Linked by Eugenia Loli on Sat 12th Aug 2006 19:07 UTC
OpenBSD OpenBSD strives to be the most secure UNIX derivation. Design principles, such as code auditing, extensive use of encryption, and careful configuration choices, combine to ensure OpenBSD's secure by default philosophy holds true. This article gives you a close look at the operating system so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems.
Thread beginning with comment 151897
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Correctness matters
by netpython on Sun 13th Aug 2006 07:28 UTC in reply to "RE: Correctness matters"
netpython
Member since:
2005-07-06

how OpenBSD has the philosophy Id actually like to see in Linux .

If you compare FC5 and OpenBSD there'sn't much difference when you do a non GUI install.

OpenBSD can't possibly audit all the packages from ports only the default install which is pretty useless for a desktop.When you install more packages to make for example a somewhat equivalent desktop you are just as vulnerable as any other linux desktop with the same packages installed.Maybe more vulnerable because there's a significant smaller team that audit.

Exellent secure server OS nonetheless.

Reply Parent Score: 5

RE[3]: Correctness matters
by psygbert on Mon 14th Aug 2006 03:09 in reply to "RE[2]: Correctness matters"
psygbert Member since:
2006-05-29

hmm how can you say more vulnerable? even in ports w^x, propolice and other security enhancements applies.

you can even compile ports under systrace.

Reply Parent Score: 2

RE[4]: Correctness matters
by netpython on Mon 14th Aug 2006 07:23 in reply to "RE[3]: Correctness matters"
netpython Member since:
2005-07-06

hmm how can you say more vulnerable? even in ports w^x, propolice and other security enhancements applies.

Because clearly,distilled from the reactions everything has a non-GUI priority.Nothing wrong with that,what's the use of X on a router for example?
Due to a relativ small security staff they can't apply their strict and thorough code analysis on everything but the base packages.So everything that's beyond the borders of a default install is as vulnerable as any equivalent secure OS (FC for example with propolice,fortify source,SELinux,execshield).Maybe more because less people care about those extra packages like xorg and co.

If you stick to the main purpose of OpenBSD than you have in my opinion a very secure and exellent server OS.
Secure by default (for the default install).

Reply Parent Score: 2