Slashdot Mirror


OpenBSD Gets Even More Secure

Telent writes "As seen in this post by Theo de Raadt, OpenBSD is getting even more secure, working on smashing script kiddies running buffer overflow exploits dead. Tightening PROT_* according to the POSIX standards and creating a non-executable stack on most architectures are just two of the recent enhancements, most of which are in -current now."

5 of 362 comments (clear)

  1. Re:smp blah. by rampant+mac · · Score: 0, Troll
    Yah, now If only I could run Open BSD on a system with more than _one_ processor. =/

    I'm sure Theo thinks that's an exploit too...

    --
    I like big butts and I cannot lie.
  2. Re:BSD is dead by Anonymous Coward · · Score: -1, Troll

    oh, you wish it was that easy you VB dink... but you have to click your heels when you say it!

  3. We are much more secure by Theo+DeRaadt · · Score: -1, Troll

    I'd equivocate our security roughly with that of the ultra-secure operating systems used by the NSA. A non-executable stack is one of our own innovations - I thought this up one night while hacking away at some network code. Certainly, you couldn't claim that we aren't innovating in our distro. I guess you could say, we are working on things more significant and important than making sure OpenBSD works on crusty old PDP-8s and Nintendos.

    --

    --
    Theo DeRaadt
    Founder, OpenBSD project.
  4. An exercise in futility by Anonymous Coward · · Score: 0, Troll
    OpenBSD has a glaring flaw: OpenBSD is totally unsupported by any important mover and shaker in the IT world. Until OpenBSD gets the support of big players (i.e. Oracle, IBM, Sun, etc.), it is little more than a toy, an adventure in self-stimulation, if you will. We all know the game is over for BSD in general. Let's not kid ourselves.

    Don't get me wrong; there's nothing wrong with a hobby. Everybody should have one which they enjoy. But realistically, OpenBSD is more than quite a few furlongs out of the running when it comes to impacting the IT industry. It is a shame to squander time on a terrible dead end and waste of resources, energy which would be better spent working on something which is actually used.

  5. oh ya, right by t0ny · · Score: -1, Troll

    So funny. It becomes a joke and is disbelieved when some large for-profit company claims to tighten up their code (like, hmm, Microsoft?).

    But when someone who had just as many (if not more) vulnerabilities says they are doing it, its to hoopla and kudos that you guys read it.

    Lets ignore the fact that MS basically put ALL their products on hold to do this, and released a swarm of patches to fix problems they found.

    What I would like to know is why these guys waited so long, and started doing this several months AFTER Microsoft? Arent they supposed to be the king among kings of secure computing? Maybe they didnt want to take the 'Initiative' =)

    --

    Manipulate the moderator system! Mod someone as "overrated" today.