On Sat, Oct 30, 1999 at 10:44:54AM -0400, Paul McHale wrote: > This was my mistake. There is a link on the openBSD site to "ports". This > link is to the xBSD general repository which I mistakenly thought was the > openBSD repository. The ProFTP program is part of the general repository. > Sorry for the confusion. That's probably the OpenBSD specific ports you're referring to. The security status of them is a little hazy to me, since I haven't seen anything which states they've been audited for security like the base OpenBSD has, but I can't say for sure they haven't been, either. > I also assume this means that openBSD is more secured as long as what you > need comes with openBSD as part of their closer reviewed distribution. > Installing anything else would presumably cause the same bugs under openBSD > as it would under freeBSD. This is true, your security will only be as strong as the weakest software you have running... OpenBSD actually comes with an FTP daemon (which is used as the basic ftpd for Debian, it used to be part of the netbase package), I don't think it's as feature-filled as ProFTPD, but it's presumably a lot more secure. > openBSD code review must have been quite an impressive effort to say the > least... I think it took them about 1.5-2 years all up, with the majority of the problems being found and fixed in the first 6 months. Very impressive indeed, I think they have a claim to "no remote root exploits" since the audit now. -- [ Matthew Gregan ] [ GPG ID: B63A1E95 ] [ kinetik@ihug.co.nz ] [ GPG fingerprint: FB83 2911 F170 B31C 9E4A E382 CA8A A2F6 B63A 1E95 ]
Attachment:
pgpMyXg64waSB.pgp
Description: PGP signature