Linked by Eugenia Loli on Thu 23rd Jun 2005 18:11 UTC
Original OSNews Interviews One of my popular articles shortly after I joined OSNews in 2001 proved to be "the big *BSD interview" and so it is only appropriate to end my serving at OSNews with a similar theme. Today we are very happy to host a Q&A with well-known FreeBSD developers John Baldwin, Robert Watson and Scott Long. We discuss about FreeBSD 6 and its new features, the competition, TrustedBSD, Darwin etc.
Permalink for comment
To read all comments associated with this story, please click here.
RE: RE: let's wait and see...
by Anonymous on Thu 23rd Jun 2005 19:49 UTC

> Does anybody know what's the benefit of these countless new security "features"?

"As an end user, or even as an advanced user you really do not use them a lot, the basic unix security is usually Good Enough(tm).
However, for bastion hosts, and the paranoid sysadmins (no, wait, *every* sysadmin is paranoid ;) they provide good entertainment. I guess they have much more sense in really big setups (e.g.: hosting providers) or really small black boxes."

Then it probably won't provide more security in the end. Few of last year's OpenBSD security "problems" were really exploitable in practice. The same isn't true for vulnerabilities found in FreeBSD. On the other side, even in OpenBSD's heavily audited code a vulnerability in the "sudo" tool was found - so I suspect that all these new security "features" in FreeBSD will introduce more vulnerabilities than they fix. In my opinion, good security "features" should be as simple as possible and they should be enabled in the default configuration, without requiring any user interaction. This prevents the user from introducing new holes by misconfiguration.

FreeBSD now has jails, chroot, ACLs, MACs, CAPP, OpenBSM, FLASK/TE, blablabla - this sounds way too confusing for average users in my opinion.