Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
How not to respond to a security advisory
Jason Miller, 2006-01-18

A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Secure levels as a control is too coarse grained 2006-01-19
Anonymous
It is way too coarse grained for suitable control. Things that are disabled (at a level 2) still need to be done to online systems. Even at level 1 you have a number of problems.

a. if a filesystem is damaged (hardware failure) you cannot take it out of service for repair/replacement without rebo...

[ more ]  




 

Privacy Statement
Copyright 2008, SecurityFocus