-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 20 Jan 2002, Matthew S. Hallacy wrote:

> On Fri, Jan 18, 2002 at 04:30:04PM -0600, Joshua b. Jore wrote:
>
> > I wouldn't go to Linux for security. I guess it's the exploit of the week
> > thing on Linux apps in bugtraq that has me spooked. Then again I'm
> > paranoid and run OpenBSD for a secure platform.
>
> Your system is only as secure as you make it, these aren't *linux* exploits,
> they're exploits for programs that run on any UNIX platform.

I mis-spoke. When I said 'Linux exploits', I should have said 'exploits
and vunerabilities in applications that are frequently found in popular
Linux/GNU system distributions'. So roughly, the propensity of Slackware,
Debian, Red Hat, Mandrake, whatever to include software that turns up with
exploitable bugs in bugtraq. Obviously many of these bugs are not
exploitable on most machines but the sheer effort in keeping track of them
and what applications (Debian does much better here than others) of which
versions is non-trivial. It's the effect of a too-helpful installer which
includes three different editors and a GUI widget twirler. It's fun for
hobbyists (I count myself there) but a headache in other contexts. That
said, it is certainly possible and not too difficult to strip down Linux
or any other OS down to where it's in a known state and it's security can
be managed. Perhaps I'm just still having an allergic reaction to Mandrake
and it's pretensions to being a server OS.

Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8S7rlfexLsowstzcRAvwkAKDuPveO1JByplYhjrkvzlvfR+D7fgCguzpF
lD5B8uSeFQOQbwYziV+9UBY=
=K+Hj
-----END PGP SIGNATURE-----