[nycbug-talk] BSD Chapter in HLE
Ray Lai
nycbug at cyth.net
Fri Sep 15 17:58:31 EDT 2006
On Fri, Sep 15, 2006 at 01:58:37PM -0400, George R. wrote:
> and add in ports/pkg_src, etc. . . checksum checks. . .
systrace can be used during ports builds to contain trojaned sources.
> > - PAM
>
> do all have PAM support now?
Not OpenBSD.
> > - /etc/ssh/sshd_config
>
> question of root enabled by default, although I think this has changed
> now with obsd.
Nope, still enabled.
> > Securing Applications
> > - jail (sysjail)
>
> jails, yes, but is sysjail anywhere yet?
>
> and chroot?
chroot and dropping privileges is important. root can break out of a
chroot, so you must change to an unprivileged user. Additionally,
OpenBSD creates new users and groups for each privilege-revoking
program, so one cannot another.
> tcp-wrappers. . .
I think packet filters have largely replaced tcp-wrappers.
-Ray-
More information about the talk
mailing list