[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: assimilating OpenBSD

On Tue, Feb 06, 2001 at 04:12:35PM -0600, Nathan E Norman wrote:
> On Tue, Feb 06, 2001 at 11:06:50PM +0100, Andreas Schuldei wrote:
> > * Hamish Moffatt (hamish@debian.org) [010206 23:02]:
> > > Is it still Debian if you replace the user space tools?
> > > Maybe so, but it's not something I would ever use.
> > 
> > Wait untill you build a firewall...
> So it's your contention that debian is not suited for building
> firewalls?  Care to back up this assertion with facts, or are you
> basing it on suppositions?

	I've made this point before, but debian comes installed with 3 very 
unneeded services installed by default:

	1) portmap
	2) mountd
	3) lpd

	These are well known security holes on any unix machine. If you want
debian secure 'out of hte box' then this stuff has to go. I think rpc.statd 
is running as well. The whole RPC/NFS suite needs to go for default 

> I will agree with you if you say "the debian (and in fact GNU/Linux)
> core has not been audited to the same degree that OpenBSD has".  I
> would suggest, though, that the "right" solution is to form an audit
> team to perform this audit ... that makes all of debian better and
> improves GNU/Linux as well.

	I'd like to see a group fo people stand up, but I would honestly 
have a hard time believing that a security audit team that's as skilled as 
the OpenBSD guys would be able to form and stay on task.

	Plus, there are TONS of GNU software tools, even more if you include 
GPL'd tools in debian. OpenBSD wins it's claims by keeping the distribution 
light from default install... which is why it's best geared towards a 

Erik Hollensbe <erik@powells.com>
Programmer, Powells Internet Division
"You can't depend on your eyes when your imagination is out of focus."
- Mark Twain

Reply to: