Theo De Raadt Says FreeBSD Is Just Catching Up On Security

← Back to Stories (view on slashdot.org)

Theo De Raadt Says FreeBSD Is Just Catching Up On Security

Posted by timothy on Sunday December 15, 2013 @02:50PM from the diplomatic-mission dept.

An anonymous reader writes "The OpenBSD project has no reason to follow the steps taken by FreeBSD with regard to hardware-based cryptography because it has already been doing this for a decade, according to Theo de Raadt. 'FreeBSD has caught up to what OpenBSD has been doing for over 10 years,' the OpenBSD founder told iTWire. 'I see nothing new in their changes. Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone.'"

33 of 280 comments (clear)

Min score:

Reason:

Sort:

Now, if... by Dahamma · 2013-12-15 14:56 · Score: 5, Funny

...only OpenBSD would catch up in every OTHER category...
1. Re:Now, if... by cold+fjord · 2013-12-15 16:33 · Score: 5, Insightful
  
  ...only OpenBSD would catch up in every OTHER category...
  You can always port or build other software on OpenBSD.
  You can't really bring other operating systems up to OpenBSD security standards with just a compile or two.
  Make your pick: secure, or convenient.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
2. Re: Now, if... by Anonymous Coward · 2013-12-15 17:14 · Score: 3, Informative
  
  The openbsd installer is one of the fastest and easiest installers I have seen. I prefer the developers work on developing a secure and functional system then waste time making a pretty GUI for the people who have phobias of text interfaces, or can't be bothered to learn how to edit a text file.
3. Re:Now, if... by Arker · 2013-12-15 17:24 · Score: 5, Insightful
  
  What method could possibly be more convenient, simple, and appropriate than opening the file with your text editor of choice and deleting the line?
  What do you expect? Some bulky "management interface" to hold your hand while you take 10 times as long as necessary to do the simple task of *removing an entry from a text file*? What is wrong with you?
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
4. Re:Now, if... by Anonymous Coward · 2013-12-15 18:03 · Score: 4, Interesting
  
  Secure By Default only seems obvious in retrospect. Remember when OSes like RedHat 5 and Windows 2000 automatically started a shitload of network services? No I don't need to run Finger or share my printers over HTTP. Predictably, they got owned before you could download the patches.
5. Re:Now, if... by shutdown+-p+now · 2013-12-15 18:23 · Score: 3, Funny
  
  It's like saying "you can always port or build other software on GNU/Hurd". It's a broadly true statement, but a surprisingly meaningless one.
6. Re:Now, if... by Bert64 · 2013-12-15 19:19 · Score: 4, Insightful
  
  Still running default services and just hiding them behind a firewall is a stupid, not having them running at all is far more sensible.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
7. Re:Now, if... by X0563511 · 2013-12-16 02:26 · Score: 3, Funny
  
  Indeed. You can have my public key. What are you going to do with it, grant me access to things? THE HORROR!
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Yeah by Anonymous Coward · 2013-12-15 15:01 · Score: 5, Funny

Good old Theo De Raadt.
Half human, half cunt.
1. Re:Yeah by ArchieBunker · 2013-12-15 16:00 · Score: 5, Insightful
  
  And usually right.
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
2. Re:Yeah by Noryungi · 2013-12-15 21:52 · Score: 3, Interesting
  
  Except Theo de Raadt is only Dutch in a very remote way: he is Canadian, and his parents emigrated to Canada from South Africa.
  So yeah, Dutch, sure - You probably don't know anything about him, right?
  
  --
  The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
3. Re:Yeah by TheRaven64 · 2013-12-15 21:59 · Score: 4, Interesting
  
  I have a lot of respect for most of the OpenBSD team, but Theo is definitely trolling here.
  Let's start with the premise of TFA, which cites the article on Ars that was covered here a few days ago and was complete nonsense about the new random number infrastructure in FreeBSD. We are not moving away from using the hardware random number generator directly, we have never used the hardware random number generator. The new code that the Ars article was talking about is to allow the PRNG to be easily switched. In 10 we're shipping both Fortuna and Yarrow and the infrastructure allows more to be added. The code has been reviewed by two cryptographers that I know of and possibly others. Neither the old nor the new implementation is vulnerable to the attack against random number generators that was published a couple of months ago (Linux was the subject of the paper, not sure if OpenBSD was vulnerable).
  If Theo is going to make such remarks as this, he should think more carefully first:
  
