-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 20 Jan 2002, Matthew S. Hallacy wrote: > On Fri, Jan 18, 2002 at 04:30:04PM -0600, Joshua b. Jore wrote: > > > I wouldn't go to Linux for security. I guess it's the exploit of the week > > thing on Linux apps in bugtraq that has me spooked. Then again I'm > > paranoid and run OpenBSD for a secure platform. > > Your system is only as secure as you make it, these aren't *linux* exploits, > they're exploits for programs that run on any UNIX platform. I mis-spoke. When I said 'Linux exploits', I should have said 'exploits and vunerabilities in applications that are frequently found in popular Linux/GNU system distributions'. So roughly, the propensity of Slackware, Debian, Red Hat, Mandrake, whatever to include software that turns up with exploitable bugs in bugtraq. Obviously many of these bugs are not exploitable on most machines but the sheer effort in keeping track of them and what applications (Debian does much better here than others) of which versions is non-trivial. It's the effect of a too-helpful installer which includes three different editors and a GUI widget twirler. It's fun for hobbyists (I count myself there) but a headache in other contexts. That said, it is certainly possible and not too difficult to strip down Linux or any other OS down to where it's in a known state and it's security can be managed. Perhaps I'm just still having an allergic reaction to Mandrake and it's pretensions to being a server OS. Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE8S7rlfexLsowstzcRAvwkAKDuPveO1JByplYhjrkvzlvfR+D7fgCguzpF lD5B8uSeFQOQbwYziV+9UBY= =K+Hj -----END PGP SIGNATURE-----