[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wanting opinions...



From: "L. V. Lammert" <lvl@omnitec.net>
> If controversy means:
> "As part of the recent "string cleaning", countless occurrences of strcpy, 
> strcat, sprintf, and vsprintf were replaced with bounded, safer variants
> like, strlcpy, strlcat, snprintf, vsnprintf, and asprintf  (see OpenBSD man
> pages (http://www.openbsd.org/cgi-bin/man.cgi) for details). In addition
> to  the ongoing source code auditing, OpenBSD contains strong
> cryptography.

Again, more defaults.  Yes, I wish the "string cleaning" bug would hit much
of the Linux world as well.  I.e., remove various macros/functions that
would _prevent_ many _legacy_, "bound free" macros/functions from being
used.

I, for one, use them and it would be nice if GCC/GLibC, etc... dropped
support for the legacy macro/functions.  But that's not likely to happen
for compatibility in most distros.

> More recently, several new technologies have been integrated into the
> system, further increasing its security. As of version 3.3, ProPolice has
> been enabled by default in GCC, providing additional protection against
> stack smashing attacks. In OpenBSD 3.4, this protection has been
> enabled in the kernel as well. W^X (pronounced: "w x-or x") is a fine-
> grained memory management scheme ensuring that memory is either
> writable, or executable, but never both, providing yet another layer of
> protection against buffer overflows.

Now hold on, Red Hat has really been leading-the-charge in support of
SELinux, default security profiles, etc... that do this as well -- much to
the annoyance of many users in the Linux world.  And Red Hat is _not_
"backing down" on them either, despite the outcry.

The "no execute" was just a natural progression that _all_ OSes are
adopting, although many applications break under.

> Privilege separation, privilege revocation, and randomized loading of
> libraries also play an ever increasing role in the security of the system."  
> [http://en.wikipedia.org/wiki/OpenBSD]

Again, these are developments that _are_ being mirrored in the Linux
world too, available in Red Hat's distros that are Linux 2.6-based.

> I vote for controversy.

I vote for accurate comparisons and history, not the non-sense that
too many OpenBSD advocates spew out.

I won't deny the "defaults" of OpenBSD will continue to impress and
their focus will _always_ be a benefit over any major Linux distro.
But some Linux distros aren't as "open" in their defaults as OpenBSD
advocates tend to suggest.

It's no different than in the Microsoft comparisons -- you take the
worst example and use that as the example for "all of Linux."


--
Bryan J. Smith   mailto:b.j.smith@ieee.org


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.