Thanks Tom, I will look into it more and perhaps give it a try. OpenBSD has lots of packages, but unfortunately not the ones I really need.
>> Oh - and not caring about security doesn't lead to an insecure system >> neccessarily. Many years ago we made an audit of some BSDi machine: it >> had all patches installed and was top secure. However, nobody have been >> logged in since a couple of years. So, why was it so secure? Because: >> >> 0 * * * * cd /usr/src && make world Looks really promising. Doing something like this automatically on the Linux Kernel + monkey patching, would probably break in the first try. Same goes with the Gentoo port system. On 11/10/16 15:43, Tom wrote: > On Tue, Oct 11, 2016 at 02:13:28PM -0300, Ben Mezger wrote: >> As I am still trying to understand OpenBSDs core, is there a main reason >> I should check out FreeBSD (except the reasons you pointed out)? > > In the end you'll need to compare them yourself, features, policies, > hardware support, security, whatever. > > I just happen to like FreeBSD more and Theo de Raadt less :) > >> How is the default security on FreeBSD? > > Why, pretty good I'd say. > >> "FreeBSD devs don't really care much about security as much as they should" >> How true is this statement? > > Replace "FreeBSD Users" with "human beings" and the sentence might be > true. Of course there are uncaring FreeBSD users, as are uncaring > Windows, OSX or OpenBSD users. > > Oh - and not caring about security doesn't lead to an insecure system > neccessarily. Many years ago we made an audit of some BSDi machine: it > had all patches installed and was top secure. However, nobody have been > logged in since a couple of years. So, why was it so secure? Because: > > 0 * * * * cd /usr/src && make world > > :-) > >> 1. How does FreeBSD handle ASLR? If any, does it use SEGVGUARD? >> 3. How about W^X? >> 4. Trusted Path Execution? > > I'm not sure about all those things, google will help you with details. > Maybe HardenedBSD, NetBSD or - as you're already using - OpenBSD might > be better suited from this perspective. > >> 2. How easy can I sandbox software? Using jails only? > > There's bhyve. I use jails and am very happy with it. > > > > - Tom > -- Kind Regards, Ben Mezger Met vriendelijke groet, Ben Mezger