Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <s099f222.087@gw.nebcoinc.com>
Date: Thu, 06 May 2004 08:06:35 -0500
From: "Steve Bremer" <steveb@...coinc.com>
To: <owl-users@...ts.openwall.com>
Subject: Re: How Owl is better from "other leading linux
	distributions"?

>>I don't know about SuSE, but RedHat holds convenience over security in

its priorities. Owl does not.

SuSE is similar. 

>>Owl has a variety of 'quirks' that makes programs work in a 
securityenhanced way. For instance, every user has its own tmpdir, and

with the tcb password scheme a lot of suid root binaries has been 
'demoted' to sgid shadow instead, which ofcourse is far preferrable.

This is a good point, although I would call them 'features' instead of
'quirks'.  ;-)


Before switching from RH to Owl, I used to have a checklist of over 100
items that I would do to each RH machine to help harden it.  It was such
a pleasant surprise when I switched to Owl and discovered that most
(can't remember the exact count now) of the items in my check list were
already done.  This is one of the many reasons I prefer Owl.  Others
follow below:

-Easier to create a minimal install
-The choice of software for network services (vsftpd instead of
wu-ftpd, OpenSSH, postfix instead of sendmail, modified versions of
telnet and dhcpd that run with privsep, etc.)
-Many (most?) of the packages in Owl have custom patches applied to
help reduce security risks (temp file handling fixes, etc).
-The security work that the Openwall Project does benefits all Linux
distros since their security fixes are passed on to the package
maintainers.  So, by supporting the Openwall Project, you are helping to
improve security for everyone who utilizes that software. 
-Slow, steady, safe, reliable development cycle.
-As Andreas pointed out: "Security over features"

I hope this helps.

Steve Bremer
NEBCO, Inc.
Systems & Security Administrator

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.