DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th November 2011
Zyos's Avatar
Zyos Zyos is offline
Port Guard
 
Join Date: Nov 2011
Location: United States
Posts: 22
Thanked 0 Times in 0 Posts
Default OpenBSD's version of the X Window System

Quote:
Originally Posted by Wikipedia
The server and some of the default applications are patched for privilege separation and other enhancements, and OpenBSD provides an "aperture" driver to limit X's access to memory. However, after recent work on X security flaws by Loïc Duflot, Theo de Raadt commented that the aperture driver was merely "the best we can do" and that X "violates all the security models you will hear of in a university class.
Hello I'm new here. Anyway, I was looking at this wondering basically, how good is "the best we can do" in a practical sense? Are there better alternatives to run on OpenBSD or should I just not use anything like that at all?
Reply With Quote
  #2   (View Single Post)  
Old 6th November 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by Zyos View Post
...how good is "the best we can do" in a practical sense?
To get the broader context, read the following statement from Theo made several years ago on this subject:

http://marc.info/?l=openbsd-misc&m=114233317926101&w=2

The project mailing lists are some of the best sources for definitive information on OpenBSD. http://marc.info is one of the archive sites that a number of people here prefer. Others are mentioned at the following:

http://www.openbsd.org/mail.html
Reply With Quote
  #3   (View Single Post)  
Old 6th November 2011
Zyos's Avatar
Zyos Zyos is offline
Port Guard
 
Join Date: Nov 2011
Location: United States
Posts: 22
Thanked 0 Times in 0 Posts
Default

Thank you, that was exactly the answer I was seeking.
Reply With Quote
  #4   (View Single Post)  
Old 6th November 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 328
Thanked 9 Times in 9 Posts
Default

Pick a hardware platform that doesn't have the aperture issue/need the aperture driver, or don't run X.

The first link by ocicat is a very direct answer on the topic that I was going to link until I noticed that ocicat beat me to it. And speaking of that particular thread, does anyone know if the loongson machines (that had OpenBSD ported to them long after that thread) require the aperture driver? I know the loongson is basically a fancy-ish MIPS port, but I wanted to check and see if anyone here knew for sure before I ordered one.
__________________
Linux Admin by Profession. OpenBSD user by choice.
Reply With Quote
  #5   (View Single Post)  
Old 7th November 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,708
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by rocket357 View Post
...does anyone know if the loongson machines...require the aperture driver?
You'll find the install.md script, where this is asked, in /usr/src/distrib/<arch>/... in either the common or the ramdisk subdirectory.

It appears to me from a quick scan of /usr/src/distrib/loongson/ramdisk/install.md that it doesn't ask the question.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
X window on KDE background? maxrussell FreeBSD General 14 13th October 2011 06:50 PM
OpenBSD 4.6 i386 boot hangs with old gateway system - resolved comet--berkeley OpenBSD Installation and Upgrading 6 22nd July 2011 08:15 AM
Ports Version associated with FreeBSD version rtwingfield FreeBSD Ports and Packages 4 7th June 2010 11:00 PM
version of OpenBSD milo974 OpenBSD General 1 6th August 2008 08:24 AM
IPF: Packets Out Of Window bram85 FreeBSD Security 9 2nd June 2008 04:09 PM


All times are GMT. The time now is 06:46 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick