[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

compilers on firewall boxen??

Apologies is this is a bit off topic for pf, but I wanted to get the 
OpenBSD firewall gurus opinions.  What is the preferred method for 
keeping an OpenBSD firewall boxen patched and the os upgraded? 
It's generally not considered "best practice" to have compilers 
available on security sensitive applications.  Patches can be compiled 
inot binaries on a secure box and copied to production boxen, but os 
upgrades can get a bit unweildy with this approach.  So this seemsm to 
leave doing install and selecting upgrade option, and merging /etc.... 
Or one can cvsup the source tree and compile.  The latter is what I 
usually do, as I feel pretty confident that OpenBSD isn't going to get 
hacked, but am curious as to what others think w.r.t. boxes that might 
be of special interest to the black hats...
Best regards,
Ken Gunderson
PGP Key-- 9F5179FD
"As we enjoy great advantages from inventions of others, we should be 
glad of an opportunity to serve others by any invention of ours; and 
this we should do freely and generously." 	--Benjamin Franklin