Linked by Thom Holwerda on Wed 20th Jun 2007 20:07 UTC, submitted by Valour
OpenBSD "If you're a software enthusiast who has never used OpenBSD before, you might enjoy installing it by yourself and figuring it out as you go. If, however, you're looking for a more practical approach to using OpenBSD 4.1 on a desktop or server machine, here's a quick guide to get you started in this spectacular operating system."
Thread beginning with comment 249394
To read all comments associated with this story, please click here.
Security
by Hiawatha on Wed 20th Jun 2007 21:17 UTC
Hiawatha
Member since:
2005-08-29

I am a UNIX fan. I use Debian Linux all the time. I believe that a Debian Linux server or a FreeBSD server can be as secure as a OpenBSD server. OpenBSD is secure by default. It's an empty statement. Nobody uses a 'default' server. And define 'secure'. From OpenBSD's point of view, it means: no buffer overflow, no hackable software, etc. That's pretty wortheless if you host a buggy PHP website on it or badly configure your mailserver so it becomes a spamhost. Therefor I believe that the security of a server depends on its administrator, not the running OS. Debian and FreeBSD have a very excellent security history. So, if you're looking for a secure OS that is also functional (good hardware support), you're better of with Debian or FreeBSD.

Reply Score: 5

RE: Security
by fretinator on Wed 20th Jun 2007 21:33 in reply to "Security"
fretinator Member since:
2005-07-06

So, if you're looking for a secure OS that is also functional (good hardware support), you're better of with Debian or FreeBSD.


I have found OpenBSD to have very good hardware support, especially in the NIC area. I use OpenBSD on some of my laptops and it supports more wireless cards than my Linux laptops. I use older laptops for my test servers because they give me that "rack" feeling (I even put them on a rack) without the price. They also use less power and keep from heating up my computer room.

Reply Parent Score: 5

FreeBSD Red Zone
by vermaden on Wed 20th Jun 2007 21:40 in reply to "Security"
vermaden Member since:
2006-11-18

BTW: There will be nice feature in FreeBSD 7 called Red Zone [buffer overflow detection]:

"RedZone, a buffer corruption protection for the kernel malloc(9) facility has been implemented. This detects both buffer underflows and overflows at runtime on free(9) and realloc(9), and prints backtraces from where memory was allocated and from where it was freed. For more details, see the redzone(9) manual page."

redzone(9) man: http://www.freebsd.org/cgi/man.cgi?query=redzone&sektion=9&manpath=...

more about FreeBSD 7 here: http://www.freebsd.org/relnotes/CURRENT/relnotes/article.html

Reply Parent Score: 4

Your logic has a short-circuit in it...
by galvanash on Wed 20th Jun 2007 22:01 in reply to "Security"
galvanash Member since:
2006-01-25

...From OpenBSD's point of view, it means: no buffer overflow, no hackable software, etc. That's pretty wortheless if you host a buggy PHP website on it or badly configure your mailserver so it becomes a spamhost.

No buffer overflows and no hackable software are laudable goals, saying that things like this are worthless is extremely ignorant. And then you go on and make absolutely no point at all... If you host a buggy PHP website or a badly configured mailserver on ANYTHING you have a pretty major problem. No, OpenBSD wont save you from stupidity, no one is claiming that it will. But it just might save you from some obscure buffer-overflow someone discovers in bind or sendmail or whatever that allows someone to root your box.

And don't take me the wrong way, I'm not at all picking on Debian or FreeBSD. Your right, their security records are pretty good too. Not as good as OpenBSD, but they do have performance/software/etc advantages for certain uses and depending on your needs either may be a better choice. Use what makes sense to you, but all the reasons you have brought up are bogus.

Reply Parent Score: 5

RE: Security
by edogawaconan on Thu 21st Jun 2007 03:06 in reply to "Security"
edogawaconan Member since:
2006-10-10

That's pretty wortheless if you host a buggy PHP website on it or badly configure your mailserver so it becomes a spamhost.

at least with buggy PHP, no harm can reach the system as httpd is chrooted by default

Reply Parent Score: 5

RE: Security
by Hiawatha on Thu 21st Jun 2007 06:56 in reply to "RE: Security"
Hiawatha Member since:
2005-08-29

"at least with buggy PHP, no harm can reach the system as httpd is chrooted by default"

If your website gets defaced or personal data from the users of that website are compromised, do you think a chrooted webserver will prevent any more structual damage? Reputation damage can also be really bad for a company. In case of a buggy PHP website, you are better off with a well designed DMZ and an IDS.

A secure OS is nice. But if I had to chose between "a secure OS and a good administrator" and "a really really secure OS and a bad administrator", I definitly will chose the first one.

Edited 2007-06-21 06:59

Reply Parent Score: 0

RE: Security
by Soulbender on Thu 21st Jun 2007 03:07 in reply to "Security"
Soulbender Member since:
2005-08-18

"OpenBSD is secure by default. It's an empty statement. Nobody uses a 'default' server."

It does mean you're not vulnerable after installation and that you don't have to spend countless of hours securing it. Start with a secure base and *add* stuff that you need. Seriously, how can you argue that this is not a good strategy?

"From OpenBSD's point of view, it means: no buffer overflow, no hackable software, etc. "

Uh, yeah. What else would it mean? It's not like they can guarantee that you wont screw things up on your own.

"That's pretty wortheless if you host a buggy PHP website on it or badly configure your mailserver so it becomes a spamhost."

No shit Sherlock. However...
A seatbelt wont help if you drive your car off a 500 feet cliff, ergo seatbelts are useless?

"So, if you're looking for a secure OS that is also functional (good hardware support), you're better of with Debian or FreeBSD."

Personally I have found that OpenBSD is functional and supports most of my hardware better than Linux.

Edited 2007-06-21 03:19

Reply Parent Score: 3

RE: Security
by juno_106 on Sun 24th Jun 2007 02:49 in reply to "Security"
juno_106 Member since:
2007-06-24

Exactly. FreeBSD users also use PF. It's probably the best fw you'll find out there.

Reply Parent Score: 1