Linked by Eugenia Loli on Sat 12th Aug 2006 19:07 UTC
OpenBSD OpenBSD strives to be the most secure UNIX derivation. Design principles, such as code auditing, extensive use of encryption, and careful configuration choices, combine to ensure OpenBSD's secure by default philosophy holds true. This article gives you a close look at the operating system so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems.
Thread beginning with comment 152084
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Correctness matters
by psygbert on Mon 14th Aug 2006 03:09 UTC in reply to "RE[2]: Correctness matters"
psygbert
Member since:
2006-05-29

hmm how can you say more vulnerable? even in ports w^x, propolice and other security enhancements applies.

you can even compile ports under systrace.

Reply Parent Score: 2

RE[4]: Correctness matters
by netpython on Mon 14th Aug 2006 07:23 in reply to "RE[3]: Correctness matters"
netpython Member since:
2005-07-06

hmm how can you say more vulnerable? even in ports w^x, propolice and other security enhancements applies.

Because clearly,distilled from the reactions everything has a non-GUI priority.Nothing wrong with that,what's the use of X on a router for example?
Due to a relativ small security staff they can't apply their strict and thorough code analysis on everything but the base packages.So everything that's beyond the borders of a default install is as vulnerable as any equivalent secure OS (FC for example with propolice,fortify source,SELinux,execshield).Maybe more because less people care about those extra packages like xorg and co.

If you stick to the main purpose of OpenBSD than you have in my opinion a very secure and exellent server OS.
Secure by default (for the default install).

Reply Parent Score: 2

RE[5]: Correctness matters
by psygbert on Mon 14th Aug 2006 08:58 in reply to "RE[4]: Correctness matters"
psygbert Member since:
2006-05-29

xorg in openbsd is different from many major linux distro's xorg. you'll notice that privsep is included in openbsd xorgs.

i also remember the old xpm vulnerability in xorg that does not almost affect openbsd but affected almost all major linux distro.

and also the old font.aliases bug in xfree that can cause arbitrary execution on almost all linux distro (including fedora) but can only cause a crash in openbsd.

see, it is not as vulnerable as others.

Reply Parent Score: 4