Firewall Wizards mailing list archives
Re: chroot useful?
From: Anton J Aylward <anton () toronto com>
Date: Mon, 17 Nov 1997 06:52:54 -0500
At 11:38 AM 17/11/97 +1100, Darren Reed wrote: ## Reply Start ##
In some mail I received from Anton J Aylward, sie wroteAt 07:12 PM 16/11/97 +1100, Darren Reed wrote: ## Reply Start ##[...mjr's email deleted...] So, how many firewalls out there implemented with any of the common operating systems (be they free or commercial) actually do this ?Why not ask them. Many claim to run "hardened" versions of BSD or LINUX. Vulnerabilites and exploits are well publicized, and many of the developers read these lists. I doubt many are going to be so arrogant as to take a NIH approach to something Marcus has contributed to the state of the technology ;-)Well, the majority of the firewall market doesn't run on a "hardened" version of the OS because that's not what FW-1 uses.
Interesting logic and interesting way of expressing it. I've just thumbed thru some literature in my filing cabinet, such as it is, and yes, the first vendor I looked at, BorderWare, claims to use a hardened kernel. We can throw this back and forward like a shuttlecock, "A does", "B doesn't" ..... but its like a mathematical proof. That ONE does means that one or more HAS made kernel changes. Now actually Borderware has a user interface that hides the OS from the end user very effectively - too effectively I've heard some people say. The users don't have to know how to hack the kernel. It applied when I first used UNIX back in '78 (when I was on the way to becoming a kernel maintenance programmer) and it applies today. /anton ## Reply End ## -------------------------------------------------------------------------- Anton J Aylward | "Quality refers to the extent to which The Strahn & Strachan Group Inc | processes, products, services, and Information Security Consultants | relationships are free from defects, Voice: (416) 421-8182 | constraints and items which do not add Fax: (416) 421-8183 | value." - Dr. Mildred G Pryor, 1995
Current thread:
- Hardening, (was Re: chroot useful?), (continued)
- Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 20)
- Re: Hardening, (was Re: chroot useful?) Paul D. Robertson (Nov 21)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Marcus J. Ranum (Nov 16)
- Re: chroot useful? Wolfgang Ley (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Aleph One (Nov 17)
- syscall wrappers (was Re: chroot useful?) Bennett Todd (Nov 17)
- Re: syscall wrappers (was Re: chroot useful?) George Ross (Nov 20)
- RE: chroot useful? Y. W. Ko (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 17)
- Re: chroot useful? Darren Reed (Nov 20)
- Firewalling DCOM and brethren David C Niemi (Nov 21)
- Re: Firewalling DCOM and brethren Magossa'nyi A'rpa'd (Nov 21)
- Re: chroot useful? Darren Reed (Nov 20)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? chuck yerkes (Nov 21)