Subject: Re: Preventative security features?
To: None <tech-security@netbsd.org>
From: Dmitri Nikulin <setagllib@optusnet.com.au>
List: tech-security
Date: 11/14/2004 10:42:39
Tim Kelly wrote:
>On Sat, 13 Nov 2004 20:29:12 +1100
>Dmitri Nikulin <setagllib@optusnet.com.au> wrote:
>
>
>
>>Judeo-Christians
>>
>>
>
>These are mutually exclusive ideologies; it's a shame few people grasp
>this (I know you were being facetious).
>
>tim :-)
>
>
>
But don't they both believe in God? That's kinda the point of the
phrase, to get a whole scope of monotheists. Or something.
Anyway that doesn't really matter :)
> Yes, it is fed into the system entropy pool.
Good, I was hoping NetBSD did it Right. Linux and (when you get the
out-of-tree-driver) FreeBSD just have it as a character device and a
userland daemon has to feed the pool from that. Terrible
misunderstanding of the point of the device.
> NetBSD's method was given high praise.
Weird, maybe nmap's algorithms just aren't right for this kind of thing.
I'm much more willing to believe nmap is broken than NetBSD. I mean,
nmap has flags to output everything in 13375p33k, it's hard to take that
seriously. I just happen to use it as an example so often since I don't
know any decent alternative.
Okay, features that still make sense after all discussion:
-Blackholing (even if only to save packet filtering efforts)
-User/pid walling (so is this actually PR'd by someone else already?)
-TTY snooping
> While security is always important, I admire (and learn greatly from)
NetBSD's clarity of code so I'd object to any attempts to reconcile
OpenBSD coding practices with NetBSD's at the expense of that clarity.
Who said anything about adopting coding practices? Some features are
good, but adopting code isn't the way. Absolutely right, NetBSD is
regarded as the single cleanest (code-wise and use-wise) free operating
system available, from which a lot can be learnt. Why exactly
universities insist on explaining Linux code is baffling.