Interview: Ask Theo de Raadt What You Will

Theo de Raadt was a founding member of NetBSD, and is the founder and leader of the OpenSSH and OpenBSD projects. He is currently working on OpenBSD 5.5 which would be the projects 35th release on CDROM. Even though he'd rather be hiking in the mountains or climbing rocks in his free time, Theo has agreed to answer any question you may have. As usual, ask as many as you'd like, but please, one question per post.

Sparc64 and Oracle

[kthreadd]

I recently needed a free software operating system that could replace Solaris on a couple of Sun UltraSparc machines. After testing out the relatively small number of alternatives I found that OpenBSD had by far much better hardware support than the others. I know that a lot of this is the result from the effort your group spent a couple of years ago to get docoumentation from what used to be Sun. How would you describe collaboration with Oracle now when they run the remains of Sun, in particular around supporting modern Sparc64 based systems?

Re:Why are you such an asshole?

[bluefoxlucid]

How screwed up would the project be had he not been such an "asshole" as you describe?

Way back when, I brought up to the OpenBSD mailing list that position-independent executables (PIE) on x86 would incur a negligible performance penalty while increasing the effectiveness of certain security measures--the randomization of stack, library, and heap base--significantly.

Theo immediately pulled the discussion off-list to tell me that the optimization is "very expensive" (i.e. incurs a huge performance hit). He bolstered his argument by repeating, across 14 e-mails, "We invented this stuff, I know what I'm talking about" and "I don't even know who you are, everyone knows who I am".

Linux had oprofile.

I ran some measurements. The performance hit without relying on -fomit-stack-pointer was some 0.6%, and with -fomit-stack-pointer you got a 5.2% boost unrealized. We could call the raw performance hit 5.8%. -fPIE code is 5.8% slower.

Further, most programs spent substantially less than 0.2% of their execution time in the main executable. -fPIE only affects the main executable; multiplying this together gives us 0.2% * 5.8% = 0.0116%. This means that, in any one hour period, if you could find a total of 0.42 seconds of CPU time (i.e. CPU at 50% for 0.84 seconds, CPU at 0% for 0.42 seconds, etc.), -fPIE would have zero real impact. If your system is pegged at 100% for 24 hours, it will be pegged at 100% for 10 seconds longer. In 60 seconds, you need 0.0070 seconds of additional CPU time to handle this optimization.

In short: Theo was wrong. He derailed the conversation off-list probably because he didn't have a real argument and was afraid of being proven wrong. He's never admitted he was wrong, and probably considers the whole argument a moral victory.

The whole exchange has taught me that OpenBSD is just another nobody-fucking-cares OS with a bunch of shiny egostroke things like strlcpy() and probably less security than anything else. I wonder how many security holes have gone unseen, how many improvements have papered over unacknowledged previous issues, and so on. OpenBSD uses very specific language: only two remote exploits in the default installation in however many decades. That's because OpenBSD comes with everything switched off--like Ubuntu before Avahi--so there's no attack surface. It's great marketing, but it has no bearing on how much of the code base is secure or how risky it is to run OpenBSD vs Linux vs Windows.

Theo's manner says that the above assessment has a high probability of being valid. Not a majority probability, but a high probability: most people claim OpenBSD is "secure", and in fact I spent a time editing this out of Wikipedia because every security article cited OpenBSD--up to and including listing "use OpenBSD" under "ways to improve computer security". This was not NPOV, and I have found no empirical studies of OpenBSD security--Coverity hasn't even run their tools against the code base, and I've seen no widely published studies on number of practically exploitable local privilege escalations and shipped daemons and such comparing OpenBSD to FreeBSD and Linux and so on--so it was inappropriate. But it does say that the normal assessment is that OpenBSD is probably "secure"; and I find a lot of soft evidence suggesting that this assessment is not reliable without more hard scientific evidence. A lot has gone into showing why OpenBSD "is secure", and very little has gone into showing that it's "not as insecure".

Linus has a massive ego and can be harsh, but he admits this and admits he has been wrong and the culture around Linux is different. Linus is sub-optimal, and the poor handling of negotiation by the Grsecurity and PaX people stunted Linux security development for a while, as did a number of other things; but Theo is the quintessential off-the-deep-end egomaniac. His technical expertise is highly questionable.

Need replies to call them interviews!

[Useless]

There have been a whole lot of these question threads without any replies in the past few months (6 other threads in the past 3 months, all unanswered). Do these people actually know they are being interviewed, or are these just empty topics posted to bolster lagging page views/ad impressions?