Thread: OpenBSD The insecurity of OpenBSD
View Single Post
  #12   (View Single Post)  
Old 22nd January 2010
allthatiswrong allthatiswrong is offline
New User
  
Join Date: Jan 2010
Posts: 4
Default
Quote:
Originally Posted by Carpetsmoker View Post
These options are not mutually exclusive. A large number of security issues are due to "stupid mistakes" such as not checking return codes and the like. Writing quality code is not just the OpenBSD approach for a secure system, but it is necessary for a secure system.

Whether or not ACL's, MAC labels, and whatnot are good security features is a entirely different discussion. If you are going to implement such feature, then they must be writing with quality code or else there will be security holes.
Hi!

I agree completely that writing secure code is a necessary component of a secure operating system. By itself however, it is not enough. Also with ways to mitigate exploits, it is not enough.

On a secure system, I should be able to run insecure software or have untrustworthy users, and control the damage that can be done. This is simply not true for OpenBSD.

Quote:
In any case, ACL's are not a magic bullet for a secure system, point in case being the MS Windows Nt/2000/XP/Vista/7 systems, which all have ACLs are are not exactly widely known for their security
Well, it is important not to confuse ACL's with MAC, which Windows does not really have a complete implementation of.

I will also note that NT actually provides very powerful methods of securing systems, and certainly could restrict the damage that an attacker could do, although nowhere near as much as with MAC.

Quote:
Originally Posted by jggimi View Post

Hi!
  • Many people have been rebutting your arguments, both on misc@ and on your wordpress blog.
  • I don't wish to repeat their arguments, nor do I think I would be able to add much significantly new or unique in any line-by-line argument.
  • See below for an argument which I'm not sure has been mentioned, yet.
Unfortunately, I have seen mostly dismissals, and rehashing of the same tired old arguments that I actually addresses in my article.

Some interesting discussion was taking place in my blog, but even then it is the same arguments.

MAC is bolted on/can be easily turned of, is insecure, adds no meaningful security etc.

All untrue.

Quote:
There are many different kinds of intrusions that ACL and MAC will not mitigate. Root level intrusions come to mind, as do DBMS intrusions such as SQL injection.
Of course, and I address this in my article.

For most cases however, MAC provides meaningful security.

It is also interesting to note that the more serious database platforms generally implement at least some from of RBAC/MAC.

Quote:
Should I need an ACL for some reason on an OpenBSD platform, there is one: AFS, which has a multi-layer ACL. OpenBSD has the Arla AFS client built in to the base system, and the OpenAFS server available in the ports tree, with authentication for both managed via the built in Heimdal Kerberos service. An ACL can be useful for policy and governance.
1. An ACL is not the same thing as MAC.
2. You can' seriously be suggesting running a DFS locally as a substitution for a MAC implementation because it has an ACL?
Reply With Quote