Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Gets Even More Secure

Posted by CowboyNeal on from the one-tight-daemon dept.

Telent writes "As seen in this post by Theo de Raadt, OpenBSD is getting even more secure, working on smashing script kiddies running buffer overflow exploits dead. Tightening PROT_* according to the POSIX standards and creating a non-executable stack on most architectures are just two of the recent enhancements, most of which are in -current now."

4 of 362 comments (clear)

  1. Why not Windows by bsharitt · · Score: 0, Flamebait

    If volunteers in an open source project can make an operating so secure, why can't a company with a lot more money and programmers not secure their operating system as good?

  2. smp blah. by sithe · · Score: 2, Flamebait

    Yah, now If only I could run Open BSD on a system with more than _one_ processor. =/

    -sithEnder

  3. not the real joe, please mod down. by Amsterdam+Vallon · · Score: 0, Flamebait

    joeb ruin spells his name like i just did, not "joe bruin" (see article from story). besides, this is blatant troll. mod down.

    --

    Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
  4. Re:Either way is good by PigleT · · Score: 0, Flamebait

    "It just so happens that right now Linux has the major commercial backing."

    Both have a more major weakness, anyway: the poor sysadmin looking after the things.

    Question to ponder: has there ever been a worm out and about for which there's not yet been a patch? From MS, the linux community, or for *BSD?

    "Most web hosting companies use BSD for shared servers. BSD is more secure."

    Haha. No, most web-hosting companies would use BSD because someone told them this and they don't know better than to disagree.

    And puhlease, let's have none of this "OpenBSD for maximum security" crap. It's one thing to flaunt "not had a remote-root vulnerability in the default install for 3 years", it's quite another thing to leave portmapper listening on a default install! That's just asking for it the next time a portmapper or RPC-related exploit comes out.
    Compared to that, note that in NetBSD you have to *en*able ssh - good thing, too, if you think the last released version is out of date, you have a chance to patch it before any listeners appear.
    But note that both of these are affected by the "weakest link" argument above. A tolerable sysadmin will tighten both down at least equally well.

    "Linux is friendlier,"

    Hahaha(2)! I just finished building sawfish on NetBSD last night, don'tchaknow.

    "I really never understood all of the bickering."

    Well, quite. For production purposes, use what you [generic] know best. For personal use, go with whatever makes you happy and swing the changes. And keep your reasons to yourself, that way nobody gets roped into a flame-fest.

    Plod on, universe.

    --
    ~Tim
    --
    .|` Clouds cross the black moonlight,
    Rushing on down to the circle of the turn