Den tors 6 feb. 2020 kl 10:22 skrev Charlie Burnett <burne...@umn.edu>:
> Sorry if this has been answered before but I couldn't find a satisfactory > answer searching for it, and this is more of an academic question. So > security focused Linux distros like Qubes go to extremes to > compartmentalize/isolate any and all programs it can. FreeBSD has it's jail > program which is seemingly the gold standard for process isolation when you > can't be bothered to go to the extent Qubes does. I've been trying to read > as much OpenBSD source as I can as I find some of the security tricks > y'all've come up with damn interesting. I know that once upon a time we had > sysjail, but nowadays we have just have chroot which most systems do. What > is OpenBSD's solution to this? I'm sure I've read through it I just didn't > realize the purpose. > > I apologize if this was a question I've somehow missed the answer to! > Almost looks like you missed the question while posting the answer. You list some-linux does X, fbsd does Y, obsd does Z (which you find damn interesting!) and then ask "what is openbsds solution to this?". As of now, Z is the list of mitigations openbsd does, and that is.. the solution to "this". -- May the most significant bit of your life be positive.