Slashdot Mirror

← Back to Stories (view on slashdot.org)

SMP On OpenBSD, Coming Soon

Posted by timothy on from the faster-if-you-pay dept.

Lord of the OpenBSD writes "At long last, SMP development on OpenBSD looks to be gearing up. One person is now doing full-time funded development on SMP. Project leader Theo de Raadt is now asking for funding for a second developer. Theo has announced that SMP support for i386 is planned for the OpenBSD 3.6 or 3.7 release, the first of which is due in 8 months."

3 of 321 comments (clear)

  1. Re:smp? by Herbster · · Score: 1, Redundant

    Because OpenBSD This means they don't compromise by spreading development effort that could be best spent on making the OS more secure.

  2. Re:Interesting... by anthonyrcalgary · · Score: 2, Redundant

    The list isn't exaustive...

    Privsep=privilege seperation. As many daemons as possible either drop priviliges or run as two processes, one privileged and one not. This makes a sucessful attack against a deamon less damaging because the attacker's incfluence will be trapped in a process that's not allowed to touch anything important. It turns a remote root attack into a denial of service.

    W^X (the operator is "exclusive or" not "or") makes many kinds of arbitrary code attacks impossible, by making it impossible for processes to execute memory they can write to. Other OSes probably have this, but I don't know of any, and all the big ones (Linux, Windows, FreeBSD, Solaris, AIX, etc) do not. It breaks some stuff, but it makes everything else more secure. It's a tradeoff, and I suppose OpenBSD is the only one focused enough on security to do it. I've heard that Windows will use it in the 64-bit version of Windows, but that will break Java and .NET unless they add kernel hooks to get at writable and executable memory. But that will make it a lot less effective...

    Also, everything is compiled with ProPolice stack protection, which makes stack smashing almost impossible. If you look at recent OpenBSD security advisories, many of them say "propolice turns this from a local root exploit into a denial of service", or words to that effect. Many similar problems are local root exploits on NetBSD solely because it lacks ProPolice.

    OpenBSD is considered better (by many) for firewalling largely because the security is very good. If one system has to touch the Internet, better to use an OS that has very good security. Also, PF is a much better firewall than any of the competition. FreeBSD is importing it for this reason, but at the moment the only OS with PF in an official release is OpenBSD.

    Personally, I like it because of the reliability. It's the only OS I use regularly that's never broken without bad hardware or me making mistakes. From what I've heard, Debian-stable is also that good, but OpenBSD has much better firewalling features.

    --
    When someone might yell at me, it has to be OpenBSD.
  3. Re:Yet another modern feature added to *BSD by i.r.id10t · · Score: 0, Redundant

    Sure, but how much of that source do you read/audit? Do you just check the md5sum of the source package? That could be faked, just as well as a "bad" pre-built package could be put on a FTP server, etc.

    --
    Don't blame me, I voted for Kodos