[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how secure is OpenBSD 3.5 without patches?



Tyler wrote:

Please forgive me if this sounds like a dumb question, but I was wondering if I can leave the default OpenBSD 3.5 installation alone without patching it and still have peace of mind that I am reasonable secure.

I ask myself that question too, and can only conclude that each situation calls for your own judgment.

The first place to start is:
http://openbsd.org/security.html#35
Which is conveniently linked off off the main openbsd.org page.
Are you running any of the affected services to accept incoming connections from untrusted networks?
Are there untrusted local users who could attempt to exploit the flaws accessible to the local user?


It seems like several people are advising you to accept their binary patches. Not to cast aspersions, but do you know their background and full motivations? Do you know how well secured the servers that are posting their binaries are?

It does seem like a big hassle to learn the routine. As a person starts using OpenBSD for more and more things, I think eventually they have to break down and set up their own source update and make release environment.

- Marsh



Visit your host, monkey.org