Hello, https://www.openbsdfoundation.org/activities.html->i can see that the
money goes to: https://www.openbsd.org/hackathons.htmland
network/hardware/hosting/etc. But anybody thought about having a security bug
bounty for OpenBSD based on the money in the foundation? For responsible
reporting. Eg.: 100 000 USD for a RCE on the default install of OpenBSD. With a
default OpenBSD install we have (examples where to have RCE): - running SSHD on
TCP port 22- running ntpd which is for clock sync- running dhcpreleased to get
IP (shellshock-like issues?)- running slaacd to get IPv6- running resolvd- root
can execute a "pkg_add -u" (can a mitm attacker get in via the update mechanism
after a fresh default install?)- root can execute a "fw_update"- root can
execute a "syspatch"- root can execute a "sysupgrade"- root can run a "tcpdump"
(again mitm to inject payload to the network which tcpdump catches and causes
RCE?)- user/root can execute an "ssh x.x.x.x"- user/root can execute a "ping(6)
x.x.x.x"- user/root can execute a "dig foo.bar" or "host" cmd- user/root can
execute a "nc x.x.x.x"- user/root can execute a "telnet x.x.x.x"- user/root can
execute a "showmount -e x.x.x.x"- user/root can execute a "tcpbench x.x.x.x"-
user/root can execute an "arp -a"- user/root can "mount" a remote (nfs) share-
user/root can search for "ldap" infos- user/root can print to a remote printer-
user/root can read mails via the "mail"- root can mount a remove iscsi target-
root can start a vpn- root can use bgp/etc. - the running kernel, tcp/ip stack
or other protocol, pf, etc. etc. etc....This probably won't have too much
findings (since OpenBSD looks secure) so don't have to worry about having 23
RCE reported in the first year imho. But it would still point out that we can
trust that OpenBSD is really secure by default. Thanks.
