Re: [ossig] A very lengthy article on installing and securing FreeBSD

[Tze-Meng Tan <tmtan@opensos.net>]

On Monday, September 22, 2003, at 02:56 PM, Mukhsein Johari wrote:
> One thing, though. The guy doesn't seem to like linux
> at all. (He likes MS even less.)
lets not get into this "religious" discussion :)

> He even recommends
> NOT enabling linux ABI support - anyone know any
> reasons why?
The Linux compat allows you to run linux binaries ... ie you don't 
compile the code yourself, you download code someone else compiled - so 
you don't know for sure the executable is clean. Security wise running 
"unknown" binaries is a potential weak link in your defence.

And potentially you are adding another set of bugs....linux specific 
bugs which you will not have when running purely FreeBSD.

> I suppose if all the software you're using has native
> bsd ports you won't need it but are there any problems
> linux compat would create for the system?
I've been having my linux compat for years without problems....I call 
it the FreeBSD linux distro :)
Halflife server is one of the linux binaries running nicely on my server
Also if you want stuff like Oracle 9i on your freeBSD machine, this is 
the only way to go.

So far so good...
on the other hand I haven't been the target of a concerted attack :)

In the end, do a risk analysis

if the machine is going to be a firewall, remove all unnecessary stuff 
including linux compat
if it is your desktop, install whatever you want

Cheers

Meng


------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message