|
NetBSD Security Securing NetBSD. |
|
Thread Tools | Display Modes |
|
||||
This happened to OpenBSD in February of 2007...note the dates:
# 2007-02-21: Core sends draft advisory and proof of concept code that demonstrates remote kernel panic. # 2007-02-26: OpenBSD team develops a fix and commits it to the HEAD branch of source tree. And later on Core managed to upgrade the bug to "arbitrary code" vulnerability: # 2007-03-05: Core develops proof of concept code that demonstrates remote code execution in the kernel context by exploiting the mbuf overflow. # 2007-03-07: OpenBSD team commits fix to OpenBSD 4.0 and 3.9 source tree branches and releases a "reliability fix" notice on the project's website. http://www.coresecurity.com/content/open-bsd-advisorie |
|
||||
Quote:
When FreeBSD or NetBSD have a security issue to fix, they can commit it whenever they need to, and notify all listeners to update their systems. The whole process could take ${time to fix bug} + 5 minutes. This is the advantage of near-total control over your distributions source. Fedora on the other hand can report the issue to the maintainer and wait for a fix, optionally committing one or more of their programmers to help fix it (not likely for most rpm). Then wait on that patch to be included by the upstream maintainer (Linux kernel, Samba, etc), and push it out to all listeners. The whole process could take ${time to report bug} + ${time for upstream to fix bug} + ${time for fedora maintainers to notice bug fix} + ${time to make new RPM}. This is the disadvantage that your product is made up largely of other peoples products. Stuff in the ports collection works the same way as Fedora. In the case of Debian folk, the process may look more like: Ugh, bug. Fix it -> maybe tell upstream -> give all users own patched version of code -> upstream tells us we created 5 more bugs and have brain damage. No offense to other Debs . If you don't like compiliation from source, you will want
If you just don't like the time it takes to compile stuff from source, buy a faster computer. If you think that's stupid, let me point a finger to a box across the room that has a 500Mhz CPU and note it compiles a hell of a lot slower than the multiple multi-core Xeon processors the build box at work uses for compiles.
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
||||
If you find one, let me know!
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
Well, right now Fedora 14 has been out for quite a while.
When I install Fedora 14 right now and update it it has 850+ updates. Software is also updated very regularly (not that much at once, of course, but as far as how long it takes before a few pieces of software come up as needing updating, it usually takes 2 or 3 days). When I had NetBSD installed, I just let the vulnerable packages be installed and waited for at least 3 days and nothing had changed except one update to Python, which still left it with a vulnerability. That seems like a very dramatic difference in response, to me. |
|
||||
@c_moriarty
Re-Read the entire post, the answer you're looking for is out there && if you were just re-stating what you have already asked about and the honourable users/admins answered you, then I do not know what the heck I can say about that :P |
|
||||
Quote:
Search CERT for vulnerabilities. I just did, and here are the numbers: Vulnerability warnings: OpenBSD - 295 Solaris - 306 NetBSD - 319 FreeBSD - 389 Mac OS X - 397 Windows - 1110 Linux - 1400 Or perhaps the National Vulnerability Database: OpenBSD - 165 NetBSD - 186 FreeBSD - 432 Solaris - 680 Mac OS X - 1450 Windows - 2600 Linux - 3462 Which one looks better now? |
|
|||
Quote:
Last edited by ocicat; 7th March 2011 at 03:31 AM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Cannot copy large files to Flash Drive | sharris | FreeBSD General | 6 | 30th July 2010 09:57 AM |
Have problem transfer large file bigger 1GB | bsdme2 | FreeBSD General | 9 | 14th January 2009 05:49 AM |
Large MFS filesystems | jggimi | Guides | 2 | 26th October 2008 05:17 PM |
mirror device detached on large file copy | lil_elvis2000 | FreeBSD General | 24 | 27th June 2008 02:56 PM |
FreeBSD 7.0 Writing large amount to USB Disc cause kernel panic | pvree | FreeBSD General | 1 | 13th June 2008 02:50 AM |