Quote:
Originally Posted by allthatiswrong
Which is not limited to ACL's, but also MAC, and other methods of actually locking down the system in the event of an intrusion.
So when you need to run software that has not been audited, and someone breaks in and their is no sufficient way to limit what they can do, this is fine?
|
Quote:
* strlcpy() and strlcat()
* Memory protection purify
o W^X
o .rodata segment
o Guard pages
o Randomized malloc()
o Randomized mmap()
o atexit() and stdio protection
* Privilege separation
* Privilege revocation
* Chroot jailing
* New uids
* ProPolice
* ... and others
|
I didn't know that EVERY OS has such sophisticated security mechanisms built in, not added as a regular package / set of patches ... If that's not sufficient [combined with user knowledge] then what is?
I think you dramatized the whole thing a bit just because OBSD doesn't use these specific mechanisms [i.e ACL, MAC, etc].
Regards