[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how secure is OpenBSD 3.5 without patches?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: how secure is OpenBSD 3.5 without patches?
- From: "Marsh J. Ray" <marsh_(_dot_)_lists_(_dot_)_openbsd_(_dot_)_org_(_at_)_mysteray_(_dot_)_com>
- Date: Sat, 26 Jun 2004 15:51:08 -0400
- Cc: Tyler <milamt_(_at_)_cox_(_dot_)_net>
Please forgive me if this sounds like a dumb question, but I was wondering if
I can leave the default OpenBSD 3.5 installation alone without patching it
and still have peace of mind that I am reasonable secure.I ask myself that question too, and can only conclude that each
situation calls for your own judgment.
The first place to start is:
Which is conveniently linked off off the main openbsd.org page.
Are you running any of the affected services to accept incoming
connections from untrusted networks?
Are there untrusted local users who could attempt to exploit the flaws
accessible to the local user?
It seems like several people are advising you to accept their binary
patches. Not to cast aspersions, but do you know their background and
full motivations? Do you know how well secured the servers that are
posting their binaries are?
It does seem like a big hassle to learn the routine. As a person starts
using OpenBSD for more and more things, I think eventually they have to
break down and set up their own source update and make release environment.