[GLLUG] OpenBSD

[Melson, Paul]

Until recently, I was running it as my home firewall.  From a user/admin
perspective it's very similar to FreeBSD, though not quite the variety
of tools and toys.  It is very stable and performed very well (no
latency/lag on a P5/166 w/ 65MB).  Once I no longer have a need to learn
the commercial product I'm running now, I'll probably switch back.

It's worth mentioning, though, that OpenBSD, just like every other BSD
distribution, has had its share of vulnerabilities.  I think it's an
awesome project, and bugs are fixed as well and as quickly as anyone
could hope, but it has bugs nonetheless.

PaulM

-----Original Message-----
From: Mark Szidik/mlc [mailto:SzidikM@mlcnet.org]
Sent: Wednesday, April 16, 2003 4:42 PM
To: linux-user@egr.msu.edu
Subject: [GLLUG] OpenBSD


I read this in the SANS NewsBites letter.  Sounds very cool.  I ordered
a
CD copy - jut to play around with.  Anyone currently running OpenBSD?

-Mark Szidik

 --OpenBSD Release Protected Against Buffer Overflow Attacks
(11 April 2003)
The most recent release of OpenBSD should eliminate buffer overflows,
according to the group's project leader.  The group took three
approaches to hardening the software.  First, the location of the
stack in memory is randomized.  Second, the team added a tag to the
memory structure that will detect address modifications.  Finally,
they managed to divide the main memory into two sections: writeable
and executable; the pieces of data and programs, called "pages",
would be stored in one or the other section, ensuring that no page
is writeable and executable at the same time.
http://news.com.com/2100-1002-996584.html
[Editor's Note (Schultz): Many kudos are in order here.
If what the OpenBSD people are doing really works, they will put
considerable pressure on other vendors and developers to do the same.
Buffer overflow problems continue to plague operating systems and
applications.  Eliminating this category of vulnerabilities would be
a major victory for the information security arena.
(Schneier): It's great to see this kind of approach to buffer
overflows.  This is an example of building in security instead of
trying to patch it afterwards.
(Ranum): It's GREAT to see that at least a few people are smart enough
to try to attack problems like this systemically, rather than keeping
stuck in the fruitless "penetrate and patch" while loop. This is how
to make progress in security: fundamental protections.
(Shpantzer): Initiatives like this should be taught as case studies
in computer science courses at the undergraduate level. ]


_______________________________________________
linux-user mailing list
linux-user@egr.msu.edu
http://www.egr.msu.edu/mailman/listinfo/linux-user