On Wed, 22 Aug 2001 10:00:28 +0100 xsprite@bigfoot.com wrote:
on Wed, Aug 22, 2001 at 12:11:05AM +0000, David Freeman scribbled:
Web server of anything outside of a firewall == OpenBSD
Why OpenBSD? It doesn't even have a mature firewalling system at the momement, let alone an easy to use isakmp daemon. Oh, and they've also dropped qmail, djbdns, publicfile, as well as ipf.
Security, lack of wholes.
Even Linux has security-orientated code audits performed on it now. So how is it more secure/a better choice?
I wan't aware that Linux had audits like this. Maybe Linux would be a better choice.
It's hellishly slow on most low spec stuff that you would normally love to use as a dedicated firewall/small webserver. A p100 with 8 megs of ram crawls under openbsd. The task scheduler pretty crappy. The same box flies under NetBSD. Oh, and NetBSD runs under about 44 architectures.
But how well audited is netBSD? how many wholes are there in it?
Thanks
D
alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/
http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug
See the website for instructions on digest or unsub!
on Thu, Aug 23, 2001 at 08:05:20PM +0000, David Freeman scribbled:
Security, lack of wholes.
http://www.openbsd.org/errata.html On reflection, OpenBSD has been vulnerable to pretty much the same set of holes as any other os. It was vulnerable to the glob bug, it was vulnerable to the setproctitle bug, the latest set of sendmail bugs, the ptrace/execve bugs that were also in linux (and appear to still exist in 2.2.19)..
Even Linux has security-orientated code audits performed on it now. So how is it more secure/a better choice?
I wan't aware that Linux had audits like this. Maybe Linux would be a better choice.
They aren't as centrally organised, but they are performed. People like solar designer and chris evans perform them, for example. But I am sure many others do too (for good or bad purposes).
It's hellishly slow on most low spec stuff that you would normally love to use as a dedicated firewall/small webserver. A p100 with 8 megs of ram crawls under openbsd. The task scheduler pretty crappy. The same box flies under NetBSD. Oh, and NetBSD runs under about 44 architectures.
But how well audited is netBSD? how many wholes are there in it?
Relatively well. OpenBSD split from NetBSD around version 1.0, because Theo de Raat, being the darling he is, decided he didn't get along with the core team any longer, so forked. NetBSD is still fairly source compatible with OpenBSD, so patches can easily be ported if anything of interest comes up. I don't know much about NetBSD audits, but it is audited systematically, and centrally atleast. NetBSD is really open about bugs and security as well as faults.
-
David Freeman -
xsprite@bigfoot.com