[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD/Errata/BUGTraq et al.

On Wed, 18 Oct 2000, Toni Mueller wrote:
> I dodn't understand how this came up, and especially the connection
> to Bugtraq, but want to throw my 2 cents in:

It came up because some users (me included) thought that the OpenBSD core
did not really care if mere mortals can keep their servers secure. You
have to read about an OpenBSD exploit on Bugtraq or errata.html that the
developers already knew about. The recommended action on errata is to
patch and compile the source, which is non-trivial if you have never done  
it. When I (and Alex_(_at_)_zedz iirc) suggested that RedHat handles exploit
warnings better (partly because they have lots more experience in that 
department ;-) then we just get laughed at.

A post on linux-security_(_at_)_redhat contains a line like so:
rpm -Fvh ftp://updates.redhat.com/5.2/i386/screen-3.7.4-4.i386.rpm";

which even the least clued admin can understand, and when he gives that
command then that security hole is fixed.

> > will there be a cheap PCI card with onboard ethernet, sshd and an emulated
> > serial port for remote console access? (cf. HP-UX LAN Console)
> Is that HP-UX LAN Console cheap? Otherwise I would rather
> look at that PC-Weazel. So far I didn't try this, but
> it looks attractive.
Nothing on HP9000 is cheap. The Weazel doesn't have 10baseT or sshd, so   
you still need a seperate console server. The HP9000 LAN Console is a PCI
card that has 10baseT, telnetd and a serial console port emulator. Telnet
certainly sucks but the hardware is simple enough that it should be
possible to manufacture a similar card with sshd for a handfull dollars.