WingNews logo WingNews
top | item 15416780

(no title)

eugeneionesco | 8 years ago

>I've used it on my laptop. Primarily because it has had few vulnerabilities and is very stable.

The OpenBSD propaganda works I see...

Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD than on any other BSD or linux distribution, please...

discuss

order

bch|8 years ago

> Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD...

A reasonable question, but presumptuously and poorly framed, I think. Mitigation efforts like privilege separation[0] (for daemons), ASLR[1], SSP[2], and now KARL[3] are designed to make things systemically better. I'm personally a NetBSD person, and don't see that ending anytime soon, but I do appreciate the work that OpenBSD does and pay attention with interest. I expect some of their work to be ported to my environment directly, and other effects to be felt tangentially. People running different or "weird" environments is a good thing.

[0] https://en.wikipedia.org/wiki/Privilege_separation

[1] https://en.wikipedia.org/wiki/Address_space_layout_randomiza...

[2] http://wiki.osdev.org/Stack_Smashing_Protector

[3] http://undeadly.org/cgi?action=article&sid=20170613041706

saghm|8 years ago

OT, but I've had trouble in the past when trying out NetBSD; I wanted to install it on my laptop with full disk encryption, but I clearly was missing something about how to do it properly, and I've never been able to find a good guide for it. Any chance you might know a blog post or something that details how to do this properly for a NetBSD newbie like me?

eugeneionesco|8 years ago

All of those were developed on linux and linux distributions and were available on those before obsd...

notaplumber|8 years ago

Yes, browsers are a large attack surface. But I'd take a quick peek at the recent Security improvements section on this release page, and also OpenBSD's innovations page.

https://www.openbsd.org/innovations.html

OpenBSD was the second OS to enable W^X JIT on its firefox package, W^X being made mandatory system-wide, and in Theo de Raadt's most recent conference talk he mentions chromium being pledged. Both browsers are compiled as PIE by default.

http://undeadly.org/cgi?action=article&sid=20151021191401

alexiacob|8 years ago

That's not the point. Of course that the software will have the same number of bugs/vulnerabilities on OpenBSD. The question is how much damage an exploit/crash will do overall. OpenBSD has quite a few of protection mechanisms in place.

bmh_ca|8 years ago

> Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD than on any other BSD or linux distribution, please...

Yes. OpenBSD employs several mechanisms that improve the security of every application e.g. W^X and stack protector.

See: https://www.openbsd.org/security.html

eugeneionesco|8 years ago

All of those are available on linux distributions, enabled by default.

Not only that, they were developed on linux distributions and available on them way before obsd.

bjpbakker|8 years ago

Actually "your web browser, mail client etc" do a lot of system calls to do networking et al, so yes, they do have less vulnerabilities than on Linux.

eugeneionesco|8 years ago

I don't think you know where the vast majority(95%+ ) of browser vulnerabilities are...