On 5/7/20 11:11 AM, Kevin Chadwick wrote: > On 2020-05-07 14:10, Consus wrote: >> On Thu, May 07, 2020 at 04:00:15PM +0200, i...@aulix.com wrote: >>> Dear OpenBSD fans, >>> >>> Can you please comment negative appraisal from the following website: >>> >>> https://isopenbsdsecu.re/quotes/ >>> >>> I did not want to hurt anyone, just looking for a secure OS and >>> OpenBSD looked very nice to me before I have found this website. >> > > Perhaps you could cite which part as the parts I read should seem without > merit > to anybody? > >> The fun thing to do: offer $50k rewards for code execution >> vulnerabilities and wait for results. >> > > "Apple has lately been slapping proprietary mitigations around like there’s no > tomorrow. But thing is, mitigations are often delicate creatures, with rather > fragile assumptions. Having too many of them in one place can easily make them > break one another, as happened here with execute-only memory vs PAN." > > I am sure that examples of mitigations leveraging and protecting each other, > or > an exploit failing because of multiple mitigations is far more common than > them > hurting each other. > > "I put a lot more faith in privilege separation and reduction than in all the > mitigations. I’d be really impressed by a move to a safe language… most > everyone > is late to that party, so it’s a chance for someone to pull ahead if they > wanted > bragging rights" > > I wouldn't want to read an OS written in Rust and I would love to see secure > developments in C even if it hampers potential performance. Things like Go are > not suitable for an OS with many small programs. > Curious about why... though admittedly I have never written or read rust in great detail. Genuinely curious why, I thought it was supposed to be pretty nice with thread safety and all that jazz.
> Also, OpenBSD is one of the pioneers of privilege separation and most Go > programs are not privilege separated at all. > > I quickly lost interest, sorry. IMO, the main thing that causes exploitations > is > carelessness. OpenBSD cares and is careful! > Aisha
