OpenBSD as server

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #31,854

Picture of kmself

3/12/02 1:51:32 PM

OpenBSD as server

There are a few problems.

First, OpenBSD's update process is limited. While it's improving, and oBSD wasn't vulnerable to this potential exploit, my experience has been that of the three major options (Debian/apt, RedHat/rpm, oBSD), the ease-of-maintenance continuum flows left to right.

Second, OpenBSD lacks SMP support. Uniprocessor only. That's a nonstarter for several of our systems. As an appliance, it's acceptable. As a server, it shows clear failings.

Third, even placing oBSD as a bastion system in front of your servers, you're open to exploits in CGIs or other server-side software, behind the firewall. Security is a process, not a product.

I'm happy with the fact that I am able to update my Debian systems within 24 hours of this alert with no issues. Red Hat I'll have to wrestle with over the course of the day, and OpenBSD I'm glad I don't have to mess with. Given a choice of "secure by default" and "very narrow vulnerability window", I've come to prefer the latter, though a sane-by-default configuration also helps.

-- Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com] [link|http://kmself.ix.netcom.com/|[link|http://kmself.ix.netcom.com/|http://kmself.ix.netcom.com/]] What part of "gestalt" don't you understand?

zlib advisory - (ben_tilly) - (16) - March 11, 2002, 05:46:41 PM EST

Re: zlib advisory - a similar link. - (a6l6e6x) - March 11, 2002, 11:25:28 PM EST

Remedy? - (kmself) - (3) - March 12, 2002, 12:12:38 AM EST

Erg. - (static) - March 12, 2002, 12:27:49 AM EST

Well OpenBSD was never vulnerable. :-) - (ben_tilly) - (1) - March 12, 2002, 12:41:28 AM EST

OpenBSD as server - (kmself) - March 12, 2002, 01:51:32 PM EST

Re: zlib advisory - (pwhysall) - (1) - March 12, 2002, 02:29:24 AM EST

Re: zlib and up2date - (a6l6e6x) - March 12, 2002, 02:29:21 PM EST

Microsoft vulnerable too - uses zlib code - (admin) - (2) - March 14, 2002, 10:07:28 PM EST

Risk: adopting FS code without adopting FS practices - (kmself) - (1) - March 15, 2002, 01:45:18 AM EST

But note that MS doesn't update the build #'s - (tonytib) - March 15, 2002, 09:37:37 PM EST

I'm confused about the entire thing - (wharris2) - (5) - March 14, 2002, 11:08:50 PM EST

DoS is an attack - (ben_tilly) - (4) - March 14, 2002, 11:38:03 PM EST

Re: DoS is an attack - (wharris2) - (3) - March 15, 2002, 12:08:18 AM EST

Then I suggest... - (Yendor) - (1) - March 15, 2002, 09:56:32 AM EST

I've run into double-free problems before - (wharris2) - March 16, 2002, 10:05:44 AM EST

It's a known class of exploit... - (kmself) - March 15, 2002, 02:12:46 PM EST

Got LRPD?
74 ms