FreeBSD 11.0 Released
Ben Mezger
benmezger at autistici.org
Tue Oct 11 19:16:18 PDT 2016
Thanks Tom, I will look into it more and perhaps give it a try. OpenBSD
has lots of packages, but unfortunately not the ones I really need.
>> Oh - and not caring about security doesn't lead to an insecure system
>> neccessarily. Many years ago we made an audit of some BSDi machine: it
>> had all patches installed and was top secure. However, nobody have been
>> logged in since a couple of years. So, why was it so secure? Because:
>>
>> 0 * * * * cd /usr/src && make world
Looks really promising. Doing something like this automatically on the
Linux Kernel + monkey patching, would probably break in the first try.
Same goes with the Gentoo port system.
On 11/10/16 15:43, Tom wrote:
> On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote:
>> As I am still trying to understand OpenBSDs core, is there a main reason
>> I should check out FreeBSD (except the reasons you pointed out)?
>
> In the end you'll need to compare them yourself, features, policies,
> hardware support, security, whatever.
>
> I just happen to like FreeBSD more and Theo de Raadt less :)
>
>> How is the default security on FreeBSD?
>
> Why, pretty good I'd say.
>
>> "FreeBSD devs don't really care much about security as much as they should"
>> How true is this statement?
>
> Replace "FreeBSD Users" with "human beings" and the sentence might be
> true. Of course there are uncaring FreeBSD users, as are uncaring
> Windows, OSX or OpenBSD users.
>
> Oh - and not caring about security doesn't lead to an insecure system
> neccessarily. Many years ago we made an audit of some BSDi machine: it
> had all patches installed and was top secure. However, nobody have been
> logged in since a couple of years. So, why was it so secure? Because:
>
> 0 * * * * cd /usr/src && make world
>
> :-)
>
>> 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD?
>> 3. How about W^X?
>> 4. Trusted Path Execution?
>
> I'm not sure about all those things, google will help you with details.
> Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might
> be better suited from this perspective.
>
>> 2. How easy can I sandbox software? Using jails only?
>
> There's bhyve. I use jails and am very happy with it.
>
>
>
> - Tom
>
--
Kind Regards,
Ben Mezger
Met vriendelijke groet,
Ben Mezger
More information about the cypherpunks
mailing list