On Thu, Dec 11, 2008 at 10:30:50AM -0800, Jeff_1981 wrote: > Dear All, > > Please can you indicate me how to run Windows or Linux under OpenBSD ? > Under Linux for example there is possibility to virtualize another OS. > If the other OS is hacked from the web does it compromizes the security of > OpenBSD ?
Who cares; if your service gets hacked, it doesn't help to keep the underlying OS clean, your service is still compromised. This list seems to generally not recommend virtualization if security is important, and is especially critical of any claim that virtualization is going to improve (and not reduce) security, since it is a new, not-too-well-known and complex technology. > Another question is if I run a server under OpenBSD is this impossible to > hack it from the web ? > The standard install of OpenBSD has no security holes anymore if I > understand, does this mean noone can hack it from the web ? what about an > OpenBSD on which wa have activated one or more services, like mail server / > web server and file sharing for within network (if used as NAS / server as > example ? Nobody has claimed OpenBSD has no security holes; it is quite possible (almost certain) there are some that have not been found yet. This applies to any software that is not created and used by perfect beings that never make any mistakes. That said, there are relatively few holes in the OpenBSD base system. Enabling services will, of course, make you more vulnerable. The OpenBSD base services are well audited and should be secure, but nobody guarantees they have no holes, and certainly nobody will claim it is "un-hackable". There may be holes in OpenBSD or the software you run on it, and if you use "kitty" for a root password there is nothing OpenBSD can do to help you. That said, OpenBSD base services are extremely secure, compared to the competition, when properly configured and patched. Note that no security audits are done to software in the ports tree; you're on your own with 3rd party software. Still, whatever it is, it certainly isn't unhackable. Anyone who claims so is lying, or talking about a machine that is turned off and not connected to a network. -- Jussi Peltola
