nanog mailing list archives
Re: DARPA and the network
From: Henning Brauer <hb-nanog () bsws de>
Date: Tue, 6 Sep 2005 11:35:22 +0200
* Todd Vierling <tv () duh org> [2005-08-05 00:26]:
I'm one of the developers for NetBSD. From what I can see, on average, all the BSDs are about the same when it comes to addressing vulnerabilities. They're almost on par when it comes to preventative measures (but remember, some preventative measures can go too far: OpenBSD has fallen victim to that more than once). The real end-of-the-day tangible difference wrt security is how vocal the project's security team is.
so if the BSDs are en par with preventive measures, why is OpenBSD (to my knowledge) the only one shipping ProPolice, which prevented basically any buffer overflow seen in the wild for some time now? Why is OpenBSD the only one to have randomized library loading, rendering basicaly all exploits with fixed offsets unuseable? Why is OpenBSD the only one to have W^X, keeping memory pages writeable _or_ executable, but not both, unless an application fixes us to (by respective mprotect calls)? Where's the non-root, chrooted httpd, dhcpd, mopd, rbootd, afs, pppd etc on the other BSDs? The privilege seperated tcpdump? This list is not even remotely complete... And, why's OpenBSd the only one that has systematically removed all uses of dangerous string handling functions like strcpy, strcat, sprintf etc? so, claiming the difference is how vocal a project is is, in this case, just far off reality. -- Henning Brauer, hb () bsws de, henning () openbsd org BS Web Services, http://bsws.de OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Current thread:
- Re: DARPA and the network Henning Brauer (Sep 06)
- Re: DARPA and the network Florian Weimer (Sep 06)
- Re: DARPA and the network Henning Brauer (Sep 06)
- Re: DARPA and the network Michael . Dillon (Sep 06)
- Re: DARPA and the network Jay R. Ashworth (Sep 06)
- Re: DARPA and the network Paul Jakma (Sep 06)
- Re: DARPA and the network Henning Brauer (Sep 06)
- Re: DARPA and the network Alexei Roudnev (Sep 06)
- Re: DARPA and the network Florian Weimer (Sep 06)
- Re: DARPA and the network Valdis . Kletnieks (Sep 06)
- Re: DARPA and the network Henning Brauer (Sep 06)