On Sat, Feb 14, 2004 at 08:37:36PM +0000, Andrew Suffield wrote: > > Ok, let me see, in woody: > > > > 1) exim listens to all remote ports, is installed as the default MTA and > > run by inetd > > Can't remember any remote root holes in exim. [...] You seem to have missed my point, I did not said that our default install was less "secure" than OpenBSD's but more bloated. In fact, you have not demonstrated that this is not the case. And you probably agree with me that even if some services have not had remote buffer overflow vulnerabilities for some time it does not mean that they will not have them in the future, either because they had been overlooked or because a new version/change introduces them. Still, from what I said, OpenBSD ships with those default "silly" inetd services + OpenSSH which is less risky than our default inetd+some RPC services+mail server+OpenSSH+printer server in woody. Leaving remote buffer overflows aside this means there is a potential for these services to be left unconfigured/misconfigured either because of the user or a package bug. Consider the case of having a default install which leaves an open relay mail server because there was some error in the package that nobody noticed. That is less likely to happen in OpenBSD. Regards Javi
Attachment:
signature.asc
Description: Digital signature