Announcement

Collapse
No announcement yet.

HardenedBSD: The Latest BSD Project That Aims To Boost Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by JS987 View Post
    There are also kernel written in other languages. Unsafe code is faster than safe code because of missing checking. Security depends also on userspace.
    Security would be improved if usage of C language would be minimized which means kernel can't support C userspace API and userspace can't contain C libraries / applications
    which means it can't be POSIX compliant.
    No, there are no modern OS kernels that are written in any other langauge than the C family.

    You speak like a person truly disconnected from the real world. Fantasizing about some alternate reality is just a waste of time for you and everyone else, and your ramblings are not unique or remarkable. We all know of C's pitfalls, but there are no better alternatives now for the job that needs to be done. Plenty of intelligent people have tried, they have all failed.

    Your only rational option is to submit work that proves it can be done, or spend your time more wisely.

    Comment


    • #12
      Originally posted by chrisq View Post
      No, there are no modern OS kernels that are written in any other langauge than the C family.

      You speak like a person truly disconnected from the real world. Fantasizing about some alternate reality is just a waste of time for you and everyone else, and your ramblings are not unique or remarkable. We all know of C's pitfalls, but there are no better alternatives now for the job that needs to be done. Plenty of intelligent people have tried, they have all failed.

      Your only rational option is to submit work that proves it can be done, or spend your time more wisely.
      He's not arguing about the C family he's arguing about C itself, and there's plenty of non-C kernels in modern times

      L4 is C++
      seL4 is written in Haskell
      Microsoft Singularity is C#
      Coyotos is BitC (granted that there's been no new development as of 2010)

      and that's not to mention the hobby projects like Meneut and MOSA

      Comment


      • #13
        Originally posted by xeekei View Post
        Why don't these people like OpenBSD?
        FreeBSD has bigger community of developers, and is more flexible, feature rich. It simply follows a different philosophy. I personally prefer the one of OpenBSD (less code/features, more checking/familiarity), but on the other side there is a reason why I don't (can't) use OpenBSD for my work.

        I just love to see those retards bashing BSD, promoting Linux, they must be paid to do so.

        Comment


        • #14
          With all due respect to OpenBSD (which I appreciate pretty much...), FreeBSD has better performances in many areas. It just need some "polishing".
          C's bashing (so usual...) is just amusing, nothing to worry about.

          Comment


          • #15
            Originally posted by AnonymousCoward
            BSD

            Security

            Pick one.
            Originally posted by JS987 View Post
            Linux security is also joke intentionally or accidentally because of using dangerous language like C, missing / insufficient code review and testing.
            No, AnonymousCoward is right, one can only choose BSD or Security. Just look at FreeBSD. No ASLR, no PIE and no stack-protection for 3rd party packages, the very basic features that all other operating systems use today. OpenBSD and DragonflyBSD ASLR is a joke, predictable and the variation is very smart unlike Linux. Also, W^X sucks.

            Linux compared to all BSDs are way more secure and better designed for security and security improvements. Also, the community environment is very friendly and accepting of bug reports and security updates. By contrast, FreeBSD has so much politics that it's nearly impossible to get a patch committed to mainstream. Even Shawn Webb (one of the developers of "hardened"BSD) admits this a recent BSDNow episode. In general, FreeBSD doesn't care about security, OpenBSD does a lot of shitty things calls' them security enhancements while NetBSD and DragonflyBSD are no where to be found.

            Frankly, I think this HardenedBSD project is just going to die without committing any patches to the main FreeBSD code branch. They will achieve nothing.

            Originally posted by reCAPTCHA
            I just love to see those retards bashing BSD, promoting Linux, they must be paid to do so.
            They don't bash BSD. BSD bashes itself. No one get's paid to promote Linux. Linux is promotes by itself.

            If you what to see how much bullshit BSD developers vomit out of their mouths, Watch this (Warning, this is full of lies and famebait):
            http://www.youtube.com/watch?v=jo8ObzR1tKQ

            It's presented by Shawn Webb, This is what he claims:

            -------BSD propaganda--------
            2001: PaX team created a patch for Linux (which according to Webb, Linux did not adopt it)

            2004: OpenBSD starts work on "ASLR". Gets everything except execbase rand (PIE)

            2005: Linux "rips off" PaX (even though PaX was made for Linux) and "dump it down" calling it secure (notice the vague terms used).

            2007: Windows Vista gets ASLR

            2007: Apple gets ASLR

            2008: OpenBSD completes "ASLR" implememntation with PIE support.

            2011: Solaris 11 gets ASLR

            2012: Apple finishes ASLR

            2014: Oliver Pinter and Shawn Web submit ASLR patches to FreeBSD.
            ------------------------------

            That's the bullshit that Webb claims. Last time I heard, this was what happen:

            -------The truth--------
            2001: PaX team created a patch for Linux and therefore Linux has ASLR but not turned on by default.

            2004: OpenBSD rips off PaX and dumps it down calling it "ASLR" and everything breaks

            2005: Linux improves PaX and turns it on by default.

