Re: security of OpenBSD vs Linux distros
From: Kasper Dupont (kasperd@daimi.au.dk)Date: 08/03/02
- Next message: Andrei: "Blocking ports??"
- Previous message: Eric P. McCoy: "Re: Linux as resilient as BSD, resource hogging?"
- In reply to: Vilmos Soti: "Re: security of OpenBSD vs Linux distros"
- Next in thread: Philipp Buehler: "Re: security of OpenBSD vs Linux distros"
- Reply: Philipp Buehler: "Re: security of OpenBSD vs Linux distros"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kasper Dupont <kasperd@daimi.au.dk> Date: Sat, 03 Aug 2002 22:51:24 +0200
Vilmos Soti wrote:
>
> Kasper Dupont <kasperd@daimi.au.dk> writes:
>
> > Now I gotta ask, what would it take to take an OpenBSD release and
> > replace the kernel with a Linux kernel? If it is just a matter of
> > recompiling everything, it might be worth the effort. I guess it
> > would be very similar to OpenBSD in security, because most security
> > problems are not directly related to the kernel. Next question is
> > of course what such a Linux distribution should be called?
>
> You obviously don't understand how the BSD systems are developed
> compared to Linux. Under Linux, all the components are developed
> by disparate groups and later the distribution makers put the
> things together. Under Free, Net, and OpenBSD, there is no such
> things as xxx FreeBSD or yyy FreeBSD apart from the version numbers.
Not that I would have claimed that for sure, but that was already
my impression of how the BSD systems was developed and released.
But this doesn't prevent me from changing them.
>
> The same group develops the kernel and the core system. If something
> is changed in the kernel, like a new system call is added or the
> paremeter list is changed for a specific call, then all the programs
> which use that feature are changed. There is no such thing there that
> "you have to use ppp a.b.c with kernel x.y.z but ppp d.e.f with
> kernel e.r.t". These are handled by the *BSD developers. If you
> download say, NetBSD 1.5.2, then be assured that the ppp which
> comes with that release will work with the kernel.
The problem of getting things working together always exist. I
was hoping, that since we take a working system and replace only
one component, it shouldn't be too hard to get it working. Of
course it is an important component we are replacing, so we might
have to replace other components as well, and if this happens it
could easilly escalate. But AFAIK GNU/Linux systems and BSD
systems already has a lot of those components in common, so the
difference shouldn't be that big.
>
> As of OpenBSD, since they are security consious, they have a
> couple of things in the kernel which is not so common in other
> kernels. For example, their kernel has builtin support for
> crypto stuff and this is why their OpenSSH differs from the
> portable version of OpenSSH. I doubt you could just put
> a Linux kernel and expect OpenSSH for OpenBSD work.
Putting complex code in the kernel has never been good for
security, so I don't see much of the point since SSH can be
implemented completely in user space except from the random
number generator.
There are patches for Linux adding crypto stuff to the kernel
most important cryptoloop. But an encrypted filesystem is
really no help in the implementation of SSH.
Actually I cannot see what cryptostuff in the kernel would be
any major advantage for SSH? What has BSD that is so helpfull?
And is it really something that should be in a kernel?
>
> Of course, the *BSD people don't develop all of their software.
> For example, they use the same X as the Linux people use, and
> they also use a lot of GNU programs most notably gcc.
So with BSD using some GNU software, and with GNU/Linux using
some BSD software, where is the major difference? Isn't it
mostly about configuration, and kernel features that isn't
strictly necesarry for any of the programs to run?
>
> One can argue if the BSD or the Linux method works better.
> I put my vote on ... both of them. The BSD method is very
> good if you want a solid and consistent system. But on the
> other hand, it also takes away the fun and *LEARNING EXPERIENCE*
> you get when you have to make sure that all of your Linux
> programs are compatible versionwise. Also, since there is a
> much larger developer base for Linux, it tends to have many more
> things especially related to new hardware.
I'm not saying one is better than the other. And they already
use parts of each others software, so this is mostly about
puting a system together from the available components. And
that is something every Linux distributor already does.
>
> You might be able to do what you wanted. To replace the OpenBSD
> kernel with a Linux one. But I am afraid it would be such a
> horrible beast that apart from the learning experience, nobody
> would use. IIRC, Debian wanted to do something like that but
> I haven't heard about it for a very long time.
If you could get the system working, it might be usefull. You
would get the hardware support from Linux, and I don't see any
reason why you would not get the security from OpenBSD, which
has been claimed to be very good. This combination should make
it worth using for some people.
-- Kasper Dupont -- der bruger for meget tid på usenet. For sending spam use mailto:razrep@daimi.au.dk or mailto:mcxumhvenwblvtl@skrammel.yaboo.dk
- Next message: Andrei: "Blocking ports??"
- Previous message: Eric P. McCoy: "Re: Linux as resilient as BSD, resource hogging?"
- In reply to: Vilmos Soti: "Re: security of OpenBSD vs Linux distros"
- Next in thread: Philipp Buehler: "Re: security of OpenBSD vs Linux distros"
- Reply: Philipp Buehler: "Re: security of OpenBSD vs Linux distros"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
