Re: pf configuration

[Ben Goren <ben_(_at_)_trumpetpower_(_dot_)_com>]

Feed the trolls....

On Wed, Sep 04, 2002 at 10:25:33PM +1000, Darren Reed wrote:

> I  don't  know  how  much   work  OpenBSD  has  put  into  this,
> specifically, but most  of the advances there, to  me, appear to
> come from NetBSD

Translation: ``I haven't the foggiest idea what I'm talking about,
but that's not going to stop  me from making the most inflammatory
statements I can think of.

> for i in freebsd netbsd openbsd; do
>         find $i -name Makefile | xargs egrep 'BINMODE[  ]*=[    ]*4'
> done

Translation: ``Here are some totally meaningless statistics that I
generated  in this  totally  complicated manner  so you  hopefully
won't notice that they're totally bunk.''

Note one,  note all: Darren doesn't  know how to use  find (1)--at
least when  it doesn't suit  his trolling purposes. If  you really
want to know which set{u,g}id files  there are on a system, here's
an incomplete start:

    find / \( -perm -u+s -o -perm -g+s \) -print

Want to know the Right Way? Look in OpenBSD's /etc/security.

So,  if  you're going  to  tell  us which  of  the  BSDs have  the
most  binaries   that'll  run  with  elevated   privileges,  don't
come  up with  some  senseless, convoluted  kludge  that tries  to
parse  the information  out  of Makefiles  (but  not makefiles  or
MAKEFILEs). Install the systems and use find as it was intended to
be  used. Be sure  to use  the default  install for  all operating
systems. If  you use  DarrenBSD as  one  of the  systems, call  it
DarrenBSD and not OpenBSD.

And don't  be surprised if nobody  believes you or gives  a shucks
even if you do it right, considering how often you get it worng.

> I'm sure there are cases I've missed.

Hmpf. No argument here.

b&

--
Ben Goren
 mailto:ben_(_at_)_trumpetpower_(_dot_)_com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]