On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote:
As I am still trying to understand OpenBSDs core, is there a main reason I should check out FreeBSD (except the reasons you pointed out)?
In the end you'll need to compare them yourself, features, policies, hardware support, security, whatever. I just happen to like FreeBSD more and Theo de Raadt less :)
How is the default security on FreeBSD?
Why, pretty good I'd say.
"FreeBSD devs don't really care much about security as much as they should" How true is this statement?
Replace "FreeBSD Users" with "human beings" and the sentence might be true. Of course there are uncaring FreeBSD users, as are uncaring Windows, OSX or OpenBSD users. Oh - and not caring about security doesn't lead to an insecure system neccessarily. Many years ago we made an audit of some BSDi machine: it had all patches installed and was top secure. However, nobody have been logged in since a couple of years. So, why was it so secure? Because: 0 * * * * cd /usr/src && make world :-)
1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? 3. How about W^X? 4. Trusted Path Execution?
I'm not sure about all those things, google will help you with details. Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might be better suited from this perspective.
2. How easy can I sandbox software? Using jails only?
There's bhyve. I use jails and am very happy with it. - Tom