@Sergio
Excuse me but I have no idea who endman is.

The reason why I wrote this post was because I presented the same problem to forums.freebsd.org to tell them that it is a serious problem in today?s situation with software security. I also asked them for any simple work arounds but all they just did was ban me and removed my post like as if they are doing some cover up. Thus I was fustrated and shock by such a community and their software that I posted here instead hoping for a solution to show people this situation.

The reason why I was doing this was because we had a new CTO (now fired) who demanded our company to migrate our Linux servers (which we were well familiar with) to FreeBSD servers (which I and other sysadmins don?t have much technical expertise). That CTO didn?t gave any reason for such a risky and unessasary switch. An argument broke out between him and other corparate officers and to resolve the issue, I was asked to use, get familiar with and analyze FreeBSD and do simple tests to see how secure it is.

After a few days of using it and reading the handbook, me and other sysadmins found that FreeBSD seriously inadequate for running our company?s servers. As per our company?s policy on who should report to who, we submitted our findings to the CTO and his response was abusive demanding that we migrate our servers immediately and learn who to use FreeBSD or be fired. Me and my fellow sysadmins knew that we would be violating the company policy governing migration of servers between software platforms if we obeyed him. Worse is that the company?s proficiency in IT would be severly deminished if our servers were using FreeBSD instead of Linux. We decided to report this to the other corperate officers and they (unlike the CTO) seriously considered our report. They then had the CTO fired for his misconduct.

The reason why this article was also at http://aboutthebsds.wordpress.com/ was because a UNIX engineer on contract at our company approached me to ask if he could publish part of my report on FreeBSD?s lack of ASLR on his blog which I agreed to as I felt that this situation should be made known to the public.


@JX8p
Thanks for the work around but our company is trying to avoid solutions involving the recompilation of an OS kernel as that would take a long time and is subseptible to complications. Furthermore, I searched around and found no evidence of FreeBSD RELEASE-10 having ASLR enabled by default. I know OpenBSD has ASLR but it is not very random and I?ve seen it hacked much more quickly and easily that either Linux or Windows. NetBSD has userland ASLR in which you have to do a ?paxctl +A <binary file>? on every binary file to make them have ASLR which is time consuming and introduces the risk of some binary files not having ASLR.


Kind regards
Felix Doggoson

@Sergio
Excuse me but I have no idea who endman is.

The reason why I wrote this post was because I presented the same problem to forums.freebsd.org to tell them that it is a serious problem in today?s situation with software security. I also asked them for any simple work arounds but all they just did was ban me and removed my post like as if they are doing some cover up. Thus I was fustrated and shock by such a community and their software that I posted here instead hoping for a solution to show people this situation.

The reason why I was doing this was because we had a new CTO (now fired) who demanded our company to migrate our Linux servers (which we were well familiar with) to FreeBSD servers (which I and other sysadmins don?t have much technical expertise). That CTO didn?t gave any reason for such a risky and unessasary switch. An argument broke out between him and other corparate officers and to resolve the issue, I was asked to use, get familiar with and analyze FreeBSD and do simple tests to see how secure it is.

After a few days of using it and reading the handbook, me and other sysadmins found that FreeBSD seriously inadequate for running our company?s servers. As per our company?s policy on who should report to who, we submitted our findings to the CTO and his response was abusive demanding that we migrate our servers immediately and learn who to use FreeBSD or be fired. Me and my fellow sysadmins knew that we would be violating the company policy governing migration of servers between software platforms if we obeyed him. Worse is that the company?s proficiency in IT would be severly deminished if our servers were using FreeBSD instead of Linux. We decided to report this to the other corperate officers and they (unlike the CTO) seriously considered our report. They then had the CTO fired for his misconduct.

The reason why this article was also at http://aboutthebsds.wordpress.com/ was because a UNIX engineer on contract at our company approached me to ask if he could publish part of my report on FreeBSD?s lack of ASLR on his blog which I agreed to as I felt that this situation should be made known to the public.


@JX8p
Thanks for the work around but our company is trying to avoid solutions involving the recompilation of an OS kernel as that would take a long time and is subseptible to complications. Furthermore, I searched around and found no evidence of FreeBSD RELEASE-10 having ASLR enabled by default. I know OpenBSD has ASLR but it is not very random and I?ve seen it hacked much more quickly and easily that either Linux or Windows. NetBSD has userland ASLR in which you have to do a ?paxctl +A <binary file>? on every binary file to make them have ASLR which is time consuming and introduces the risk of some binary files not having ASLR.


Kind regards
Felix Doggoson

Do you have any proof to back up your situation? I mean, that whole story sounds fishy and unlikely to occur in any workplace. I'd also like you to show the evidence of where OpenBSD ASLR can be hacked 'more easily'.

This is simply hilarious... It can only come from one person: The BSD troll (Pawlerson, kraftman, endman, BSDSucksDicks, etc, etc). Loser.

It seems you still didn't take your medicine. Sergio (aka: VimUser, kebbabert, Thomas Abthorpe, Eitan Adler, Shunsuke Akiyama, Monthadar Al Jaberi etc, etc)...

What's so hilarious about this? It is known fact freebsd does not have ASLR, so I wouldn't expect security from other bsd either. What's hilarious is your an only and insane argument: aka Pawlerson, kraftman, endman, startman etc.

Sure, because I am the one creating endless accounts for the sole purpose of trolling... Linux? Oh, wait...

It is also a known fact that in Puppy Linux you are logged in as root by default. Following your logic we have to conclude that this is the case for all other distros. We also have to conclude that any distro is user-friendly because Mint is, that any distro is source based because Gentoo is, that no distro uses systemd because Slackware doesn't, that any distro is commercial because RHEL is, and so on.

You know why it is so easy to spot your alter egos and connect them to you (or whichever of those accounts was the original one)? Because they all have the same poor English, the same style of argumentation, the same poor logic and reasoning.

The fact is that other BSDs also do not have modern security features that can deal with today’s security problems. The only reason why there are very little publicity in BSD security break ins is because there aren’t much installations out there (almost none). Thus learning how to be hack BSD is a waste of time expect to show BSD zealots that BSDs are inherently insecure.

OpenBSD are fools because they believe that the right way to make a secure OS is to write one that is clean and bug-free with no security mechanisms like NX, SELinux and AppArmor. The problem is no usable code can be bug-free and their meaning of clean code is ambigious if there’s a security hole and someone exploits it, BAM!!! the box is owned. In Linux if there’s a security hole and someone exploit it, Selinux or AppArmor will prevent the exploit from working.

NetBSD’s atitude to implementing ASLR in such a way that you have to do paxctl +A on every damn binary is funny at best. Also, in terms of rootkit detection, rkhunter is incompatible with NetBSD. The only thing you can install as an outdated version of chkrootkit which is shit because the updated version of chkrootkit can be defeated by many rootkits.

There’s absolutely nothing in DragonflyBSD.

On top of all this, BSD code is only checked, audited and patched by a handful of people with questionable sanity while Linux code is check, audited and patched by many including companies and real security experts. Also, much of the security implementations that do make it through to BSD (like pf etc.) are far less flexibe then their Linux counterparts.

I think it has come to the point that this argument has been used by nearly all BSD trolls that one can’t take the argument seriously. Many people have bad english so your argument fails even further.

I'm pretty sure you have no fucking idea about what you are saying... You know nothing about how an OS fucking works; all things you say are just plain stupid.

Nevertheless, take a look at http://www.trustedbsd.org, although I'm pretty sure you won't understand shit.