Hacker News new | ask | show | jobs
by JoachimSchipper 3700 days ago
Even as an OpenBSD fan, I'm not sure why tptacek was downvoted here. W^X etc. make it harder to write an exploit, but sufficiently-bad bugs can still yield arbitrary code execution. (Or confused-deputy problems allowing escalation to root, etc.; there's more than one way to pwn a box.)

And - architecturally - OpenBSD's kernel isn't that different from Linux, both being UNIX-style kernels; to the extent that OpenBSD's kernel has better security than Linux, it's mostly because OpenBSD tends to have fewer (and, sometimes, better-considered) features.

(There's an interesting argument to be had about Linux+grsecurity vs. OpenBSD - focusing on having some cutting-edge parts vs. solid engineering throughout - but that's not the argument we're having.)
1 comments
PhantomGremlin 3700 days ago
I'm not sure why tptacek was downvoted here

Maybe because his comment had the tone of:

"For this, I have found a truly wonderful proof, but the margin is too small to contain it."

link
tptacek 3700 days ago
Do you need a "truly wonderful proof" for "the mainstream OS OpenBSD has not managed to render kernel vulnerabilities unexploitable, or to rid itself of those vulnerabilities entirely"? Because: that's an extraordinary claim for an OpenBSD supporter to make.
link
PhantomGremlin 3700 days ago
I was not responding to "the mainstream OS OpenBSD ...". Let's go back to your remark, which preceded his:

kernel exploits for OpenBSD are neither theoretical nor impractical.

You put that out there as a bare, standalone statement. No elaboration, no proof.

Your comment might be true, but I would have liked to see some more "meat" in it. Some supporting evidence, some inkling of a truly wonderful proof.

link
aortega 3700 days ago
I did write a remote kernel exploit for OpenBSD, it was not an easy task, and this was in a time when there were basically no exploit countermeasures in kernel (2007) (https://www.coresecurity.com/content/open-bsd-advisorie)

There are a bunch of local kernel exploits, all very practical and reliable. Kernel protections are something OpenBSD lacked until very recently.

link
PhantomGremlin 3699 days ago
Yes, thanks for reminding me of that one.

That timeline isn't pretty. The OpenBSD guys really needed to be dragged, kicking and screaming, to calling it a "security fix" rather than something milder like a "reliability fix".

link