|
|||
I think I now got the point.
Thank you for the explanation.
But still , I think if you could find a "cve" for system security it will be similar to this cve. plone is way more secure then joomla. |
|
|||
Teacher jggimi thanks so much for the infrastructure example !
I will never favour any OS to OpenBSD even though I am not smart enough to fully benefit from its unique features ........ |
|
|||
rocket357 thank you for all clarification!
|
|
|||
Just found the "The insecurity of OpenBSD" and was curious to see if there was a comment on the article here on deamonforums. I'm pretty new to BSD in general and have been evaluating if I should go with OpenBSD or FreeBSD, at least as a starter. Being inspired by the philosophy I am leaning towards OpenBSD, so I'm trying to get a better understanding and finding the arguments that would tell me that I should.
Regarding this thread I would like to thank you Rocket, Ocicat, and Jiggmi for your perspectives. Enlightening and useful reminders going forward. Really appreciate it. |
|
|||
Quote:
It states that only the base system is audited. By and large, this is true. But the author implies base auditing is useless because it doesn’t guarantee the security of ports. This misses two points: first, the base system is very full‐featured and there is a lot you can do with just base software. You can run mail, web, routing, DNS, and much more without any packages. That’s great, especially for people who are running a machine specifically for such services. Secondly, OpenBSD provides many security benefits that do help you even if you’re running ports. LibreSSL provides a good base for any application using SSL and removes functionality for insecure ciphers even in ports programs. Nearly every program in ports is compiled with PIE. The stack protection and ASLR affects ports programs. And so on. Finally, the guy spends the bulk of the article decrying the lack of MAC and ACLs. He gives a cursory mention of OpenBSD’s main argument against them—that they are too complex, leading people to misconfigure them or disable them entirely—but promptly ignores it. He also implies that lack of these features is a dealbreaker, when in fact most situations simply don’t need them. (I mean, have you ever used ACLs?)
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
AFAIK, OpenBSD does not offer features such as jails in FreeBSD due to huge code base changes.
On top of that, not many user know how to use systrace properly. Last edited by Peter_APIIT; 11th October 2015 at 01:36 AM. Reason: Add info |
|
|||
Quote:
Web browsers and other third party programs that need access to the internet are increasingly being used as portals for zero day exploits. How can OpenBSD protect from a zero day attack coming through a third party app such as firefox for example? Can the app be confined in some other way? Is this where privilege separation comes into play? |
|
||||
No, privilege separation is a key component of application design. Simply put, the application runs separate processes, one with privileges, one (or more) without. See slides 7-12 of this 2009 presentation on OpenBGPd for a good description of how privilege separation was designed into that application.
Last edited by jggimi; 26th February 2016 at 08:28 PM. Reason: slide numbers |
|
||||
jjstorm, you mentioned two Linux-specific security governance mechanisms that are unrelated to privilege separation. Unlike privilege separation, those are optional add-on mitigations.
Optional security usually remains optional. Take a look at this 2015 presentation about OpenBSD's new pledge(2) risk mitigation function. A video is available. An application which has used the pledge() syscall has reduced its own privileges. The Chromium browser has been pledged for 5.9-release, for example. While pledge() is not privilege separation, it does share some of the same intent. Theo de Raadt plans to present on the relationship between pledge() and privilege separation at the dotSecurity conference in April. As for Firefox, since you mentioned it, it has not been pledged. But it will use W^X (Write XOR Execute) memory allocation at 5.9-release. This is another risk mitigation technique. It doesn't separate privileges into separate processes, and doesn't reduce its own privileges, but it does ensure that memory used for program execution is read-only. Last edited by jggimi; 26th February 2016 at 09:47 PM. Reason: clarity |
|
|||
Quote:
Last edited by jjstorm; 26th February 2016 at 11:58 PM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Security Security vulnerability in sudo allows privilege escalation | J65nko | News | 0 | 5th March 2013 03:52 PM |
Security Intel CPUs affected by VM privilege escalation exploit | J65nko | News | 9 | 18th June 2012 11:51 PM |
Performing network flow separation? | beaute | FreeBSD Security | 0 | 27th May 2010 01:40 PM |