[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Disabling Root Access



> On Sun, May 27, 2001 at 09:00:39AM -0000, Dr. Evil wrote:
> 
> > > What about all those Linux and BSD machines with 
> advertised uptimes of 3+
> > > years?
> > I agree.  I think that if you start out with proven hardware and a
> > rock-solid OS like OpenBSD, there is no reason why it 
> couldnt have an
> > uptime of three years or more.  
> 
> well yes, but I'm sure in these three years there will be at 
> least one sort of 
> remote-exploit/DoS in one of the things you run on that box, 
> meaning you need
> access to the box to fix it (remember: we were talking about 
> absolutly *no* access,
> except for a web-frontend).

It's particularly unrealistic in the context of an OS that
requires very few updates and offers a highly secure and simple
way of doing it: leave ssh avail to a restricted account from 
a restricted list of hosts.

Which is better a machine with one port open with one *potentially*
vulnerable daemon and no mechanism for updating it or a machine 
with 2 ports open 2 potentially vulnerable daemons one of which
provides the facility to update itself as well as the other AND
the underlying OS ?

L