Hi. I'm jon.404, a Unix/Linux/Database/Openstack/Kubernetes Administrator, AWS/GCP/Azure Engineer, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: *nix.
Logical Fallacy in "The Insecurity of OpenBSD"
First off, the blogpost:
http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
The argument here is NOT whether or not OpenBSD is secure, it's whether or not OpenBSD should implement ACL's. Granted, I'd like to see some more advanced capabilities here, too, but tossing the baby out with the bathwater seems quite silly. A new framework or mindset is needed to understand the problem.
The difference in approaches is simple. Let's say I work in an area that is known to contain extremely dangerous viruses, bacteria, and other pathogens that could make me exceptionally sick or even kill me. The ACL approach is to get vaccines beforehand and then walk in to the area with my normal street clothes on. The OpenBSD approach is to forgo the vaccines in favor of a full NBC suit (complete with gas mask). Sure, I have to check the suit for rips and tears each day, but isn't that what the code audit is there for?
Neither approach is entirely complete. Should my immune system fail, the ACL approach is useless, and should my suit fail, the OpenBSD approach is useless. Saying that one contributes to security moreso than the other is rubbish.
But I will ask this: how many OS vendors have accomplished a thorough code audit like the OpenBSD team? How many vendors aim for code *correctness*, and achieve it like the OpenBSD team? I believe the OpenBSD team has created the finest NBC suit on the planet...and their security track record reflects that belief.
I'll end with a quote from Tassilo, which I think sums my position up rather nicely:
Of course, Tassilo...I mean, look at how well microsoft has done with a very similar approach! Microsoft has some of the most advanced ACL capabilities on the planet...we should ALL strive to be more like Darth Ballmer and crew!
haha.
http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
The argument here is NOT whether or not OpenBSD is secure, it's whether or not OpenBSD should implement ACL's. Granted, I'd like to see some more advanced capabilities here, too, but tossing the baby out with the bathwater seems quite silly. A new framework or mindset is needed to understand the problem.
The difference in approaches is simple. Let's say I work in an area that is known to contain extremely dangerous viruses, bacteria, and other pathogens that could make me exceptionally sick or even kill me. The ACL approach is to get vaccines beforehand and then walk in to the area with my normal street clothes on. The OpenBSD approach is to forgo the vaccines in favor of a full NBC suit (complete with gas mask). Sure, I have to check the suit for rips and tears each day, but isn't that what the code audit is there for?
Neither approach is entirely complete. Should my immune system fail, the ACL approach is useless, and should my suit fail, the OpenBSD approach is useless. Saying that one contributes to security moreso than the other is rubbish.
But I will ask this: how many OS vendors have accomplished a thorough code audit like the OpenBSD team? How many vendors aim for code *correctness*, and achieve it like the OpenBSD team? I believe the OpenBSD team has created the finest NBC suit on the planet...and their security track record reflects that belief.
I'll end with a quote from Tassilo, which I think sums my position up rather nicely:
Quote:
Don’t you think something is fundamentally flawed, too, in saying “we might have an insecure Linux, but instead of fixing it, we put another shitload of code on top of it, and call it SELinux, of course the added extra code is 100%-bug free… sort of”.
haha.
Total Comments 3
Comments
-
To use your analogy, the NBC suit would have parts made by other people, parts which were not audited, ans is therefore less reliable than the vaccine.
Still, an interesting read.Posted 01-22-2010 at 08:39 PM by Josh000 -
Incorrect. The entire "NBC suit" for the default install of OpenBSD *is* audited by the OpenBSD team. Once you install ports, you're on your own, but the default installation (including chrooted apache, bind, sendmail, etc...) has been repeatedly audited since 1996 and is re-audited every time a change is made.
Guaranteed, OpenBSD could definitely use a "second layer" of protection in the form of ACL's...this is true. Stock Unix permissions are not sufficient...but look at the intent of ACL's...to "contain" a successful attack **after** it occurs. The OpenBSD approach has been to avoid being vulnerable in the first place.Posted 01-22-2010 at 10:39 PM by rocket357 -
Well, right. I think the point the article makes is that the OpenBSD is not much use as a server, unless some software is installed from ports.
Because of this, that second layer of attack should be necessary, rather than simply trying to avoid being vulnerable in all cases.Posted 01-23-2010 at 12:20 AM by Josh000