Being a genuine novice wrt OpenBSD, I am not overly qualified to pass judgement here. However, I read pretty much everything that is posted to misc@ and have read every one of Dave's troll-like rants, for the last couple of months. Sorry Dave, but from here you appear to be either a troll, an M$ employee or even more of a novice than I.
I would like to offer you some genuine advice: Go out and buy "Absolute OpenBSD: UNIX for the Practical Paranoid" By Michael Lucas - ISBN: 1886411999 (if you don't already own it) and before you do anything else, read chapter 1, particularly page 17. I apologise if I cause offence by posting this, but it has been really getting on my nerves. Regards Craig On Sun, 2006-02-05 at 08:09 -0500, Dave Feustel wrote: > OpenBSD's handling of file permissions needs work. > > Good security practice requires that root's default permission > set by umask should be 077. But setting root's umask to this > value breaks the package install mechanism since all files > installed by root with umask 077 are unavailable to users. > > Also, all x11 and kde sockets are created with permissions up to and > including 777 that can be restricted with no loss of functionality. I now > routinely chmod all sockets in /tmp and $TMPDIR to 600 immediately > upon starting up kde and have seen no errors generated by this. > > The problem with insecure [tp]ty allocation in kde is still not fixed > as far as I know, although I see a new kdelibs in errata. > (this problem occurs only in OpenBSD so far as I know), > > It might also be a good idea to run pf by default with the > rule "block all in" to prevent intruders taking advantage of undiagnosed > security problems in kde or x11. ALL of my strange problems with kde > have ceased since I started running pf with this rule. > > Having said this, I would like to add that OpenBSD looks better > than ever to me now and I recommend it highly to people I talk to. > OpenBSD is the Rock upon which I build everything else. > > Dave Feustel
