On Tue, May 12, 2020 at 1:27 PM <i...@aulix.com> wrote: > > Aaron, thank you for your suggestion. > > For now I prefer to try to use the oldest suitable hardware I can find, not > sure if it is a good idea. >
YMMV. Don't fall into the sunk cost fallacy. > Please someone let me know if AllWinner SoC backdoor described at: > > https://www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/ > > can be exploited in OpenBSD? > That is a kernel level issue, not an SOC level one. https://github.com/friendlyarm/h3_lichee/blob/master/linux-3.4/arch/arm/mach-sunxi/sunxi-debug.c Anyone who suggested this be put in OpenBSD's kernel would likely receive a visit from Theo brandishing a flamethrower fuelled by Substance N to melt their PC, house, land, self. > Is it a bad idea to run a small communication server on a AllWinner A20 board > like a Cubitruck if it works with OpenBSD (it is not on the list though). > What about other compatible boards like AllWinner A10 Orange PI One? > If it isn't on the list, it either isn't supported or hasn't been tested. If you have the hardware on hand, it never hurts to try the latest snap and send a dmesg to the the openbsd-arm mailing list so they can update their docs or get an idea of what's missing. > I just want my DNS (local) and postfix, dovecot (Internet) and SSH (local > and Internet) work on it protected from hackers. Running OpenBSD and spamd on your router and any non-internet facing services on other systems behind it, and not making silly decisions like password based root logins (or any login for that matter) and employing a default permit policy on your firewall are a good start. Anything else is service-specific. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
