu8= =w1YX -----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]