From owner-freebsd-questions Sat Feb 2 21:42:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mirapoint2.brutele.be (mirapoint2.brutele.be [212.68.193.7]) by hub.freebsd.org (Postfix) with ESMTP id 02F2F37B400 for ; Sat, 2 Feb 2002 21:42:08 -0800 (PST) Received: from gateway.lefort.net ([213.189.162.78]) by mirapoint2.brutele.be (Mirapoint) with SMTP id ASO31981; Sun, 3 Feb 2002 06:35:36 +0100 (CET) Received: from jsite.lefort.net (jsite.lefort.net [192.168.1.2]) by gateway.lefort.net (Postfix) with ESMTP id 449B8159F2; Sun, 3 Feb 2002 06:35:35 +0100 (CET) Received: by jsite.lefort.net (Postfix, from userid 1000) id B480922FF0; Sun, 3 Feb 2002 06:35:34 +0100 (CET) Date: Sun, 3 Feb 2002 06:35:34 +0100 From: Jean-Yves Lefort To: freebsd-questions@FreeBSD.org Cc: inemes@transylvania.com.au, drevil@sidereal.kz, misc@OpenBSD.org Subject: Re: Security: FreeBSD vs OpenBSD Message-ID: <20020203063534.A78828@jsite.lefort.net> Mail-Followup-To: freebsd-questions@FreeBSD.org, inemes@transylvania.com.au, drevil@sidereal.kz, misc@OpenBSD.org References: <20020202212736.A68642@jsite.lefort.net> <20020203021426.29751.qmail@sidereal.kz> <3C5CA9A0.C7F62D63@transylvania.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C5CA9A0.C7F62D63@transylvania.com.au>; from inemes@transylvania.com.au on Sun, Feb 03, 2002 at 02:08:16PM +1100 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Your enlightenments are useful, I especially felt enthusiast while browsing the TrustedBSD website. However, at this point of the thread, I should probably precise my toughts. I wonder if the security reputation of OpenBSD is only based on the fact that they ship the system in a secure by default mode, or if the OpenBSD kernel itself is more secure than the FreeBSD kernel. Regards, Jean-Yves Lefort On Sun, Feb 03, 2002 at 02:08:16PM +1100, Ioan Nemes wrote: > That's great, but how about some URLs (links to TrustedBSD ... etc.) > your message is incomplete. > > Ioan > > > "Dr. Evil" wrote: > > > > > Is OpenBSD more secure than FreeBSD (I don't mean "out of the box", but after > > > a complete security audit leading to an optimal configuration of the system). > > > > Both are excellent OSes. OpenBSD definitely has less features and > > more focus on security than FreeBSD does. With proper installation > > you could run either of them in a very secure way. With improper > > installation, you could have a lot of problems with either of them. > > Unfortunately, they both share the same, deeply flawed security model, > > which is that there are two levels of permission on the system: Root > > and non-root. "Break root" is one of the steps in basically every > > hack on either of the systems. The right way to solve that problem is > > to not have a root user. Take a look at TrustedBSD, SELinux and EROS > > for examples of some OSes with more advanced security models. I am > > excited by those three OSes, but unfortunately I'm not sure if any of > > them are really ready to use in an ordinary production enviornment. > > I'm watching all three of them carefully because they are quite > > promising. Unfortunately security is a poorly understood thing by > > most people who are supposedly security specialists... but OSes like > > EROS show a real understanding a a real security focused design. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message