Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 37628....Is it just another port or out of the extra ordinary???

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 26 Jul 2004 17:20:01 -0400 (EDT)

pet peeve here also; for opposing reasons;

vendors toss too much crap into kernels and build too many modules. if
parts of the kernel/OS are even built as modules.  This leave kernels and
the systems they run on far to open to exploits of sub devices and parts
of the kernel structure.  Knowing how to build a tight and efficient
lernel with only those services one needs and those modules that one will
use is a requirement for effective security, on both gateway and
multi-user systems.the word 'trust' should leave a bad taste in the mouth
of anyone that uses the term in a security contexxt, even if applied
towards the vendor.

Thanks,

Ron DuFresne

On Mon, 26 Jul 2004, Mark Tinberg wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 23 Jul 2004, Victor Williams wrote:


5.  A custom kernel is always a better idea vs blindly trusting what
others have compiled or let leak into theirs.  I compile custom kernels
for any Linux machine (serving internet content/services or not),
regardless of the function.


This attitude is a pet peeve of mine.  Why do people assume that because
they _can_ build a kernel for themselves that they must naturally be
better at it then the people at RedHat, SuSE/Novell or Debian who live,
sleep, eat and breathe the kernel all day long.  I think that it is as
much about blindly throwing away all of the work that people who maintain
production quality kernels do as it is about trusting their work.  Another
way to put this is, in what is your trust in the vanilla kernel sources,
or your builds, based?  Hopefully not blind trust 8^)

- -- 
Mark Tinberg <MTinberg () securepipe com>
Staff Engineer, SecurePipe Inc.
Key fingerprint = FAEF 15E4 FEB3 08E8 66D5  A1A1 16EE C5E4 E523 6C67
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFBBVhBFu7F5OUjbGcRAg9ZAJ0SdeTOytryMxd7Rbg/QydeiEZ9fACeJMEE
y09h92D5AaB9dAwhxSAkN4w=
=AJW0
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: