Mailing List Archive
tlug.jp Mailing List tlug archive tlug Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]Re: [tlug] Confessions of a closet OpenBSD user
- Date: Fri, 28 Jun 2002 00:04:09 -0400
- From: Josh Glover <jmglov@example.com>
- Subject: Re: [tlug] Confessions of a closet OpenBSD user
- References: <3D1B55C2.6020807@example.com> <200206280141.g5S1fqC11383@example.com> <20020628022335.GE10058@example.com>
- Organization: INCOGEN, Inc.
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606
Matt Doughty wrote: > > No the anti-TheoBSD rhetoric is largely due to a perception of arogance coming > from the OpenBSD community. I agree with you here, but it is very often just that, a perception. I think that a lot of that goes back to Theo. Theo is widely perceived to be arrogant, and many very important developers (Alan Cox may be the most visible one, but I seem to recall Linus taking a poke at Theo a couple years back) tend to reinforce this image with their comments. > This might not be from the developers, but the average > OpenBSD user is the first to gloat about security problem you may have because you > were 'stupid' enough to use something else. > The reality is that there are several > OSes that are, for all practical purposes, just as secure as OpenBSD. Exactly. I would argue that any Unix, in the hands of a security-concious, on the ball (read: Bugtraq and vuln-dev) sysadmin is "as secure as OpenBSD", whatever that means. However, of all the Unices I have used, OpenBSD is noteable for not making it a pain in my ass to secure. I have complaints with Redhat here, and even mighty Solaris comes outta the box with some junk on it these days. > You can't > sing your own praise in regards to auditing code to catch poor programming of others, and not > expect a outpouring of derision when things like off by one errors, things that can be caught > by using bounds checking gcc flags, show up in your flagship software. You cannot catch *all* OBOEs this way, just the ones that overflow bounds. Having an OBOE in a memory copy routine, or an array shift, or a vectory operation, can be just as deadly as one that actually exceeds a bound. The only way to debug software completely is to give it to the users (and the security community). Eventually, most bugs get caught. > As a result, I am very onesided in my criticism of OpenBSD. I apply the same rules to > most things. Interesting. I find that as a security guy, I often *have* to be over the top, in my professional capacity, to accomplish anything at all. If I say, "well, there may be risks involved with this," (my honest analysis), management seems to always ignore the minor risks. But as you know, it doesn't take all that many minor leaks to bring even a mighty ship to the point where an attack could sink it. (OK, maybe not the *best* network metaphor I have ever dreamed up, but you get the picture.) So I need to breathe fire: "No! We absolutely *cannot* do this! If we do, it is just a matter of time before we get owned! And do you know what that means!? [insert gratuitous rant about IP (Intellectual Property, here, not Internet Protocol) theft and lost time and lost trust here]" to even reach a compromise sometimes. But we had a minor incident once, which I was able to clean up quickly and with no damage, and *now* they listen to me. For now, anyway. ;) Och, the battle against the forces of darkness is ne'erending! -- Josh Glover <jmglov@example.com> Associate Systems Administrator INCOGEN, Inc.
- References:
- Re: [tlug] Confessions of a closet OpenBSD user
- From: Josh Glover
- Re: [tlug] Confessions of a closet OpenBSD user
- From: Jonathan Byrne
- Re: [tlug] Confessions of a closet OpenBSD user
- From: Matt Doughty
Home | Main Index | Thread Index
- Prev by Date: Re: [tlug] Re: Piping stderr?
- Next by Date: Re: [tlug] new computer configuration
- Previous by thread: Re: [tlug] those who gloat are punished.
- Next by thread: Re: [tlug] Confessions of a closet OpenBSD user
- Index(es):
Home Page Mailing List Linux and Japan TLUG Members Links