  "Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone."
  He'd be advised to take a look at the transactions for the IEEE Symposium on Security and Privacy over the last 10 years and see how many papers are describing techniques that were both originally implemented on FreeBSD and are now part of the default install. Let's take a look at the two systems, from a security perspective. Both FreeBSD use SSP and non-excutable stack by default, so I'll skip those. To begin with, OpenBSD features missing on FreeBSD:
  W^X enforcement. Definitely a nice idea, but it breaks some things (JITs mostly). The default memory map in FreeBSD is W^X, but it is possible to explicitly mmap() memory both writeable and executable. It's generally considered a bad idea though, and we don't ship any code that allows it. We permit third-party code to shoot itself in the foot if it really wants to and provide mitigation techniques to reduce the risk.
  Then there's ASLR. This is a pretty nice technique, which is currently not implemented on FreeBSD. We do support PIE, so it would not be a horrendously difficult thing to add, but current implementations (including OpenBSD) use a surprisingly small amount of entropy in the address layout and so don't provide as much mitigation as you'd hope (which, of course, Theo knows, because he's very familiar with 'relevant research'). This is especially true on 32-bit systems.
  And that's it for OpenBSD. Well, unless you want to count , but since that's vulnerable to a timing attack (still not fixed), which was published in the USENIX Workshop on Offensive Technologies, and Theo is aware of all 'relevant research' in security then it can't really still be there.
  Now let's look at FreeBSD security mechanisms:
  First up, jails. Jails are somewhere between a chroot and a VM: a shared kernel, but all of the global namespaces (filesystems, IP addresses, users) are separated and so you can completely isolate a service, such as a web browser, from the rest of the system. Scripts like ez-jail in the ports tree make it easy to set up lightweight service jails.
  Then there's the MAC framework, which allows modular access control policies. This is used by a couple of FreeBSD derivatives: JunOS uses it to implement code signing, OS X and iOS use it for application sandboxing. You can also use it for traditional type enforcement policies, as in SELinux and a variety of other things.
  And then there's Capsicum, which adds a capability model on top
  
  --
  I am TheRaven on Soylent News
Quick Wiki Summary by fustakrakich · 2013-12-15 15:05 · Score: 5, Insightful

"De Raadt has been criticized for having a somewhat abrasive personality..."

--
“He’s not deformed, he’s just drunk!”
1. Re:Quick Wiki Summary by chill · 2013-12-15 15:08 · Score: 5, Funny
  
  Note: That wiki summary was from the entry on "Understatement of the Year, 1996-2013 inclusive"
  
  --
  Learning HOW to think is more important than learning WHAT to think.
2. Re:Quick Wiki Summary by TheRealMindChild · 2013-12-15 15:38 · Score: 5, Funny
  
  We just need a flame war between him and Linus. Nerdwar will never be the same
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
3. Re:Quick Wiki Summary by broken_chaos · 2013-12-15 16:35 · Score: 3, Informative
  
  Linus is a bit more restrained in his flaming. Typically he only does it when the person on the receiving end has done something dumb-to-monumentally-dumb and is someone Linus trusted to not do such things.
4. Re:Quick Wiki Summary by serviscope_minor · 2013-12-15 21:27 · Score: 5, Insightful
  
  I've personally exchanged emails with De Raadt on the OpenBSD mailing list. Actually, he weighed in on a conversation which didn't initially involve him. He wa calm, helpful and polite and the discussion was a productive one.
  Why was this? I didn't start off by being extremely rude to him. Because I did my homework and found out as much as I reasonable could with my knowledge and skills. Expecting someone like that to hold my hand and do my homework for me for free no less is exceptionally rude. Somehow many people are too dumb and selfcentred to realise this.
  
  --
  SJW n. One who posts facts.
Framing the debate by Anonymous Coward · 2013-12-15 15:10 · Score: 4, Informative

As usual:
- Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the
times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.
- FreeBSD really is stupid about some things.
Let's take for instance their complete refusal to implement any strong security in their distribution chain.
You can't verify their ISO's or packages back to their source in any way. Their repo is ancient svn, not
git or monotone, so they have no signable hashes in their repos. There's no deterministic builds. etc.
And when you bring it up, they just handwave about process and workflow as reasons to continue
doing the same. FreeBSD is pretty damn good as an OS, but their standing on these things is BULLSHIT.
1. Re:Framing the debate by Anonymous Coward · 2013-12-15 15:32 · Score: 5, Interesting
  
  How is OpenBSD any different in that regard? They rewrote CVS (OpenCVS) for heaven's sake, so they didn't have to move to SVN, let alone Git.
  And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used, even after people were able to manufacture a Git collision using SHA-1.
  People misunderstand what makes OpenBSD secure. OpenBSD is about being conservative and simple. Lots of the things they do seem backwards or antiquated. In this case, XORing your random bit streams is as conservative as you can get. And when Theo talks about following the research, it's not to jump on fancy new technology, but in tracking the evolution of software and cryptographic exploits and trying to preemptively get out of those paths. That's opposite of Linux and FreeBSD, where they're constantly chasing new features, new optimizations, and new technologies.
2. Re:Framing the debate by styrotech · 2013-12-15 16:12 · Score: 5, Informative
  
  - Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.
  Yeah the bit that struck me here was that Theo was relatively complimentary about Linux and Linux devs. eg mentioning Linux also did this stuff ages ago and that OpenBSD used some research from Ted Ts'o (and others) in their implementation.
  So the complaint wasn't about credit for who was first, just about how FreeBSD got a bunch of Snowden related media coverage for something practically everyone else did ages ago as if it was something new to worry about.
3. Re:Framing the debate by Phs2501 · 2013-12-15 16:23 · Score: 3, Informative
  
  And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used, even after people were able to manufacture a Git collision using SHA-1.
  Citation needed. I can't find a published example of any actual SHA-1 collision, much less one from a Git repo.
4. Re:Framing the debate by Anonymous Coward · 2013-12-15 19:56 · Score: 3, Informative
  
