[nycbug-talk] BSD Chapter in HLE

Ray Lai nycbug at cyth.net
Fri Sep 15 17:58:31 EDT 2006


On Fri, Sep 15, 2006 at 01:58:37PM -0400, George R. wrote:
> and add in ports/pkg_src, etc. . . checksum checks. . .

systrace can be used during ports builds to contain trojaned sources.

> >  	- PAM
> 
> do all have PAM support now?

Not OpenBSD.

> >  	- /etc/ssh/sshd_config
> 
> question of root enabled by default, although I think this has changed
> now with obsd.

Nope, still enabled.

> > Securing Applications
> >  	- jail (sysjail)
> 
> jails, yes, but is sysjail anywhere yet?
> 
> and chroot?

chroot and dropping privileges is important.  root can break out of a
chroot, so you must change to an unprivileged user.  Additionally,
OpenBSD creates new users and groups for each privilege-revoking
program, so one cannot another.

> tcp-wrappers. . .

I think packet filters have largely replaced tcp-wrappers.

-Ray-



More information about the talk mailing list