FreeBSD 11.0 Released

Ben Mezger benmezger at autistici.org
Tue Oct 11 19:16:18 PDT 2016 

Thanks Tom, I will look into it more and perhaps give it a try. OpenBSD
has lots of packages, but unfortunately not the ones I really need.

>> Oh - and not caring about security doesn't lead to an insecure system
>> neccessarily. Many years ago we made an audit of some BSDi machine: it
>> had all patches installed and was top secure. However, nobody have been
>> logged in since a couple of years. So, why was it so secure? Because:
>> 
>> 0 * * * * cd /usr/src && make world

Looks really promising. Doing something like this automatically on the
Linux Kernel + monkey patching, would probably break in the first try.
Same goes with the Gentoo port system.

On 11/10/16 15:43, Tom wrote:
> On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote:
>> As I am still trying to understand OpenBSDs core, is there a main reason
>> I should check out FreeBSD (except the reasons you pointed out)?
> 
> In the end you'll need to compare them yourself, features, policies,
> hardware support, security, whatever.
> 
> I just happen to like FreeBSD more and Theo de Raadt less :)
> 
>> How is the default security on FreeBSD?
> 
> Why, pretty good I'd say. 
> 
>> "FreeBSD devs don't really care much about security as much as they should"
>> How true is this statement?
> 
> Replace "FreeBSD Users" with "human beings" and the sentence might be
> true. Of course there are uncaring FreeBSD users, as are uncaring
> Windows, OSX or OpenBSD users.
> 
> Oh - and not caring about security doesn't lead to an insecure system
> neccessarily. Many years ago we made an audit of some BSDi machine: it
> had all patches installed and was top secure. However, nobody have been
> logged in since a couple of years. So, why was it so secure? Because:
> 
> 0 * * * * cd /usr/src && make world
> 
> :-)
>  
>> 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD?
>> 3. How about W^X?
>> 4. Trusted Path Execution?
> 
> I'm not sure about all those things, google will help you with details.
> Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might
> be better suited from this perspective.
> 
>> 2. How easy can I sandbox software? Using jails only?
> 
> There's bhyve. I use jails and am very happy with it.
> 
> 
> 
> - Tom
> 

-- 
Kind Regards,
Ben Mezger

Met vriendelijke groet,
Ben Mezger

More information about the cypherpunks mailing list