>I've used it on my laptop. Primarily because it has had few vulnerabilities and is very stable.
The OpenBSD propaganda works I see...
Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD than on any other BSD or linux distribution, please...
> Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD...
A reasonable question, but presumptuously and poorly framed, I think. Mitigation efforts like privilege separation[0] (for daemons), ASLR[1], SSP[2], and now KARL[3] are designed to make things systemically better. I'm personally a NetBSD person, and don't see that ending anytime soon, but I do appreciate the work that OpenBSD does and pay attention with interest. I expect some of their work to be ported to my environment directly, and other effects to be felt tangentially. People running different or "weird" environments is a good thing.
OT, but I've had trouble in the past when trying out NetBSD; I wanted to install it on my laptop with full disk encryption, but I clearly was missing something about how to do it properly, and I've never been able to find a good guide for it. Any chance you might know a blog post or something that details how to do this properly for a NetBSD newbie like me?
Thanks! I've tried out most of the other common BSDs (FreeBSD, OpenBSD, DragonflyBSD, and TrueOS) but I've always had more trouble with NetBSD for some reason. Hopefully I'll have better luck with it this time!
Yes, browsers are a large attack surface. But I'd take a quick peek at the recent Security improvements section on this release page, and also OpenBSD's innovations page.
OpenBSD was the second OS to enable W^X JIT on its firefox package, W^X being made mandatory system-wide, and in Theo de Raadt's most recent conference talk he mentions chromium being pledged. Both browsers are compiled as PIE by default.
That's not the point.
Of course that the software will have the same number of bugs/vulnerabilities on OpenBSD.
The question is how much damage an exploit/crash will do overall. OpenBSD has quite a few of protection mechanisms in place.
> Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD than on any other BSD or linux distribution, please...
Yes. OpenBSD employs several mechanisms that improve the security of every application e.g. W^X and stack protector.
The OpenBSD propaganda works I see...
Do you really think the tools you use like your web browser, mail client etc, have less vulnerabilities on OpenBSD than on any other BSD or linux distribution, please...