  But in the mail you link to, Linus was talking about collisions of the *first 7 characters* of the SHA1-Hash, not a full SHA1 collision. This is opnly important, because in many situations, git defaults to printing only the first 7 digits of the hash, not the full hash. It is *not* a SHA1-collision.
  Up to this date, there is no (public) known SHA1 collision, and there is no (public) known method to generate one within any reasonable time frame.
Re:so letting the nsa hire someone by EdIII · 2013-12-15 15:24 · Score: 4, Insightful

to write your ipsec, thats the definition of security.
Exactly.
The NSA is the one you are protecting yourself against . Why would you EVER trust any cryptographic primitives designed by them at all?
Being able to fully trust the cryptographic primitives on a system is not a new thing though... those NSA guys have tainted so much everywhere simply because it is their job description to decrypt sensitive communications for the intelligence community.
Microsoft anyone?
Re:Do these projects OpenBSD, FreeBSD matter anywa by Anonymous Coward · 2013-12-15 15:30 · Score: 4, Insightful

...Why should I care? Where in the world is serious stuff being done on any of these platforms? Just asking...
When it comes to security, De Raadt is like House
So I guess it matters if you care about security. Then again, since we don't really use secure software or systems, that point is kind of moot.
Re:Do these projects OpenBSD, FreeBSD matter anywa by utkonos · 2013-12-15 15:45 · Score: 4, Informative

You may want to pose that question to Netflix. They account for about 1/3 of the traffic on the internet and all that traffic is served from FreeBSD servers.

Also, Mac OS X is essentially a fork of FreeBSD.

The OS on all Juniper equipment is a modified version of FreeBSD.

The Playstation 3 and 4 OS are both modified FreeBSD.

Plus more.
Re:Do these projects OpenBSD, FreeBSD matter anywa by Anonymous Coward · 2013-12-15 16:03 · Score: 5, Interesting

A new 10x faster network stack is coming to Linux via FreeBSD, enjoy your 10gb routing speeds with a 1ghz cpu and in user mode, not kernel. Nginx, that's BSD, Varnish, that's BSD. Actually, most OS research is done on FreeBSD, then ported to Linux. Anecdotally, several large datacenters are claiming they're seeing a rise in BSD services and VMs and some major customers with millions invested, switching to BSD from Linux.

One corp claimed to have over 10,000 VMs and paid RedHat for enterprise support for those VMs with a 5 year contract. They're still locked into contract, but they switched to FreeBSD because they can cut down their number of VMs by 30% and get the same performance. They also found it easier to manage FreeBSD. They're paying for that contract, but not using it. I bet that was a fun sell to management.
Re:so letting the nsa hire someone by EvanED · 2013-12-15 16:12 · Score: 5, Insightful

...those NSA guys have tainted so much everywhere simply because it is their job description to decrypt sensitive communications for the intelligence community.
To play devil's advocate for a second (and from someone who is as opposed to the NSA's spying as anyone), they job is also to prevent adversarial spying on us. That presumably applies much more to government functions than day-to-day ones, but if, say, the military or state department actually follows the NSA's suggestions, there's a decent chance that those suggestions are pretty close to as good as it gets.
Re:constructive criticism by Trepidity · 2013-12-15 16:27 · Score: 3, Insightful

Well, he did produce OpenBSD, which could be seen as constructive criticism in a sense (instead of just complaining, build something). But yeah, if you mean constructively criticizing things in text, that's not really his strong point.

--
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Not really by Sycraft-fu · 2013-12-15 17:54 · Score: 3, Informative

He's often "technically correct". What I mean is that OpenBSD is really secure in its default setup... because it doesn't do fuck-all. Security via turning off everything isn't really that impressive. When something is supposedly so much superior on a security front, yet seems to get very little usage, well, there's a reason.
Also, even if you are right, you shouldn't be a dick about it. Perception matters in the world and if you want to persuade people to your position, you need some empathy. If you act like a jerk all the time, it puts people off and makes them dislike you, and thus not consider the content of your claims.
1. Re:Not really by Architect_sasyr · 2013-12-15 18:07 · Score: 5, Funny
  
  Pretty sure whoever wrote "House" was looking at Theo and thinking "You know... that fucker could make a great TV show character". Of course it was probably followed by "but screw that IT crap" but whatever.
  
  --
  Me failed English...
  FreeBSD over Linux. If my comments seem odd, this may explain...
2. Re:Not really by Clsid · 2013-12-15 20:16 · Score: 3, Informative
  
  Not having stuff running by default is not the only thing OpenBSD does. It has a crapload of features regarding security, starting with the very nice firewall, so please go educate yourself and then comeback. That system is perfect for production systems like web servers and proxy servers which is where I use it.
3. Re:Not really by gmhowell · 2013-12-15 21:00 · Score: 5, Funny
  
  He's often "technically correct".
  You are aware that that is the best kind of correct, right?
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
4. Re:Not really by gman003 · 2013-12-16 01:28 · Score: 4, Funny
  
  Technically, yes.