How not to respond to a security advisory

How not to respond to a security advisory
Jason Miller, 2006-01-18

A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.

Expand all | Post comment

How not to respond to a security advisory 2006-01-19
Miles (3 replies)

Re: How not to respond to a security advisory 2006-01-19
Dwight

Re: How not to respond to a security advisory 2006-01-19
Anonymous

Secure levels as a control is too coarse grained 2006-01-19
Anonymous (1 replies)

Re: Secure levels as a control is too coarse grained 2006-01-21
Anonymous

How not to respond to a security advisory 2006-01-19
Anonymous

How not to respond to a security advisory 2006-01-19
Anonymous (1 replies)

Re: How not to respond to a security advisory 2006-01-25
Matthew Murphy

How not to respond to a security advisory 2006-01-19
DS

How not to respond to a security advisory 2006-01-19
Anonymous (2 replies)

Re: How not to respond to a security advisory 2006-01-19
Kelly Martin

Re: How not to respond to a security advisory 2006-01-21
Anonymous

How not to respond to a security advisory 2006-01-19
Anonymous

Linux security contact 2006-01-19
Anonymous

Theo being theo... 2006-01-19
Anonymous (2 replies)

Re: Theo being theo... 2006-01-20
Anonymous

Re: Theo being theo...(Theo is best!) :) 2006-01-23
LinuxUser

What total nonsense. 2006-01-19
Anonymous

How not to respond to a security advisory 2006-01-20
Anonymous (1 replies)

Re: How not to respond to a security advisory 2006-01-26
Anonymous

How not to respond to a security advisory 2006-01-20
Fred Cohen

The OpenBSD people are correct. They are really only a vaneer of security and not a realistic protection mechanism. They are readily defeated by a user who is root regardless of any claims that they would not be, and this cannot be undone because root has access to all of memory and all of the hardware level of the disk. It is better to not have the false sense of security. The real use for these settings is to keep you from accidentally doing something, not from intentionally doing it.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/380/32979#32979

TdR says loud what Linux & FreeBSD assume silently 2006-01-20
Anonymous

How not to respond to a security advisory 2006-01-20
Anonymous (1 replies)

Re: How not to respond to a security advisory 2006-01-23
LinuxUser

How not to respond to a security advisory 2006-01-21
Anonymous (1 replies)

Re: How not to respond to a security advisory 2006-01-24
Anonymous

"Root problem" again 2006-01-24
Alexey Vesnin

How not to respond to a security advisory 2006-01-25
Michael Favinsky (1 replies)

Re: How not to respond to a security advisory 2006-01-25
Anonymous (1 replies)

Re: Re: How not to respond to a security advisory 2006-02-04
Anonymous

this is a non-issue 2006-02-04
Anonymous