"TrustedBSD" addons
Colin Percival
colin.percival at wadham.ox.ac.uk
Tue Jun 29 11:43:10 PDT 2004
At 10:28 29/06/2004, Kevin Lyons wrote:
>I was reading with some surprise that some of the MAC and other "addons" from trusted bsd are to be incorporated.
>
>I can already see the security advisories for these things like we've had for tcpwrapper, kerberos, heimdal, jail, openssl, etcetera ad infinitum.
It's worth noting that some of these advisories are rather esoteric.
For example, FreeBSD-SA-04:09.kadmind doesn't affect any binary
installations of FreeBSD, since it requires that both Kerberos 4 and
Kerberos 5 are built.
Meanwhile, despite having two security issues with jails (issues
which weakened jails, but did not allow any privilege beyond that of
an un-jailed user), there was one advisory (FreeBSD-SA-04:06.ipv6)
for which jails (in their default configuration) were a specific
workaround.
Colin Percival
More information about the freebsd-chat
mailing list