Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
How not to respond to a security advisory
Jason Miller, 2006-01-18

A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.

Comments Mode:
How not to respond to a security advisory 2006-01-19
Miles (3 replies)
Re: How not to respond to a security advisory 2006-01-19
Dwight
Re: How not to respond to a security advisory 2006-01-19
Anonymous
Secure levels as a control is too coarse grained 2006-01-19
Anonymous (1 replies)
Re: Secure levels as a control is too coarse grained 2006-01-21
Anonymous
How not to respond to a security advisory 2006-01-19
Anonymous
How not to respond to a security advisory 2006-01-19
Anonymous (1 replies)
Re: How not to respond to a security advisory 2006-01-25
Matthew Murphy
How not to respond to a security advisory 2006-01-19
DS
How not to respond to a security advisory 2006-01-19
Anonymous (2 replies)
Re: How not to respond to a security advisory 2006-01-19
Kelly Martin
Re: How not to respond to a security advisory 2006-01-21
Anonymous
How not to respond to a security advisory 2006-01-19
Anonymous
Linux security contact 2006-01-19
Anonymous
Theo being theo... 2006-01-19
Anonymous (2 replies)
Re: Theo being theo... 2006-01-20
Anonymous
Re: Theo being theo...(Theo is best!) :) 2006-01-23
LinuxUser
What total nonsense. 2006-01-19
Anonymous
How not to respond to a security advisory 2006-01-20
Anonymous (1 replies)
Re: How not to respond to a security advisory 2006-01-26
Anonymous
How not to respond to a security advisory 2006-01-20
Fred Cohen
TdR says loud what Linux & FreeBSD assume silently 2006-01-20
Anonymous
How not to respond to a security advisory 2006-01-20
Anonymous (1 replies)
Re: How not to respond to a security advisory 2006-01-23
LinuxUser
How not to respond to a security advisory 2006-01-21
Anonymous (1 replies)
Re: How not to respond to a security advisory 2006-01-24
Anonymous
"Root problem" again 2006-01-24
Alexey Vesnin
Again and again.... Root, who can do everything, he is not a problem. Dumb sysadmin who have it's privileges it's a problem - not root user itself. You MUST have such user in system to do alot of job often violating common policies... Securelevels always were a question of taste, no more. System kernel can be buggy ITSELF(like Linux) or not(like xBSD) - and do you need it to treat iss callbacks in some way of restrictions - it's YOUR task, to use it or not. If you're running self-sanity-checking code, you don't need SecureLevels at all - the system is good by default. If you're running buggy code on a production server and trying to "turn on extra security" via SecureLevels - go home, take a beer and RTFM. IMHO, just IMHO.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/380/33014#33014
How not to respond to a security advisory 2006-01-25
Michael Favinsky (1 replies)
Re: How not to respond to a security advisory 2006-01-25
Anonymous (1 replies)
Re: Re: How not to respond to a security advisory 2006-02-04
Anonymous
this is a non-issue 2006-02-04
Anonymous







 

Privacy Statement
Copyright 2008, SecurityFocus