[PLUG] Sendmail Vulnerability

Randal L. Schwartz merlyn at stonehenge.com
Mon Mar 3 14:31:02 UTC 2003


>>>>> "Paul" == Paul Mullen <pem at nellump.net> writes:

Paul> On Mon, Mar 03, 2003 at 01:55:29PM -0800, Randal L. Schwartz wrote:
>> 
>> And OpenBSD instead of Linux.  Very Important.

Paul> Would you care to elaborate? I'd hate to see someone cry "troll!" :-)

Not a troll.  After looking carefully and consulting with others,
I'm running openbsd on stonehenge.com because I want to sleep at night.

Linux has a large installed base.  This makes it a prime target for
scriptkiddy hackers, because an exploit will work on so many more
computers.  OpenBSD has a much smaller installed base, making it a
lower target.

OpenBSD also has an intense focus on source-level peer review of every
line of core installed code.  Linux can't afford that level of review,
because it has to appeal to a broader audience with more features
sooner, and more developers contributing.  In essence, its success
strangles it.

In the four years since OpenBSD's initial release, there's been only
*one* remote root exploit, and that was in OpenSSL code that was
incorporated wholesale into OpenBSD, and also affected Linux and other
Unix distros.

The track record matches the announced intentions.  OpenBSD is about
security, and that gives me peace of mind.

Please note that this is OpenBSD specifically, and not FreeBSD or
NetBSD.  I make no claims for the other families.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!




More information about the PLUG mailing list