[nycbug-talk] BSD Chapter in HLE
nycbug at cyth.net
Fri Sep 15 17:58:31 EDT 2006
On Fri, Sep 15, 2006 at 01:58:37PM -0400, George R. wrote:
> and add in ports/pkg_src, etc. . . checksum checks. . .
systrace can be used during ports builds to contain trojaned sources.
> > - PAM
> do all have PAM support now?
> > - /etc/ssh/sshd_config
> question of root enabled by default, although I think this has changed
> now with obsd.
Nope, still enabled.
> > Securing Applications
> > - jail (sysjail)
> jails, yes, but is sysjail anywhere yet?
> and chroot?
chroot and dropping privileges is important. root can break out of a
chroot, so you must change to an unprivileged user. Additionally,
OpenBSD creates new users and groups for each privilege-revoking
program, so one cannot another.
> tcp-wrappers. . .
I think packet filters have largely replaced tcp-wrappers.
More information about the talk