FreeBSD 11.0 Released

Tom tom at vondein.org
Tue Oct 11 11:43:31 PDT 2016


On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote:
> As I am still trying to understand OpenBSDs core, is there a main reason
> I should check out FreeBSD (except the reasons you pointed out)?

In the end you'll need to compare them yourself, features, policies,
hardware support, security, whatever.

I just happen to like FreeBSD more and Theo de Raadt less :)

> How is the default security on FreeBSD?

Why, pretty good I'd say. 

> "FreeBSD devs don't really care much about security as much as they should"
> How true is this statement?

Replace "FreeBSD Users" with "human beings" and the sentence might be
true. Of course there are uncaring FreeBSD users, as are uncaring
Windows, OSX or OpenBSD users.

Oh - and not caring about security doesn't lead to an insecure system
neccessarily. Many years ago we made an audit of some BSDi machine: it
had all patches installed and was top secure. However, nobody have been
logged in since a couple of years. So, why was it so secure? Because:

0 * * * * cd /usr/src && make world

:-)
 
> 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD?
> 3. How about W^X?
> 4. Trusted Path Execution?

I'm not sure about all those things, google will help you with details.
Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might
be better suited from this perspective.

> 2. How easy can I sandbox software? Using jails only?

There's bhyve. I use jails and am very happy with it.



- Tom



More information about the cypherpunks mailing list