From owner-freebsd-questions@freebsd.org  Tue Jun  9 03:14:27 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C394A3464E0
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Tue,  9 Jun 2020 03:14:27 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70])
 by mx1.freebsd.org (Postfix) with ESMTP id 49gwFt5Vrrz4NC7
 for <freebsd-questions@freebsd.org>; Tue,  9 Jun 2020 03:14:26 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from [192.168.43.231] (unknown [172.58.140.225])
 (Authenticated sender: galtsev)
 by kicp.uchicago.edu (Postfix) with ESMTPSA id 6E98F4E64C;
 Mon,  8 Jun 2020 22:14:25 -0500 (CDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: freebsd vs. netbsd
From: Valeri Galtsev <galtsev@kicp.uchicago.edu>
In-Reply-To: <20200609024553.GB37422@neutralgood.org>
Date: Mon, 8 Jun 2020 22:14:23 -0500
Cc: Donald Wilde <dwilde1@gmail.com>,
 freebsd-questions@freebsd.org
Content-Transfer-Encoding: 7bit
Message-Id: <6D6C21C3-C164-4652-B8F6-73B900471B97@kicp.uchicago.edu>
References: <171506d5-19aa-359e-c21d-f07257c52ebd@freenetMail.de>
 <62d10000-e068-922e-23bd-f7a61e7a4e89@anatoli.ws>
 <ACE27C81-9437-41D6-BBD4-FA7A7B791428@kicp.uchicago.edu>
 <CAEC7392m+_AMfuLn-AgNzfWxgOFY=j_RrLaFFHtxHkeTjaR6+g@mail.gmail.com>
 <637eed20-1326-dabf-ac9d-fac12a9dbaa5@kicp.uchicago.edu>
 <70c87d1a-a5d1-60ed-ef75-3a363bfd4c9e@kicp.uchicago.edu>
 <CAEC7391ym8hQbJie_hyds0NzVTfRV-L+aALmDw49GwjgU=T3XQ@mail.gmail.com>
 <20200609024553.GB37422@neutralgood.org>
To: "Kevin P. Neal" <kpn@neutralgood.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Rspamd-Queue-Id: 49gwFt5Vrrz4NC7
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none;
 dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu
 (policy=none); 
 spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF
 policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu
X-Spamd-Result: default: False [-0.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[];
 DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; 
 RECEIVED_SPAMHAUS_PBL(0.00)[172.58.140.225:received];
 RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[];
 FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 NEURAL_HAM_LONG(-0.18)[-0.180]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 NEURAL_HAM_SHORT(-0.49)[-0.492];
 NEURAL_HAM_MEDIUM(-0.73)[-0.729];
 R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2];
 ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 FREEMAIL_CC(0.00)[gmail.com,freebsd.org]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 03:14:27 -0000



> On Jun 8, 2020, at 9:45 PM, Kevin P. Neal <kpn@neutralgood.org> wrote:
> 
> On Mon, Jun 08, 2020 at 09:29:56AM -0700, Donald Wilde wrote:
>> On 6/8/20, Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote:
>>> Still with utmost respect to OpenBSD for openSSH and general ultimate
>>> security focused approach,
>>> 
>> 
>> I think the fact that the other two root projects (NetBSD and FreeBSD)
>> have included that code says it has all been audited at the highest
>> level by people of equal capability.
> 
> No, auditing isn't required for importing.
> 
> Back around 1994 when OpenBSD started they started talking about how secure
> they were. And then the port for the DEC Alpha stopped booting. When they
> tracked down the bug they found that the OpenBSD guys had been importing
> NetBSD code without looking at it.
> 
> It was something along the lines of (in locore.s):
> #ifdef OPENBSD
>   jmp 0
> #endif
> 
> That's one example, and it's true it was in the mid-90's. It's just an
> example to show my point.
> 
> Importing the openssh code from OpenBSD just means it gets the job done
> and is good enough. I doubt any FreeBSD developer has audited the OpenSSH
> code, the OpenSSL code, the SQLite code, or any of the other medium-sized
> projects that are in the FreeBSD tree now. The exceptions are probably
> projects that were imported once and then developed in-tree afterwards,
> like the IPv6 stack.
> 

Thanks, Kevin. This was really instructive!

Valeri

> -- 
> Kevin P. Neal                                http://www.pobox.com/~kpn/
> 
> "What is mathematics? The age-old answer is, of course, that mathematics
> is what mathematicians do." - Donald Knuth