[News] Linux Security Compared to a 'Gold Standard' (OpenBSD) - Linux

This is a discussion on [News] Linux Security Compared to a 'Gold Standard' (OpenBSD) - Linux ; SELinux vs. OpenBSD's Default Security ,----[ Quote ] | Darrin Chandler suggested, "security should not be grafted on, it should be | integrated into the main development process. I'm sure the patch maintainers | are doing their best, but this ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [News] Linux Security Compared to a 'Gold Standard' (OpenBSD)

  1. [News] Linux Security Compared to a 'Gold Standard' (OpenBSD)

    SELinux vs. OpenBSD's Default Security

    ,----[ Quote ]
    | Darrin Chandler suggested, "security should not be grafted on, it should be
    | integrated into the main development process. I'm sure the patch maintainers
    | are doing their best, but this doesn't change the fundamental flaw in the
    | process. It's not a flaw of their making, it's inherent in the situation. But
    | it's still a flaw."
    `----

    http://kerneltrap.org/OpenBSD/SELinu...fault_Security


    Related:

    Countryside Council for Wales demonstrates Open Source best practice

    ,----[ Quote ]
    | By funding development to an Open Source operating system, a Welsh
    | government agency has shown best practice in its engagement with
    | the Open Source industry.
    `----

    http://www.publictechnology.net/modu...ticle&sid=8640


    Using OpenBSD 4.1

    ,----[ Quote ]
    | OpenBSD has the most thorough, easy to follow native documentation of
    | any Unix-like operating system.
    `----

    http://www.softwareinreview.com/cms/content/view/80/


    OpenBSD Foundation established in Canada

    ,----[ Quote ]
    | Today the OpenBSD Foundation announced that it has been fully formed as a
    | legal entity in Canada, with the stated purpose of acting as the legal entity
    | for handling donations and other legal and financial matters for the OpenBSD
    | operating system and its associated projects. *
    `----

    http://www.thejemreport.com/mambo/content/view/337/


    Interview: The OpenBSD Foundation's Ken Westerback

    ,----[ Quote ]
    | We currently accept cheques only. The more zeros on the end, the faster
    | OpenBSD will progress. :-)
    `----

    http://www.thejemreport.com/mambo/content/view/338/


    OpenBSD Port for Xbox1 in Progress

    ,----[ Quote ]
    | I just wanted to tell everybody that I am working on a OpenBSD
    | port to the Xbox.
    `----

    http://www.xbox-scene.com/xbox1data/...FADScbcLgY.php


    Open Source coders caught stealing Open Source code

    ,----[ Quote ]
    | Developers of OpenBSD took code from their brethren at Linux, violating
    | the code's licence, the GPL. To the horror of the Linux folk, the
    | OpenBSD licence allows proprietary use.
    `----

    http://www.theinquirer.net/default.aspx?article=38746


    OpenBSD 4.0 Released

    ,----[ Quote ]
    | We are pleased to announce the official release of OpenBSD 4.0.
    | This is our 20th release on CD-ROM (and 21st via FTP). We remain
    | proud of OpenBSD's record of ten years with only a single remote
    | hole in the default install.
    `----

    http://marc.theaimsgroup.com/?l=open...4294900557&w=2


    OpenBSD 4.0 review

    ,----[ Quote ]
    | I've tried hard to find a significant weak point in this operating
    | system, but there just isn't one. Put simply, OpenBSD makes Unix fun
    | and interesting. It's the only Unix-like operating system that you
    | can build, customize, and update without running into strange
    | problems, bugs, and growing pains. Upgrades are done with
    | confidence, not trepidation, and once configured, there isn't a
    | whole lot of worrying to do.
    `----

    http://www.softwareinreview.com/cms/content/view/55/

  2. Re: [News] Linux Security Compared to a 'Gold Standard' (OpenBSD)

    Verily I say unto thee, that Roy Schestowitz spake thusly:
    > SELinux vs. OpenBSD's Default Security
    >
    > ,----[ Quote ]
    > | Darrin Chandler suggested, "security should not be grafted on, it
    > | should be integrated into the main development process. I'm sure
    > | the patch maintainers are doing their best, but this doesn't change
    > | the fundamental flaw in the process. It's not a flaw of their
    > | making, it's inherent in the situation. But it's still a flaw."
    > `----


    Whilst I agree that SELinux is overly complex, it is nonetheless a
    robust solution when properly deployed and maintained.

    The key to simplifying SELinux integration is for each package
    maintainer to distribute a policy addendum for that package, thus
    ensuring the contexts for that package are properly set.

    This is not especially difficult, other than requiring an addition
    testing phase for each package, and can be deployed in the RPM/DEB.

    If package maintainers would adopt and follow that procedure, most of
    the difficulties and criticisms regarding SELinux would disappear,
    packages would "just work" with SELinux enabled, and nobody would feel
    compelled to automatically disable SELinux at the first sign of
    difficulty.

    This does not preclude security being "part of code quality, and part of
    the normal mainline development", as he later asserts. The two are not
    mutually exclusive.

    --
    K.
    http://slated.org

    ..----
    | "OOXML is a superb standard"
    | - GNU/Linux traitor, Miguel de Icaza.
    `----

    Fedora release 7 (Moonshine) on sky, running kernel 2.6.22.1-41.fc7
    05:51:19 up 49 days, 4:46, 3 users, load average: 0.57, 0.33, 0.39

+ Reply to Thread