Linux Today: Linux News On Internet Time.

BSD Today: BSDCon 2000: Some of Wednesday's tracks

Oct 19, 2000, 21:40 (0 Talkback[s])
(Other stories by Jeremy C. Reed)

"Today (Oct. 18) was the first day of the track schedule at BSDCon 2000. Twelve lectures were available, split up into three sections: security, development, and general. I was able to attend Michael Lucas's Publishing BSD Articles, Robert Watson's DNSSEC, Wilfredo Sanchez's MacOS X, Warner Losh's Review of NEWCARD and Murray Stokely's Writing Secure Unix...."

Over a hundred people attended Robert Watson's discussion of DNSSEC. He briefly explained the basics of DNS and the current setup for DNS records. Then he quickly discussed several topics and terminology involved with DNSSEC, including crypto, DNS security extensions to protect data transfers, security keys and signature, NXT and certificate records. He also quickly overviewed query/response security, BIND 9 configuration for keys, algorithms and shared secrets, and merging CA and DNS hierarchies...."

"Writing Secure Unix
Murray Stokely covered a variety of subjects such as buffer-overflows, bounds-checking, setuid issues ("take special care not to run with root privilege"), chroot, jail and race conditions. He said the StackGuard has a lack of interest in FreeBSD because it is not fail-safe. He discussed library based run-time bounds checking by reimplementing unsafe functions with libparanoia (with a small code example) and libverify; but he said they have short-comings because they only protect against a very small set of possible security issues...."

Complete Story

Related Stories: