Thread: OpenBSD The insecurity of OpenBSD
View Single Post
Old 22nd January 2010
marc's Avatar
marc marc is offline
Port Guard
 
Join Date: Jul 2008
Location: Poland
Posts: 25
Default

Quote:
Originally Posted by allthatiswrong View Post
Which is not limited to ACL's, but also MAC, and other methods of actually locking down the system in the event of an intrusion.

So when you need to run software that has not been audited, and someone breaks in and their is no sufficient way to limit what they can do, this is fine?
Quote:
* strlcpy() and strlcat()
* Memory protection purify
o W^X
o .rodata segment
o Guard pages
o Randomized malloc()
o Randomized mmap()
o atexit() and stdio protection
* Privilege separation
* Privilege revocation
* Chroot jailing
* New uids
* ProPolice
* ... and others
I didn't know that EVERY OS has such sophisticated security mechanisms built in, not added as a regular package / set of patches ... If that's not sufficient [combined with user knowledge] then what is?
I think you dramatized the whole thing a bit just because OBSD doesn't use these specific mechanisms [i.e ACL, MAC, etc].

Regards
Reply With Quote