| 1 |
Am Samstag, 15. Dezember 2012, 17:43:05 schrieb Kevin Chadwick: |
| 2 |
> On Sat, 15 Dec 2012 11:18:25 +0100 |
| 3 |
> |
| 4 |
> Volker Armin Hemmann <volkerarmin@××××××××××.com> wrote: |
| 5 |
> > > It should be moving in the other direction for stability reasons and |
| 6 |
> > > busybox is no full answer. |
| 7 |
> > > |
| 8 |
> > > On OpenBSD which has the benefit of userland being part of it. All |
| 9 |
> > > the critical single user binaries are in root and built statically |
| 10 |
> > > as much as possible, maximising system reliability no matter the |
| 11 |
> > > custom requirements or packages. |
| 12 |
> > |
| 13 |
> > until a flaw is found in one of the libs used and all those |
| 14 |
> > statically linked binaries are in danger. Well done! |
| 15 |
> |
| 16 |
> How unlikely and is why you have test systems. |
| 17 |
|
| 18 |
wow, so how many vulnerabilities have you found with your test systems? Just a |
| 19 |
question. And how do they help mitigate the problem? Really? Having lots of |
| 20 |
test systems help you in which way if there is a root exploit in some lib that |
| 21 |
was wisely statically linked into half of your installed apps? Please explain. |
| 22 |
Without bullshit this time. Thank you very much. |
| 23 |
|
| 24 |
At least the 'no security hole in the default install' bullshit is gone. Easy |
| 25 |
to have a 'secure' default installation if it only contains ed, tar, cp, cat |
| 26 |
and a shell. |
| 27 |
|
| 28 |
-- |
| 29 |
#163933 |
Archives