Damien Hull wrote: ... > Thanks for the info. My concern is that OpenBSD is "secure by default" > when you do a base install but when you start adding things like Postfix > etc... are you still secure?
How can that be answered? The weakest link determins system security. It doesn't matter how secure your door is if your Windows(tm) are unlocked. If you run an insecure app on a secure OS, you end up with an insecure system. It isn't hard to understand. OpenBSD has some leading-edge tricks to _help_ protect you against application errors, but nothing is going to help you against every poorly written -- or misused -- application. > I know you can configure the system so that most files are read only. I > also know that you can run Postfix in a sandbox ( jail ). It all depends > on how much work I want to put into securing the system. If the answer > to the above question is "no!", then I'll have to lock down Postfix > etc... If the answer to the above question is "Yes!" then I can leave > things the way they are and just install Postfix. *sigh* maybe it is hard to understand... > There are trade offs between security and management over head. correct. Everyone wants ultimate security. Assuming it doesn't inconvinience them. At all. (i.e., they don't give a rat's butt about security, but they can talk a good story). (sorry, that was a totally off-topic rant, not aimed at you at all...just at the world in general) > Putting > Postfix in a sandbox is a nice idea but my understanding is that you > have to take Postfix off-line to add any users and then putt it back in > the sandbox and then bring it back on-line. Leaving Postfix outside of a > sandbox means you just add users when you need to. I did this once on a > FreeBSD email server a few years back. I decided that a sandbox was to > much work. you also have to decide what the "sandbox" really does. Sometimes...people make things really difficult to maintain but don't really improve the real security. Understand the "why" and "how"... > I'm still a long ways away from designing a system. I haven't even > decided which OS I want to use. If enough people on the list can > convince me that OpenBSD is the way to go I'll install it on a system, > ship it down to Seattle and collect my mail. This will be on a test > domain of course. If you expect magic to happen if you run a bad app on a good OS, please go run something else. Here's what it boils down to: Run your mail server on OpenBSD, you will have to worry about the mail server and the OS. But you will have to worry about the OS less. The OS may save your butt from a security problem in your app, but if it does, you probably should have updated your app (or the developer should have been "on" the problem long before), which means you have other problems, problems that OpenBSD shouldn't be relied upon to solve (even if it might) If you don't trust your app, reconsider the choice, or "contain" the problem as best you can, so it can not spread to more critical systems. Nick.
