Quote:
Originally Posted by backrow
Finally, the guy spends the bulk of the article decrying the lack of MAC and ACLs. He gives a cursory mention of OpenBSD’s main argument against them—that they are too complex, leading people to misconfigure them or disable them entirely—but promptly ignores it. He also implies that lack of these features is a dealbreaker, when in fact most situations simply don’t need them. (I mean, have you ever used ACLs?)
|
I plan on using OpenBSD as a desktop and will expand into other areas as I learn about them. Although I have never myself configured SElinux or Apparmor, they do come with a default profile that provides some confinement of processes.
Web browsers and other third party programs that need access to the internet are increasingly being used as portals for zero day exploits.
How can OpenBSD protect from a zero day attack coming through a third party app such as firefox for example? Can the app be confined in some other way? Is this where privilege separation comes into play?