[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security: FreeBSD vs OpenBSD



> I wonder if the security reputation of OpenBSD is only based on the fact
> that they ship the system in a secure by default mode, or if the OpenBSD
> kernel itself is more secure than the FreeBSD kernel.

Which is more secure, OpenBSD or FreeBSD?  Which is a better tool, a
socket wrench or a spanner?  Or how about, which is faster, a P4 or
and Athlon?

Your question is very naive.  What are your requirements and
expectations?  OpenBSD has an "approach" to security that is somewhat
different than FreeBSD's, and rather more different than TrustedBSD,
SE Linux, and the rest.  That approach is, broadly, to audit the
code for correctness, keep configuration simple and clean, and be  
very cautious about adding new features and capabilities.  It's
basically a conservative approach that attempts to enforce the
security of a system by controlling it's complexity.  That agenda,
no matter how well it's carried out, will always be limited by the
deficiencies in the basic Unix system design, which other posters
have pointed out.  OpenBSD doesn't have "jails" like FreeBSD, or
an encrypted file sytem, or ACLs and MACs like SE Linux.  It also
doesn't have to deal with the added complexity of those features.

So is the OpenBSD's approach better than Free/Trusted BSD or EROS?
What are your needs?  What are your expectations?  What are you
comfortable with?

You pays your money and you takes your chances, right?

David S.


Visit your host, monkey.org