[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Disabling Root Access

To: "David S." <dgjs@acm.org>
Subject: Re: Disabling Root Access
From: Chuck Yerkes <chuck@snew.com>
Date: Sun, 27 May 2001 18:56:21 -0700
Cc: Oliver Bode <olibode@optushome.com.au>, misc@openbsd.org
Content-Disposition: inline
References: <Pine.BSO.4.33.0105262205080.29910-100000@lucifer.velosystems.net> <002501c0e66f$8a84ef20$0200a8c0@mckinn.vic.optushome.com.au> <20010527005158.I19424@goldfinger.dgs.phony>
User-Agent: Mutt/1.2.5i

Quoting David S. (dgjs@acm.org):
> On Sun, May 27, 2001 at 03:40:30PM +1000, Oliver Bode wrote:
> > The idea is to strive to get it right before doing it. When it goes wrong I
> > can live with that and learn my lesson. I'd aim for it to have a lifespan of
> > three to five years - everything has some sort of a lifespan.
> 
> You don't have a snowball's chance in hell of keeping it running 
> unattended for three years.

I've had one box, and internal Ultrix box, behind the firewall,
that was up for that kind of time.  We regularly patched the userland
software that it was running, we did everything but reboot it.

Would you really want a secure machine running at 3 year old
standards?

Also, if it's a firewall, let it be a firewall.  If it's
living/breathing OpenSSL, which does and will get updated,
make it that general purpose machine.  And don't dare think
that you don't want IPFilter 4.1 or OpenBSD's 2.14 kernel,
let alone OpenSSL 1.x.

References:
- Re: Disabling Root Access
  - From: Steve Wingate <steve@velosystems.net>
- Re: Disabling Root Access
  - From: "Oliver Bode" <olibode@optushome.com.au>
- Re: Disabling Root Access
  - From: "David S." <dgjs@acm.org>

Prev by Date: Re: Not a bug but features
Next by Date: Re: sendmail problems
Prev by thread: Re: Disabling Root Access
Next by thread: RE: ChickenEgg: XF4 needs Tk, Tk needs X libs (Building from Source) - not quite solved
Index(es):
- Date
- Thread