1 |
Am Samstag, 15. Dezember 2012, 17:43:05 schrieb Kevin Chadwick: |
2 |
> On Sat, 15 Dec 2012 11:18:25 +0100 |
3 |
> |
4 |
> Volker Armin Hemmann <volkerarmin@××××××××××.com> wrote: |
5 |
> > > It should be moving in the other direction for stability reasons and |
6 |
> > > busybox is no full answer. |
7 |
> > > |
8 |
> > > On OpenBSD which has the benefit of userland being part of it. All |
9 |
> > > the critical single user binaries are in root and built statically |
10 |
> > > as much as possible, maximising system reliability no matter the |
11 |
> > > custom requirements or packages. |
12 |
> > |
13 |
> > until a flaw is found in one of the libs used and all those |
14 |
> > statically linked binaries are in danger. Well done! |
15 |
> |
16 |
> How unlikely and is why you have test systems. |
17 |
|
18 |
wow, so how many vulnerabilities have you found with your test systems? Just a |
19 |
question. And how do they help mitigate the problem? Really? Having lots of |
20 |
test systems help you in which way if there is a root exploit in some lib that |
21 |
was wisely statically linked into half of your installed apps? Please explain. |
22 |
Without bullshit this time. Thank you very much. |
23 |
|
24 |
At least the 'no security hole in the default install' bullshit is gone. Easy |
25 |
to have a 'secure' default installation if it only contains ed, tar, cp, cat |
26 |
and a shell. |
27 |
|
28 |
-- |
29 |
#163933 |