Though Linux and the BSD are considered to be very safe and secure operating systems, they are the products of human beings and hence not perfect:
The software update mechanisms used by most BSD and Linux operating systems can be tricked into installing buggy or known-to-be-compromised software on users’ systems, creating serious security risks, according to new research.
The study Package Management Security, to be published in a forthcoming issue of the university of Arizona Tech Report, analysed 10 package managers and found that all were vulnerable to exploits, allowing attackers to install unsafe software on target systems.
Package managers are designed to automatically keep software up-to-date and thus safe from known vulnerabilities. The packages analysed in the study were APT, APT-RPM, Pacman, portage, Ports, Slaktool, Stork, Urpmi, Yast and YUM.
Securing FreeBSD’s update system could be a nice project for which funding could be requested. The FreeBSD Foundation is now requesting project proposals to improve FreeBSD. If there’s anybody out there with ideas on building in better security measures read on:
The FreeBSD Foundation is pleased to announce we are soliciting the submission of proposals for work relating to any of the major subsystems or infrastructure within the FreeBSD operating system. A budget of $80,000 was allocated for 2008 to fund multiple development projects.
Proposals will be evaluated based on desirability, technical merit and cost-effectiveness.
To find out more about the proposal have a look here.