Thread replies: 57
Thread images: 4
Thread images: 4
Anonymous
BSD And Other Things 2017-06-15 08:31:02 Post No. 60917015
[Report] Image search: [Google]
BSD And Other Things 2017-06-15 08:31:02 Post No. 60917015
[Report] Image search: [Google]
File: Systemagic.jpg (84KB, 255x323px) Image search:
[Google]
84KB, 255x323px
/bsd/ - *BSD General Thread
Discuss FreeBSD, OpenBSD, NetBSD, DragonFlyBSD, OPNsense, FreeNAS, etc.
Join IRC (if you want actual help):
#baot @ irc.rizon.net
#freebsd,#openbsd,#netbsd @ irc.freenode.net
Documentation:
https://www.freebsd.org/handbook
https://www.openbsd.org/faq
https://www.netbsd.org/docs
Curious Linux user? Ask questions, get answers, ignore obvious trolls.
>>
>>60917015
What are some advantages for me to migrate a Linux server to *BSD?
>>
First for HardenedBSD
>>
>>60917128
Lipstick on a pig. Adding ASLR doesn't make up for 25 years of ignoring good coding practices in favor of muh performance and muh enterprise.
>>
>>60917087
A lot of it will be similar, just a different firewall/package manager/etc.
OpenBSD really cares about security, FreeBSD has ZFS.
Linux (the kernel devs especially) don't really care about security. A security bug is just a regular bug to them.
GNU's code is usually bloated in comparison to BSDs' versions. Check the examples online for the "echo" and "yes" commands for a pretty realistic view of what I mean.
>>
>>60917128
FreeBSD ASLR doesn't even work on x64.
>>
bsd is good
>>
I like DragonflyBSD because the devs dont seem stuck in the past
>>
I just installed freebsd in my laptop to see if it werks.
>>
>>60919731
>freebsd
https://vez.mrsk.me/freebsd-defaults.txt
>>
>>60919936
>openbsd
>lack of MAC because NIH, and if you really think it's a bad thing, you're fucking retarded
>awful randomization of memory, but look, muh aslr
>non strict w^x
>pledge is a system call wrapper vulnerable to many exploits (and no, i am not referring to the fact that it's not an actual sandbox)
>ancient filesystem
>tweaks in the kernel to starve a NIC that's too fast of buffers
>wat is SMP
>wat is NUMA
>wat is observability
>wat is auditing
If you unironically use OpenBSD because it's "secure" or somehow "good", I'm really worried for the world. Mind you, there is no OS that gets everything right, but OpenBSD gets far too much wrong
>>
>>60919629
i don't understand, wasn't openbsd the first to fully implement ipv6?
>>60920288
>literally none of it is backed
as expected, i like how you think the guy who posted this uses openbsd though, proves how insecure freebsdfags are
>>
>>60920304
Literally proofs of this are in various scientific papers, also nice job assuming I'm using FreeBSD and that the person who wrote this isn't blackflow who doesn't do jack shit other than sit on his OpenBSD machine, watch anime and shitpost here
>>
>>60920344
>the .txt file literally shits on freebsd's security and has actual PROOF and was influential enough to get the freebsd team to put some shit in their installers
>gets buttmad about it
>n-no! i don't use freebsd!
also
>scientific papers
literally where you dumb nigger
>>
>>60920288
Then what do you suggest?
>>
>>60920363
Exploiting concurrency vulnerabilities in system call wrappers. Broke OpenBSD once, still breaks it since pledge is the same dogshit. But hey, I'm sure that access control is insecure ;).
As I said, not a single OS gets everything right, and FreeBSD definitely isn't one, it lacks just about every exploit mitigation out there, which is terrible. But hey, just thought you should know that OpenBSD is not any better, and in fact, I'd argue worse when a port is installed since you can't confine it.
>>
>>60920497
I honestly suggest running what fits your usecase best and ignore the fanboys spreading shit everywhere while being uninformed. If that's OpenBSD, run OpenBSD, that kind of thing.
>>
>>60920518
yeah, ok so that's one and without evidence again
and i'm sure you create jails for every single program you install, that's practical and can't go wrong in any way
>>
Is BSD viable as a desktop OS?
>>
>>60920518
Add to the fact that literally nobody uses any of the OpenBSD forks of software, all maintained by them (because they're obviously smarter than everyone else). Of course, you're told it's more secure... By them. In reality, nobody gives a shit about OpenBSD and nobody uses that software except for OpenSSH, which, i have to say, is good. But hey, the OpenBSD folks are the first to jump to other people's problems, without addressing their own
>>
>>60920561
yeah i guess i'll just go back to using screen then
>>
>>60920533
Jesus fucking Christ why are you such a fanboy? FreeBSD isn't secure. Linux isn't secure, neither is OpenBSD. Stop fucking shilling like a braindead hamster and help improve the security of today's systems instead of giving people the illusion that everything is okay.
>>
>>60920578
lol where did i claim that openbsd was flawless
>Only two remote holes in the default install, in a heck of a long time!
that's their slogan for fuck's sake, even they know it's not perfect
>>
>>60920592
Oh they do, I know them personally, but they do give out the illusion to everyone else that they're somehow superior. That's the fucking problem. It spreads through the internet with random fanboys and ends up hurting security overall. I'm gonna pop off here because it's really fucking late where I'm at though.
>>
>>60920561
>stop liking what i done like
just shut up already you double faggot ass nigger
>>
File: 1307355118552.jpg (29KB, 300x300px) Image search:
[Google]
29KB, 300x300px
>>
>>60920288
>If you unironically use OpenBSD because it's "secure" or somehow "good"
It does what I want it to better than the rest and what it doesn't do or doesn't do well I couldn't give less of a shit about.
