[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how secure is OpenBSD 3.5 without patches?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: how secure is OpenBSD 3.5 without patches?
From: "Marsh J. Ray" <marsh_(_dot_)_lists_(_dot_)_openbsd_(_dot_)_org_(_at_)_mysteray_(_dot_)_com>
Date: Sat, 26 Jun 2004 15:51:08 -0400
Cc: Tyler <milamt_(_at_)_cox_(_dot_)_net>

Tyler wrote:

Please forgive me if this sounds like a dumb question, but I was wondering if I can leave the default OpenBSD 3.5 installation alone without patching it and still have peace of mind that I am reasonable secure.

I ask myself that question too, and can only conclude that each situation calls for your own judgment.

The first place to start is: http://openbsd.org/security.html#35 Which is conveniently linked off off the main openbsd.org page. Are you running any of the affected services to accept incoming connections from untrusted networks? Are there untrusted local users who could attempt to exploit the flaws accessible to the local user?

It seems like several people are advising you to accept their binary patches. Not to cast aspersions, but do you know their background and full motivations? Do you know how well secured the servers that are posting their binaries are?

It does seem like a big hassle to learn the routine. As a person starts using OpenBSD for more and more things, I think eventually they have to break down and set up their own source update and make release environment.

- Marsh

References:
- how secure is OpenBSD 3.5 without patches?
  - From: Tyler

Prev by Date: Speed issues and PF - part 2.
Next by Date: Controlling use of root instance (3.5 i386, Kerberos 5)
Previous by thread: Re: how secure is OpenBSD 3.5 without patches?
Next by thread: Re: how secure is OpenBSD 3.5 without patches?
Index(es):
- Date
- Thread

Visit your host, monkey.org