|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
[OpenBSD] Which ports are secure?
I believe security is 99.99% but is not 100%. (unless you are god).
a bad day for security people is a time of hacking. and i believe OpenBSD Bare is near to 99.99%. OpenBSD say: Quote:
decrease : bad config or bug increase : good config and no bug according to above details , this question came to my mind. Which ports are secure? Do port can be a backdoor or virus or like them? this subject is reason of create this topics : http://daemonforums.org/showthread.php?t=11427 http://daemonforums.org/showthread.php?p=69137 |
|
|||
With ports you have 2 options:
1) Audit the source code yourself 2) Trust ports' maintainers If it is a small or medium sized program, written in language I know (c, perl, python, lua), then I audit the source code. No problems found so far. If it is an abomination written in Rust language, I have to trust the maintainers. Quote:
Secure text editor and file manager with Powerful GUI? That Powerful GUI makes program much more complex and much harder to audit the source code. I guess, you can just trust maintainers: those people have good reputation. |
|
|||
in one Sentence : dont unsafe your OpenBSD with install untrusted package.
audit is hard for some people and is good for a big company that have team. so better solution is maintainers but how i can know this maintainers. |
|
||||
This is somewhat related. I don't use ports; I install packages. My understanding, as discussed above, is that the base install is very secure.
Are the packages that are available for install when you invoke pkg_add audited for flaws, security holes? I'm assuming this is the case.
__________________
hitest |
|
||||
According to the FAQ the packages are just ported programs compiled and bundled up. They do "not go through the same thorough security audit that is performed on the OpenBSD base system" because there aren't "enough resources to ensure the same level of robustness and security".
|
|
||||
Quote:
__________________
hitest |
|
||||
You bet, Hitest. Each package you install was built from the instructions in a port. A port contains ONLY the instructions to build a package, but does not contain any third party software. Instructions such as:
Testing ports only requires learning how to build 'em. The ports(7) man page and the introductory chapter to the Porter's Handbook are great place to start learning how to help, for anyone who uses -current. A programmer or developer skillset is not needed. |
|
||||
Quote:
Just goes to show that archivers should be treated like daemons running on a public ip. They make a prime attack surface considering that they often get files thrown at them coming from virtually anywhere. |
|
||||
Keep in mind, CVEs are just formal security bug announcements. I do not trust software that has open, unaddressed CVEs.
But that doesn't mean that software that has no open CVEs is secure. Just that it has no formal security bugs published at the moment. |
|
|||
Ports that have updates to address CVEs will be upgraded if you're running -stable. The ports system has a mechanism to record when CVEs are addressed.
Best thing people can do is alert to CVEs when they come up. Even better, send diffs to update vulnerable/outdated ports. |
Tags |
security openbsd port |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
[OpenBSD] secure file manager | jonsec | OpenBSD Packages and Ports | 2 | 27th June 2020 12:49 PM |
[OpenBSD] secure text editor | jonsec | OpenBSD General | 11 | 10th June 2020 08:39 PM |
Secure Boot and OpenBSD | Head_on_a_Stick | Guides | 0 | 12th December 2015 10:25 PM |
Is OpenBSD secure by default from ssh users? | steamrent | OpenBSD Security | 2 | 19th December 2011 09:21 PM |
Cisco Secure ACS 4.1 syslog OpenBSD 3.9 | cyberpaisalegionair | OpenBSD General | 1 | 24th July 2008 06:42 PM |