A second remote hole for OpenBSD
Posted Mar 15, 2007 12:01 UTC (Thu) by k8to
In reply to: A second remote hole for OpenBSD
Parent article: A second remote hole for OpenBSD
I believe OpenBSD does enable RPC by default. At least it did at some point in its history and did not incur any holes. I find this impressive myself.
But I think the "no default remote holes" is really trying to draw attention to two different things. OpenBSD has good engineering in the security department and tends to avoid compromises and exploits. We are all aware of this aspect of it, though some feel this sloganing is not very indicitave of that fact. But I think it is _also_ drawing attention to the conservative installation policy. Perhaps we are ignoring this aspect because the limitation of exposure is now the default thinking across most Linux variants and most Unix admins, but I can assure you it was not 10 years ago.
In other words, it may be that this slogan has simply gotten a bit out of date in that most unixes no longer foolishly turn on all kinds of services open to the world. Or at least most Free unixes.
to post comments)