>>60920551
Yes
>>60920561
>tmux
>OpenSSH
>pf
>mg
>OpenNTPD
>OpenIKED
>sudo
All OpenBSD projects or at least projects by OpenBSD devs.
>>
if you don't see the value in unix you're not going to appreciate OpenBSD.
>>
>>60920551
It's mine. I mostly program, listen to music, etcetera, though. Depends on what you want a desktop for.
>>
File: pledge.jpg (140KB, 1300x804px) Image search:
[Google]
140KB, 1300x804px
>>60920288
>>
>>60920551
I have it on my older desktop. Works pretty good with Linux compat and WINE for nonfree games. It can be a chore to setup akin to Linux before Ubuntu came along but I'm kind of annoyed with Linux systems being such bitches for syndromeD.
>>
>>60920578
OpenBSD's own team highlight most of their flaws and thanks to the system design most flaws are academic at best. If you want to moan about NIH how about how glibc refuses to pick up strlcpy, or how everyone dragged their feet with NX and ASLR, still a broken mess on FreeBSD.. How about how it took Ubuntu to bring privsep to Linux years after OpenBSD lead the way? How about how a simple, portable, real-world mitigation like pledge gets shouted down by autistic neckbeards and their simpleton understanding of defence-in-depth? Fuck you cancer.
>>
File: 1471193856015.jpg (87KB, 533x727px) Image search:
[Google]
87KB, 533x727px
Is ksh good enough? I'm not too concerned about scripting--I know that it shares a lot of the same functionality as bash--but I'd like to know if it be modified so as to display the path I'm in, as well as display directories, executable files, & c. in different colors so that it's easier to tell what's what.
>>
>>60923398
Colorisation is a ls thing, not a shell thing. But yes, any shell can tell you what directory you're in.
>>
>>60917256
It's not only ASLR
https://hardenedbsd.org/article/shawn-webb/2017-03-02/introducing-cfi
>>
>>60923474
Overwrought theatrics, lot of good it did for Windaids. The only thing that makes a difference is fixing the source. strlcat is cheap, and now so is pledge.
>>
>>60923805
The main problem still stands, userland is insecure on *nix.
As with software even the forks that are ought to be more secure still has new vulns like LibreSSL.
Pledge is nice but still gonna take you years to fix important software.
For OpenBSD it would be good to switch to Clang and use safestack & cfi and a RBAC would be gold to have.
>>
>>60924443
Insecure userland? I challenge you to gain root from user on OpenBSD. I posit you'll get a core dump at best.
>>
>>60924518
yes userland that runs all shitty software.
There are tons of vulns in software to find unless there is cfi you can use ROP to do pretty much what you want.
>>
>>60924518
and i don't say default installation, let's say libreoffice, some music player, web browsers, pdf software, email client and so on.
>>
>>60924518
If you have dbus or consolekit on your system it's already insecure because it can do all sorts of weird stuff.
>>
>>60924545
Sure whatever bud, let's see you elevate to root with libreoffice on OBSD.
>>
>>60924659
It isn't all that different from any other OS, that is how exploitation works.
Sure you have ASLR but you can still bruteforce or use ROP.
I wonder if anyone is fuzzing openbsd syscalls since there are always bugs there in any OS.
>>
>>60917283
>bloated
Wouldn't really use that word there. Gnu yes is really faster than the OpenBSD one and about the same size. It's harder to read and absurdly optimized (when do you need 10 GiB/s yes?) and those are legit criticisms, but let's try and have "bloat" actually mean something.
Other GNU tools are often also bloated, though.
>>
>>60924443
>rbac
>safestack
I don't believe you understand the OpenBSD methodology: KISS. Adding complexity just makes configuration harder leading to errors and then exploits.
I can fire up a browser as a different user what difference would RBAC make? Safestack? You fucking idiot you don't know what you're talking about do you?
>>
>>60924712
Talk is cheap, let's see you do it.
>>
>>60923805
>overwrought theatrics
please tell me how to defeat grsecurity's RAP, enlightened memelord
>>
Does anyone know how to put an autoinstall file in a obsd cd.iso without compiling the entire thing from source?
>>
>>60924771
Just use netboot.
>>
>>60924748
Safestack = a better SSP.
https://clang.llvm.org/docs/SafeStack.html
RBAC basically would prevent that browser or user to even escalate to root or do other nasty stuff.
Sure you need to configure it but it isn't that hard.
>>60924759
Vulns are common in operating systems, there are many ways to do things with them.
>>
>>60917015
Spoonfeed me on PF.
>>
>>60924794
Could you eloborate?
I'd preferably deploy to vultr.
They have ipxe support through their API so that could work. But I don't have DHCP access so I don't see how I can "host" an autoinstall file
>>
>>60924812
(you)
>>60922960
>>
>>60924839
>can't find better arguments than shitty memes.
>>
>>60924826
Awesome. I used a Carp HA PF setup for a production firewall at a medium site. It was simple to build very complex rulesets that were readable. Table files make life easy and source tagging allows for some strong failsafes. Overall less prone to human error, would recommend over any other.
I have run very large sites with Linux Netfilter, and smaller sites with Solaris IPF. There's no comparison for ease of use.
>>
>>60917283
> GNU's code is usually bloated
That's a strange way to say "has more features and performs better".
>>
>>60924838
Oh VPS? Dunno dude more trouble than it's worth just build your own iso, I think it's that big a deal.
Thread posts: 57
Thread images: 4
Thread images: 4