On Mon, Oct 15, 2007 at 09:30:02PM -0500, Aaron wrote:
> The types of machines I will be running (...) I run pf [on my
> workstation] and only allow pass out w/return traffic allowed, no
> services at all) will be single or dual purpose servers.. i.e. http,
> smtp, imap etc, not machines that are running X and all my fav ports
> (...) I don't allow remote logins even via ssh except for the local
> networks, I always have a firewall in front of my public servers with
> rate limits (...) and I had decided a while back i was going to forgo
> (...) the latest and greatest versions of software, due to
> simplicity/security's sake.
Sounds pretty good.
> (...) [I] _know_ I would
> had a fit trying to get systrace policies set up, if not worse thinking i
> had them set up right and figuring out later they weren't and i had in fact
> lessened the security by putting all my trust in that system, at least at
> this point in my experience.
This is a common response from OpenBSD fans when confronted with SELinux
and the like.
> From what I have comprehended both
> [systrace and securelevels] still need to have someone that has gained
> root on the box (not that my understanding might not be flawed), which
> is one of the things that OpenBSD strives to disallow.
Unless I am sorely mistaken, systrace can be broken by any user with
enough priviliges to run two processes.
I'm not really aware of any non-root problem with securelevels, but
since securelevels are almost entirely about restricting root (and not
other users - an ordinary user wouldn't notice the difference), this is
Joachim
--
PotD: x11/gnome/utils - GNOME utility programs
