Linked by Eugenia Loli on Sat 12th Aug 2006 19:07 UTC
OpenBSD OpenBSD strives to be the most secure UNIX derivation. Design principles, such as code auditing, extensive use of encryption, and careful configuration choices, combine to ensure OpenBSD's secure by default philosophy holds true. This article gives you a close look at the operating system so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems.
Permalink for comment 151885
To read all comments associated with this story, please click here.
RE[2]: NX without NX
by psygbert on Sun 13th Aug 2006 06:21 UTC in reply to "RE: NX without NX"
psygbert
Member since:
2006-05-29

that's also included in openbsd (and they're the first to implement it on the base system as far as free unix-like os is concern e.g. propolice, nx bit), yes there may be pax or any other protections patches in linux but the question is "is it included in the base?", the big answer is NO. if you want security, it must be from the base, from the ground up. (anyway i agree w/ you, fedora did a very good job in securing their distro). but other thing openbsd have that "might" not have on other major linux distros are the following:

W^X, .rodata segment, guard pages, randomized malloc()and mmap()
atexit() and stdio protection
privilege separation of common services "by default" (e.g. syslogd, dhcpd, tcpdump)
strlcpy() and strlcat()
chroot jailing of common services "by default" (e.g. httpd, bind)
and the constant code auditing (w/c i think linux does not have)

Reply Parent Score: 3