OpenBSD Gets Even More Secure

Telent writes "As seen in this post by Theo de Raadt, OpenBSD is getting even more secure, working on smashing script kiddies running buffer overflow exploits dead. Tightening PROT_* according to the POSIX standards and creating a non-executable stack on most architectures are just two of the recent enhancements, most of which are in -current now."

concrete galoshes

[Forgotten]

One day, Theo is going to decide that allowing people access to the HTTP port of the dist machine is just too big a risk, and OpenBSD really will be the most secure OS there is.

Re:concrete galoshes

[corsec67]

Also known as no network access. Power might be an issue, but I don't know of a virusses spread by power line, but to be safe, you should use a generator, in a Lyden cage, but don't for get the aluminum foil cap, and underwear.

Re:concrete galoshes

[haroldhunt]

>OpenBSD does not secure by limiting or removing functinality.

Yeah, OpenBSD secures by removing vowels. :)

Harold

in case of slashdotting

[joe_bruin]

google cache, in case of server is slashdotted

Re:open source security

Cisco already seems to have put in measures to combat the spread of worms. Whenever someone starts putting a high load on the router, it crashes. Problem solved.

Deeply cool.

[JimmytheGeek]

I want it now, but I'd whine if it weren't fully tested. Man, to think I'm doing the "gotta go pee" dance over something like this. I need a life.

We have a lot of single-purpose OBSD boxen here. I like them a lot. Go, team, go!

Re:linux should have non-exec stack by defualt

[The-Perl-CD-Bookshel]

Little known fact, the first Doom was written in C# and uses the .NET framework

Re:VMS

[Bastian]

Plus most script kiddies would be left scratching their head trying to use it.

All my servers run CP/M for the same reason.

Re:Either way is good

[mao+che+minh]

That myth needs dispelling. What can Linux not do that makes it a bad choice as a desktop OS? The only "hurdle" left is vast commercial support for new games. And that isn't even a factor for the workplace.

1. Linux is better for developers (even some Microsoft developers like to use it as their developing platform - see the whole Roblimo Linux Fest deal)
2. There is more and better software available for Linux then Windows or Macintosh
3. Everything that the casual user needs is available after a 20 minute install process
4. Linux can be more easily managed regardless of overall network configuration
5. Again, and this can't be stressed enough since it is the main factor for management and pointy-hairs everywhere: Linux is far, far cheaper.

If an expensive cost, inflexibility, high risk factor, constant and forced upgrade cycles, and poor memory management makes a good desktop operating system then no, Linux sucks on the desktop.

Who are you?

[Theo+de+Raadt+-+OBSD]

OK, first of all, because you registered that username here, Slashdot wouldn't let me register "Theo de Raadt", so I had to settle for this.

Secondly, who the hell are you? Stop impersonating me on Slashdot.

Re:We are much more secure

[whiteranger99x]

I guess you could say, we are working on things more significant and important than making sure OpenBSD works on crusty old PDP-8s and Nintendos

Well don't lose sleep over it, I pretty sure NetBSD tied up those loose ends LOOOOONG ago. :P

Re:Why not Windows

[anonymous+cupboard]

AIX is quite big as an external server platform, probably because of the high-end IBM Web products. It is considered to be fairly secure (certainly a better rep than Solaris) and some banks run their online banking services from it.

If you really want security, go and buy OpenVMS!!!!

Re:linux should have non-exec stack by defualt

[johnnyb]

Don't insult McDonald's Certified Food Specialists in that way.