OpenBSD 3.2 Available

← Back to Stories (view on slashdot.org)

Posted by michael on Friday November 1, 2002 @04:53AM from the daemon-goodness dept.

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

7 of 331 comments (clear)

Min score:

Reason:

Sort:

Most Secure OS by SirGeek · 2002-11-01 05:29 · Score: 5, Interesting

According to this article the most secure OS were SCO Unix, Mac OS and Tru 64.

--
UPS Sucks
1. Re:Most Secure OS by Daleks · 2002-11-01 08:06 · Score: 3, Interesting
  
  This pattern is mirrored by the overt digital attack data collected for 2002, which demonstrates this has been the worst year on record with 57,977 attacks having already taken place. The most attacked operating system in 2002 has been Microsoft Windows with 31,431 attacks (54%) followed by Linux with 17,218 attacks (30%), BSD (6%) and Solaris (5%). Apple Mac's OS suffered only 31 overt digital attacks, ie, 0.05% of all attacks in 2002 although Apple Mac has roughly 3% of the world's computer market share. SCO Unix suffered 165 digital attacks (0.2%) and Compaq Tru64 suffered 10 attacks (0.02%).
  
  The above uses attacks per overall attacks as the rating for the OS. What should be done is OS specific attacks per installed machines running the particular OS.
  
  MA -- machine attacks
  TA -- total attacks
  MI -- machines installed
  TI -- total installed
  
  The article gives MA/TA, but we want MA/MI. MA/MI gives the vulnerability of a particular OS seperated from the quantity of attacks. I don't know the total number of installed computers, but say it's 10,000,000. Then the MA/MI for Mac's is:
  
  10,000,000 * 0.03 = 300,000
  31/300,000 = 0.000103
  
  So about 0.0103%. By contract look at the Windows numbers. Suppose Windows has 75% market share.
  
  10,000,000 * 0.75 = 7,500,000
  31,431/7,500,000 = 0.0041908
  
  So about 0.41908%. These numbers show what percentage of installed machines will be affected instead of what portion of all attacks they represent. Another way to think about it is say you have 1 machine running CrappyOS and that machine is attacked. It will only represent 1/57,978 hacks performed in 2002. By contrast MA/MI will be 100%, meaning that every single machine running CrappyOS was hacked.
  
  Numbers don't lie, people do.
OpenBSD based floppy firewall? by minipunk · 2002-11-01 06:12 · Score: 3, Interesting

Anyone know if one exists? Please send URL!
Please provide .iso's by dazdaz · 2002-11-01 06:38 · Score: 3, Interesting

People always get annoyed with this, however we would like .iso's of OpenBSD. I believe the philosophy is flawed in that .iso's are not made available so people have to purchase the cd's which helpds fund the project. However this limits the distribution of OpenBSD. If anyone could download an .iso, become familiar with OpenBSD, the userbase would be larger and therefore more people would purchase the official CD's.

What do others think?
Re:Same horrible fdisk and disklable process? by be-fan · 2002-11-01 11:38 · Score: 3, Interesting

It's also been overrun be newbie users who are trying to turn it into Windows. I'm not saying that new users are bad, and I think it's good that Linux has become succesful, but I just wish that new Linux users would take some time to understand the culture attached OS before trying to change it. It's like they say, when in Rome, do as the Roman's do. Instead, many people are just acting like so-called ugly-Americans.

--
A deep unwavering belief is a sure sign you're missing something...
Re:I DO think so.... by evilviper · 2002-11-01 15:31 · Score: 3, Interesting

Well, keep laughing... Ever heard of chroot, privlidge seperation, and systrace?

OpenBSD is what you make of it... If you set everything SUID it's certainly not going to be very secure, but you can secure an OpenBSD system extremely well if you want to do so.

Stick that in your VMS pipe and smoke it!

--
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Signed files? MD5s? by piranha(jpl) · 2002-11-01 19:44 · Score: 4, Interesting

I appreciate OpenBSD a lot; I use it on one system at home, and plan to do two more OpenBSD installations. There are some really cool things, like systrace, that aren't available for Linux yet.
That said, how can I trust that my copy of the "world's most secure operating system" hasn't been tampered with? OpenBSD does not sign their files with PGP, GnuPG, or OpenSSL (yes, the latter has been suggested on lists). OpenSSH does. Why can't OpenBSD?
The ports tree, the kernel source, and the rest of the base source (ports.tar.gz, srcsys.tar.gz, and src.tar.gz) don't even have published MD5 hashes (but the archetecture-specific binaries do). The source matters, because (aside from using potentially unstable snapshots binaries) you need the source to apply security patches as security issues are discovered.
For an OS with such a focus on cryptography "because we can", I don't see it being used where it counts. (I've written to the misc list, and only received one response. I've filed a bug report and have received none.)