[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Disabling Root Access
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: RE: Disabling Root Access
- From: "Lawrence W. Smith" <lws_(_at_)_juiceco_(_dot_)_com>
- Date: Sun, 27 May 2001 14:20:57 +0100
> On Sun, May 27, 2001 at 09:00:39AM -0000, Dr. Evil wrote:
> > > What about all those Linux and BSD machines with
> advertised uptimes of 3+
> > > years?
> > I agree. I think that if you start out with proven hardware and a
> > rock-solid OS like OpenBSD, there is no reason why it
> couldnt have an
> > uptime of three years or more.
> well yes, but I'm sure in these three years there will be at
> least one sort of
> remote-exploit/DoS in one of the things you run on that box,
> meaning you need
> access to the box to fix it (remember: we were talking about
> absolutly *no* access,
> except for a web-frontend).
It's particularly unrealistic in the context of an OS that
requires very few updates and offers a highly secure and simple
way of doing it: leave ssh avail to a restricted account from
a restricted list of hosts.
Which is better a machine with one port open with one *potentially*
vulnerable daemon and no mechanism for updating it or a machine
with 2 ports open 2 potentially vulnerable daemons one of which
provides the facility to update itself as well as the other AND
the underlying OS ?