[Gloucs] February's Presentation - this Tuesday
William Roe
gloucs at mailman.lug.org.uk
Mon Feb 24 20:07:01 2003
On Monday, Feb 24, 2003, at 19:03 Europe/London, Guy Edwards wrote:
> On Mon, 2003-02-24 at 18:50, Mark wrote:
>>
>>> What about OpenBSD, they audit their code for security bugs
>>> regularly,
>>> so they fix them before they become a problem. They call this
>>> 'proactive'
>>
>> I'd Love to not chuckle there Will but If I had anywhere near the
>> authority to release the BSD kernel code vuln's then I would bring
>> them
>> tomorrow,however thats a matter for the PHC to release... look out for
>> it in the next 6 months. along with a number of other turns at ring-0
>> exploits.
>
> (For people that don't have enough time to google
> PHC = Phrack High Council
> ring-0 = full access to the computers resources)
>
> Aren't there always undisclosed vulnerabilities waiting to be patched
> and announced though? I seem to remember all the Linux Vendors getting
> very upset when Redhat accidentally released a patch early that was
> supposed to be kept quiet in co-operation with all the other
> distribution vendors for a set release date.
Seems I would side with Red Hat there as opposed to keeping things
quiet and letting people use insecure software. Grrr!
>
> Also, I thought the OpenBSD guys were the ones that did a massive (long
> term) code freeze just to look for and fix potential security
> vulnerabilities and ended up with one of the most secure lumps of code
> there is?
They do it regularly as I referred to. I cannot seriously believe that
Linux is
more secure than, well, any BSD (I don't count OS X there, *cough*)
Will
>
> Guy
>
>
>
>
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
>