            2007: Windows Vista gets ASLR

            2007: Apple gets ASLR

            2008: OpenBSD releases the "We have finished ASLR" propaganda and fakes PIE.

            2011: Solaris 11 gets a weak form of ASLR

            2012: Apple releases it's own "We have finished ASLR" propaganda ASLR

            2014: Oliver Pinter and Shawn Web submit ASLR patches to FreeBSD and got rejected due to internal BSD politics.
            ------------------------

            Another bullshit Webb claimed is that he loves BSD because BSD has less politics then Linux. The opposite is true in fact Webb retreated that statement in a BSDNow interview.

            This goes to show you can never trust BSD folks. Sorry but that's what they are and they are known to be very unfriendly and hostile to outside contribution.

            Thank you all for reading.
            Endman

            Comment


            • #16
              Originally posted by endman View Post
              2001: PaX team created a patch for Linux and therefore Linux has ASLR but not turned on by default.
              Well, Linux only had ASLR if you applied the 3rd party PaX patch. The PaX patch was not accepted in mainline kernel. (please point me to a commit if still think I am wrong)

              Also, ASLR is only one of many nice features in PaX. There are others like PAGEEXEC, MPROTECT. PaX is often used as a part of Grsecurity, which again adds many more hardening features (chroot hardening, IPC hardening, RBAC etc)

              Oh, btw, PaX started in 2000, not 2001. Grsecurity started in 2001.

              2004: OpenBSD rips off PaX and dumps it down calling it "ASLR" and everything breaks
              I assume that "everything breaks" means that *many* 3rd party application breaks due to OpenBSD's memory protection features. Those apps were silently broken on Linux too, but OpenBSD folks made sure that many of those bugs got fixed. This was a huge benefit for everyone.

              2005: Linux improves PaX and turns it on by default.
              This is wrong.
              Originally posted by http://en.wikipedia.org/wiki/Address_space_layout_randomization#Linux
              Linux has enabled a weak form of ASLR by default since kernel version 2.6.12 (released June 2005).[8] The PaX and Exec Shield patchsets to the Linux kernel provide more complete implementations.
              PaX is still, in 2014, a 3rdparty patch, which mainline has not yet adopted. (latest patch for linux-3.16.1 is ~3.2MB of size)

              Linus explains why he rejects PaX in 2009: http://lwn.net/Articles/313765/

              An article which includes some of the Grsecurity/PaX history: http://lwn.net/Articles/313621/

              So no, Linux has not improved PaX and PaX was not enabled by default in 2005. What you call "BSD propaganda" is closer to the truth than the "truth" you present.

              Comment


              • #17
                If you are serious about security, then OpenVMS is still supreme. The firewall in front of it is less secure than it is.

                Banned from defcon. Google it. or lazy web http://deathrow.vistech.net/defcon.txt

                Comment


                • #18
                  Originally posted by chrisq View Post
                  No, there are no modern OS kernels that are written in any other langauge than the C family.
                  You speak like a person truly disconnected from the real world. Fantasizing about some alternate reality is just a waste of time for you and everyone else, and your ramblings are not unique or remarkable. We all know of C's pitfalls, but there are no better alternatives now for the job that needs to be done. Plenty of intelligent people have tried, they have all failed.
                  Your only rational option is to submit work that proves it can be done, or spend your time more wisely.
                  There is no modern widely used kernel which was created/designed from scratch last 10 years without using standards with ancient origin like POSIX because it would be useless without support of 1000s types of hardware and porting existing software or creating new one.
                  It would need company big as Microsoft. It is possible to have kernel as mix C and C++. Haiku kernel is using also C++ in kernel. It contains also C code, but it is BeOS compatible which is originated in 1991 which means Haiku isn't designed from scratch.

                  Rewriting kernel and userspace to C incompatible language would be unrealistic, but C code can be incrementally converted to C++14 which is more type safe. Result wouldn't be POSIX compatible, but it would be safer.

                  Comment


                  • #19
                    Originally posted by Luke_Wolf View Post
                    He's not arguing about the C family he's arguing about C itself, and there's plenty of non-C kernels in modern times

                    L4 is C++
                    seL4 is written in Haskell
                    Microsoft Singularity is C#
                    Coyotos is BitC (granted that there's been no new development as of 2010)

                    and that's not to mention the hobby projects like Meneut and MOSA
                    seL4 is written in C, with an equivalent model in Haskell that has to run in userspace. See https://github.com/seL4/seL4/blob/master/README.md
                    Wiki claims the Coyotos author discontinued it because there were fundamental flaws in BitC.
                    Menuet is asm. I suspect you're not interested in seeing everything written in plain asm; C is safer.
                    MOSA is another C# project, FWIW.

                    Bluebottle OS is interesting as the main new OS with a non-C-related HLL.

                    Comment


                    • #20
                      NuBSD will bring more security than HardenedBSD

                      IMHO, NuBSD will bring more security than this shiny HardenedBSD project.

                      Comment

                      Working...
                      X