[atmosx]

Since OpenBSD can be backdoored[1] with the same ease that the Linux kernel could be backdoored, I have no idea why all the fuss. Debian is pretty thorough in NOT including proprietary software if that's what we're talking about.

As far as I'm concerned, it's good to have options and the OpenBSD developers have created software that I use daily (OpenSMTPd, SSH, PF, etc.) and for that, I'm thankful!

ps. I know that developing IPSEC backdoors is not easy by any means. But the subsequent Theo De Raadt answer, was that he can't tell if there are backdoors or not. That was my point.

[1] https://marc.info/?l=openbsd-tech&m=129236621626462&w=2

[aortega]

>can be backdoored[1] with the same ease

No, no with the same ease. Every OpenBSD commit is throughly reviewed, and there is only a bunch of commiters. Compared with linux, with thousands of commiters and tons of code added every day, OBSD is way more difficult to backdoor.

[gonzo]

> Every OpenBSD commit is throughly reviewed, [...]

You should observe that this didn't happen here.

Sam Leffler found that bug, fixed it, and sent OpenBSD the patch while bringing the "fast IPSec"stack to FreeBSD.

OpenBSD silently patched it.

The whole thing only came to light years later, when the accusations were made.

[aortega]

>You should observe that this didn't happen here.

I bet it now happens.

[symtos]

you bet? yet in your previous comment you stated it as a fact

[aortega]

yes.

[notaplumber]

No loadable kernel modules for OpenBSD either.

[tptacek]

Not having a formal kernel module system does not actually mean the kernel is secure. Exploits to create module loading systems out of kernel vulnerabilities are approximately as old as stack overflow exploits.

[notaplumber]

NX enforced kernel W^X, SMEP/SMAP, always-on stack protector and a limited attack surface (..say, from pledge(2)), only serve to make such theoretical attacks impractical against OpenBSD.

[tptacek]

No. Those are useful countermeasures, but kernel exploits for OpenBSD are neither theoretical nor impractical.

[nickpsecurity]

I'm glad you're saying it, too, as I get tired of this myth. I wrote a scheme on Schneier's blog for disproving it a while back. Basically, you counter the mitigations which look awfully similar to the one's that got countered in Linux and Windows. Once you have that, wait until a bug is mentioned on mailing list that can lead to memory attack. Weaponize it. Profit.

Leads me to what I claim is dirty secret behind "only 2 holes in..." claim they have: OpenBSD just fixes bugs they find without serious attempts to determine if they'd be exploitable vulnerabilities. They just do accounting differently than the rest. So, by their numbers, they only had 2 vulnerabilities because they didn't assess whether other bugs were vulnerabilities in the first place.

They have good code quality but they're full of shit about how vulnerable it is or isn't.

[JoachimSchipper]

Even as an OpenBSD fan, I'm not sure why tptacek was downvoted here. W^X etc. make it harder to write an exploit, but sufficiently-bad bugs can still yield arbitrary code execution. (Or confused-deputy problems allowing escalation to root, etc.; there's more than one way to pwn a box.)

And - architecturally - OpenBSD's kernel isn't that different from Linux, both being UNIX-style kernels; to the extent that OpenBSD's kernel has better security than Linux, it's mostly because OpenBSD tends to have fewer (and, sometimes, better-considered) features.

(There's an interesting argument to be had about Linux+grsecurity vs. OpenBSD - focusing on having some cutting-edge parts vs. solid engineering throughout - but that's not the argument we're having.)

[MustardTiger]

>Since OpenBSD can be backdoored[1]

And you link to that not happening? Seems a bit silly.