Re: eWeek comment on OpenBSD

[Tony Abernethy]

Eliah Kagan wrote:
>
> On 6/6/06, Roger Neth Jr <[EMAIL PROTECTED]> wrote:
> > Even OpenBSDin my humble opinion, the safest operating system on the
> > planetis crackable, if you allow anyone to come and pound away at its
> > network interface.
> >
> > http://www.eweek.com/article2/0,1895,1972281,00.asp
>
> Construed literally, that would have to mean that all operating
> systems, including OpenBSD, have remote holes in their underlying
> TCP/IP stack implementations. (He's talking about pounding away at the
> **network interface** here!) This is manifestly unlikely. There are
> probably very few operating systems with remote holes in their TCP/IP
> stack implementations, and OpenBSD is probably not one of them.
>
> Steven J. Vaugh-Nichols probably doesn't mean this--he probably means
> something else. But it's not clear to me what he means, and I'm not
> sure it's clear to him, either.

Methinks you're right.

"Security is a process, not a product."
There is an ongoing process.
This ongoing process is supposed to be a cause.
Security is supposed to be the effect.

Security (to the extent that it exists) is built-in at a fundamental
level, not something bolted on later.
Security is also the non-existence of a number of stupidities.
Maybe chief among which is the tacit assumption that everything else
is perfect. (Error rate in gcc ... You're gonna do better?????)

"Some systems are more secure than others."
No. Some systems are more insecure than others.
And there are degrees of insecurity.

Is OpenBSD secure?
Dunno, but look for cobwebs on the latest security updates.


>
> If he means that running OpenBSD doesn't guarantee that you'll never
> get hurt by a cracker, though, he's certainly right about that.
>
> -Eliah