How not to respond to a security advisory

How not to respond to a security advisory
Jason Miller, 2006-01-18

A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.

How not to respond to a security advisory 2006-01-20
Fred Cohen

The OpenBSD people are correct. They are really only a vaneer of security and not a realistic protection mechanism. They are readily defeated by a user who is root regardless of any claims that they would not be, and this cannot be undone because root has access to all of memory and all of the hardw...

[ more ]