DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
Old 10th April 2013
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Thanked 0 Times in 0 Posts
Default I think I now got the point.

Thank you for the explanation.


But still , I think if you could find a "cve" for system security it will be similar to this cve.


plone is way more secure then joomla.
Reply With Quote
Old 11th April 2013
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Teacher jggimi thanks so much for the infrastructure example !
I will never favour any OS to OpenBSD even though I am not smart enough to fully benefit from its unique features ........
Reply With Quote
Old 11th April 2013
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

rocket357 thank you for all clarification!
Reply With Quote
Old 11th April 2013
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 411
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
I am not smart enough to fully benefit from its unique features ........
If you believe that is true, then it is.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
Old 3rd October 2015
Monti Monti is offline
Port Guard
 
Join Date: Apr 2015
Location: In'Da House
Posts: 10
Thanked 0 Times in 0 Posts
Default

Just found the "The insecurity of OpenBSD" and was curious to see if there was a comment on the article here on deamonforums. I'm pretty new to BSD in general and have been evaluating if I should go with OpenBSD or FreeBSD, at least as a starter. Being inspired by the philosophy I am leaning towards OpenBSD, so I'm trying to get a better understanding and finding the arguments that would tell me that I should.

Regarding this thread I would like to thank you Rocket, Ocicat, and Jiggmi for your perspectives. Enlightening and useful reminders going forward. Really appreciate it.
Reply With Quote
Old 4th October 2015
backrow backrow is offline
Real Name: Anthony J. Bentley
Shell Scout
 
Join Date: Jul 2009
Location: Albuquerque, NM
Posts: 124
Thanked 10 Times in 4 Posts
Default

Quote:
Originally Posted by Monti View Post
Just found the "The insecurity of OpenBSD" and was curious to see if there was a comment on the article here on deamonforums.
A few thoughts.

It states that only the base system is audited. By and large, this is true. But the author implies base auditing is useless because it doesn’t guarantee the security of ports. This misses two points: first, the base system is very full‐featured and there is a lot you can do with just base software. You can run mail, web, routing, DNS, and much more without any packages. That’s great, especially for people who are running a machine specifically for such services.

Secondly, OpenBSD provides many security benefits that do help you even if you’re running ports. LibreSSL provides a good base for any application using SSL and removes functionality for insecure ciphers even in ports programs. Nearly every program in ports is compiled with PIE. The stack protection and ASLR affects ports programs. And so on.

Finally, the guy spends the bulk of the article decrying the lack of MAC and ACLs. He gives a cursory mention of OpenBSD’s main argument against them—that they are too complex, leading people to misconfigure them or disable them entirely—but promptly ignores it. He also implies that lack of these features is a dealbreaker, when in fact most situations simply don’t need them. (I mean, have you ever used ACLs?)
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems.
Reply With Quote
Old 7th October 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 118
Thanked 0 Times in 0 Posts
Default

AFAIK, OpenBSD does not offer features such as jails in FreeBSD due to huge code base changes.

On top of that, not many user know how to use systrace properly.

Last edited by Peter_APIIT; 11th October 2015 at 01:36 AM. Reason: Add info
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Security vulnerability in sudo allows privilege escalation J65nko News 0 5th March 2013 03:52 PM
Security Intel CPUs affected by VM privilege escalation exploit J65nko News 9 18th June 2012 11:51 PM
Performing network flow separation? beaute FreeBSD Security 0 27th May 2010 01:40 PM


All times are GMT. The time now is 07:58 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick