[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Article "Why OpenBSD Will Never Be as Secure as Linux"
- To: advocacy_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Article "Why OpenBSD Will Never Be as Secure as Linux"
- From: fester <fester_(_at_)_clusterpower_(_dot_)_com>
- Date: Thu, 10 May 2001 07:45:57 -0400
I have two comments regarding this article:
1. OpenBSD (or *BSD) has Linux-binary compatibility. And, If the apps are
really that good, they can be ported.
2. This is the same type of argument that Microsoft has for running Windows.
At 12:19 PM 5/10/01 +0200, Ricardo Bermell wrote:
Kurt Seifried in SecurityPortal.
As you can see there is a large selection of security software Linux,
ranging from simple items like the Openwall kernel patch to very
configurable security suites like PitBull LX. These solutions are simply not
available for OpenBSD, so if you have needs beyond the basic
User/Group/Other filesystem restrictions for example you are basically out
of luck. Restricting access to port 80 for example, while easily achieved in
Linux with NSA SELinux or PitBull LX is basically impossible in OpenBSD.
Protecting binary software can be done in Linux with a variety of tools,
doing so in OpenBSD is very difficult (there is little you can do). Even with
some of the most secure source code in the world OpenBSD will not be
capable of providing the same levels of security and trust that a Linux
system with the appropriate software (i.e. NSA SELinux or PitBull) can. For
a system to be both secure and trusted you need both secure code and
additional items that provide Mandatory Access Controls, RBAC, Type
enforcement and so on. This is why OpenBSD will never be as secure as
Next week: "Why Linux Will Never be as Secure as OpenBSD".