Linked by Thom Holwerda on Mon 19th Oct 2009 12:06 UTC, submitted by ebasconp
OpenBSD As mentioned in the release announcement: "Many people have received their 4.6 CDs in the mail by now, and we really don't want them to be without the full package repository. We are pleased to announce the official release of OpenBSD 4.6. This is our 26th release on CD-ROM (and 27th via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." I really want news like this on the front page, but sadly, the long list of improvements makes no sense to me - I don't know what's important and what isn't. If someone can provide a nice readable summary of the most important improvements, I'll include it to the item and place it on the front page. There we are.
Thread beginning with comment 390017
To read all comments associated with this story, please click here.
For the paranoic: OpenBSD + VirtualBox?
by Kebabbert on Mon 19th Oct 2009 12:49 UTC
Kebabbert
Member since:
2007-07-27

If OpenBSD is more secure than most OS, then maybe it would make sense to run it inside VirtualBox, and only access internet via OpenBSD? Then a hacker has to break through OpenBSD and then also the underlying OS?

Or is this pointless? What do you say?

Reply Score: 2

foldingstock Member since:
2008-10-30

If OpenBSD is more secure than most OS, then maybe it would make sense to run it inside VirtualBox, and only access internet via OpenBSD? Then a hacker has to break through OpenBSD and then also the underlying OS?

Or is this pointless? What do you say?


Since VirtualBox uses NAT redirection for the virtual network, your system's security would depend on VirtualBox being secure, not just OpenBSD. Also, OpenBSD does not run well on VirtualBox.

This may be a good idea in theory, but in practice I think it would just be a pita. There are much better ways to safely browse the web.

Reply Parent Score: 1

Laurence Member since:
2007-03-26

Since VirtualBox uses NAT redirection for the virtual network, your system's security would depend on VirtualBox being secure, not just OpenBSD. Also, OpenBSD does not run well on VirtualBox.

This may be a good idea in theory, but in practice I think it would just be a pita. There are much better ways to safely browse the web.


VirtualBox supports a range of network types - NAT being just one of them.

Personally I prefer the 'host interface' setting as I can then get my DHCP server to assign an IP number to the virtual machine in exactly the same way as any other physical machine would.

I agree that there are easier ways to secure a desktop though

Edited 2009-10-19 14:22 UTC

Reply Parent Score: 2

libray Member since:
2005-08-27

Virtualbox 3.0.8 added many fixes that made NetBSD, which had a horrible time even installing, work. I wonder if the same fixes apply to OpenBSD.

Reply Parent Score: 3

strcpy Member since:
2009-05-20

If OpenBSD is more secure than most OS, then maybe it would make sense to run it inside VirtualBox, and only access internet via OpenBSD? Then a hacker has to break through OpenBSD and then also the underlying OS?

Or is this pointless? What do you say?


Since you asked, I'd say this is pointless, regardless of the guest operating system and the host operating system, the latter perhaps to a lesser extend.

Given the context, I've understood that the OpenBSD team quite firmly believes that no real security can be achieved via virtualization. Many agree with them and others who argue similarly, but this is a big open debate of course.

Pile of x86 crap on pile of x86 crap can not make a pile of secure crap.

EDIT: odd sentence.

Edited 2009-10-19 14:44 UTC

Reply Parent Score: 2

sbenitezb Member since:
2005-07-22

If you have all your ports closed (no services running) and or pf active and configured then no hacker can get in exploiting services. So virtualization doesn't help here.

Other risk is in data handling by applications you run. If there's an exploit for your browser/flash/p2p/etc, then there's risk that a specially crafted data be used to allow remote execution by an attacker. OpenBSD implements many ways to prevent that, virtualization doesn't.

Reply Parent Score: 2