> And at some point in the last 10 years, didn't OpenBSD's distro servers get owned up?
Yes, a cvs bug I believe. No kernel will protect you from bad user-mode code that really wants to execute everybody's shell script.
> Among security research insiders, OpenBSD's reputation became a little bit farcical.
I spent lots of time looking through the OpenBSD Kernel, togheter with FreeBSD and Linux kernel. It was my job for years, looking for vulns and writing exploits for them.
I still admire the OpenBSD Kernel for their simplicity and tidiness.
No comparision to FreeBSD kernel-side. FreeBSD kernel often have commits of several hundreds of KBs of mostly unaudited code. They still don't enable stack-protection today in 2014. It's a joke. My windows phone had stack protection in 2003.
No comparision to Linux either, the Linux kernel is so huge, so full of code that even if it's way more audited than FreeBSD, there are still vulns lurking everywhere and exploits for linux kernel came out almost monthly. Probably it's the reason it have so many security features, more than OpenBSD nowadays.
Windows, their kernel is a work of art. Microsoft only have to fire the guy that says "hey I got a great idea lets parse some random protocol inside the kernel"
But I disgress. OpenBSD is still very good. Very safe in the default install. It will protect your firefox from being owned by a NSA-sized enemy that really want to hack you? no. But the problem is in the browser, not in the kernel. Don't use a big browser. It's not in the default install :)
Yes, a cvs bug I believe. No kernel will protect you from bad user-mode code that really wants to execute everybody's shell script.
> Among security research insiders, OpenBSD's reputation became a little bit farcical.
I spent lots of time looking through the OpenBSD Kernel, togheter with FreeBSD and Linux kernel. It was my job for years, looking for vulns and writing exploits for them.
I still admire the OpenBSD Kernel for their simplicity and tidiness.
No comparision to FreeBSD kernel-side. FreeBSD kernel often have commits of several hundreds of KBs of mostly unaudited code. They still don't enable stack-protection today in 2014. It's a joke. My windows phone had stack protection in 2003.
No comparision to Linux either, the Linux kernel is so huge, so full of code that even if it's way more audited than FreeBSD, there are still vulns lurking everywhere and exploits for linux kernel came out almost monthly. Probably it's the reason it have so many security features, more than OpenBSD nowadays.
Windows, their kernel is a work of art. Microsoft only have to fire the guy that says "hey I got a great idea lets parse some random protocol inside the kernel"
But I disgress. OpenBSD is still very good. Very safe in the default install. It will protect your firefox from being owned by a NSA-sized enemy that really want to hack you? no. But the problem is in the browser, not in the kernel. Don't use a big browser. It's not in the default install :)