Linked by Thom Holwerda on Thu 21st Jan 2010 19:24 UTC, submitted by Anonymous
OpenBSD "OpenBSD is widely touted as being 'secure by default', something often mentioned by OpenBSD advocates as an example of the security focused approach the OpenBSD project takes. Secure by default refers to the fact that the base system has been audited and considered to be free of vulnerabilities, and that only the minimal services are running by default. This approach has worked well; indeed, leading to 'Only two remote holes in the default install, in a heck of a long time!'. This is a common sense approach, and a secure default configuration should be expected of all operating systems upon an initial install. An argument often made by proponents of OpenBSD is the extensive code auditing performed on the base system to make sure no vulnerabilities are present. The goal is to produce quality code as most vulnerabilities are caused by errors in the source code. This a noble approach, and it has worked well for the OpenBSD project, with the base system having considerably less vulnerabilities than many other operating systems. Used as an indicator to gauge the security of OpenBSD however, it is worthless."
Thread beginning with comment 405495
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Author of the article here
by f0dder on Fri 22nd Jan 2010 17:52 UTC in reply to "RE: Author of the article here"
f0dder
Member since:
2009-08-05

The way popular OSes are structured and the way popular hardware works gives all kernel-level code equal and complete trust - and therefore the complete freedom to bypass any security checks that it wishes. The only way you might limit this is by having a separate component (e.g. a hypervisor) that is protected from kernel-level code and can enforce some restrictions on what the kernel level code does.
And even with a HyperVisor, you might be vulnerable to DMA-based attacks... at least with the original implementations of x86 VMX.

Reply Parent Score: 1

Mark Williamson Member since:
2005-07-06

And even with a HyperVisor, you might be vulnerable to DMA-based attacks... at least with the original implementations of x86 VMX.


True! I forgot about that. So if you were going to use a hypervisor to enforce this sort of thing you also need an IOMMU so it can protect itself from DMA. Modern x86 systems do have / are getting that hardware, though I'm not quite clear who has it now :-S

Reply Parent Score: 2

f0dder Member since:
2009-08-05

True! I forgot about that. So if you were going to use a hypervisor to enforce this sort of thing you also need an IOMMU so it can protect itself from DMA. Modern x86 systems do have / are getting that hardware, though I'm not quite clear who has it now :-S

Good question - both Intel and AMD have IOMMU (at least on paper), but I've only read about (and worked with) the original Intel VMX.

It's been some years since I've touched it, so I can't remember if you're inherently vulnerable against DMA attacks or if it requires a buggy hypervisor ;)

Reply Parent Score: 1