From owner-freebsd-stable Fri Jun 1 15:21:10 2001 Delivered-To: freebsd-stable@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-66.dsl.lsan03.pacbell.net [63.207.60.66]) by hub.freebsd.org (Postfix) with ESMTP id C082437B43C for ; Fri, 1 Jun 2001 15:21:06 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id D81D9673A5; Fri, 1 Jun 2001 15:21:05 -0700 (PDT) Date: Fri, 1 Jun 2001 15:21:05 -0700 From: Kris Kennaway To: Steve Tremblett Cc: Joel CARNAT , freebsd-stable@FreeBSD.ORG Subject: Re: Is OpenBSD safer than other BSDs ? Message-ID: <20010601152105.A89287@xor.obsecurity.org> References: <20010601195419.3283ef01.joel.carnat@noos.fr> <20010601140605.M18959@sjt-u10.cisco.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010601140605.M18959@sjt-u10.cisco.com>; from sjt@cisco.com on Fri, Jun 01, 2001 at 02:06:05PM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 01, 2001 at 02:06:05PM -0400, Steve Tremblett wrote: > +---- Joel CARNAT wrote: > | 'lo folks :-) > |=20 > | I'm using OpenBSD as my home gateway and I was wondering : > | is an OpenBSD box really safer than a FreeBSD one if your configure thi= ngs (like inetd, ipf, ...) the same way ? > |=20 > | if not, what's the point in using Open rather Free for a Gateway/Firewa= ll/DNS cache/DHCPd ? > |=20 >=20 > Much of the software is common across the BSDs, but a distinguishing > feature of OpenBSD is the attention to detail in the comprehensive > source code audit. Then again, problems they find get implemented in > other systems based on OpenBSD's suggestion... And vice versa..it's not a one-way process (i.e. we've fixed quite a few things in our source code audit which they missed the first time around). Personally, I don't think there are major security reasons to choose one over the other. If you look at the advisory history of FreeBSD and OpenBSD over the past year or two, most of the serious problems have been shared by OpenBSD; OpenBSD has had serious problems not shared by FreeBSD; and FreeBSD has had serious problems not shared by OpenBSD. The "secure by default" thing isn't much of a difference any more; the major practical difference is that OpenBSD has turned off a few more inetd services than FreeBSD has. FreeBSD's source code has been fairly well audited, and we've made a lot of security fixes over the past few years, including fixes from OpenBSD. Bottom line is you should look at both systems and decide which you like better. Kris --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7GBVQWry0BWjoQKURAiGBAKCoW+v7+da+9gHFeRWZsBVzt1IAmgCfTwHx YzQeQZpgGcAeVK2mpoQMn5w= =1d2v -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message