Source structure similarities between OpenBSD and FreeBSD?

Source structure similarities between OpenBSD and FreeBSD?

Post by Donald E. Goodwi » Sat, 20 Nov 1999 04:00:00



Hi there:

After using Linux for a couple of years I just switched over to
FreeBSD.  I have found it is much more organized (imho) than the Linux
sources.  Perhaps I just like simplicity.

We are interested in integrating OpenBSD for the extra security
features.  Is OpenBSD structured in a similar fashion?  Is
re-configuring the kernel as easy as in FreeBSD?  

Thanks,

Donald

--
Donald E. Goodwin
Oxford Cryosystems North America
Tel: 800-598-1175 Fax: 617-630-8382

 
 
 

Source structure similarities between OpenBSD and FreeBSD?

Post by Andrew G. Bacch » Sat, 20 Nov 1999 04:00:00



> After using Linux for a couple of years I just switched over to
> FreeBSD.  I have found it is much more organized (imho) than the Linux
> sources.  Perhaps I just like simplicity.

  Wise choice.  Exactly the reason I swithced last year.  There is much
better control over layout and logic.

I can't really answer your question regarding ease of kernel rebuild, but
the main difference I've heard is OpenBSD is built for stronger security
where FreeBSD is easier to use for newbies.  Good luck.

 
 
 

Source structure similarities between OpenBSD and FreeBSD?

Post by Helmut Kre » Sat, 20 Nov 1999 04:00:00



>We are interested in integrating OpenBSD for the extra security
>features.  Is OpenBSD structured in a similar fashion?  Is
>re-configuring the kernel as easy as in FreeBSD?  

They are very similiar in this respect.

        Helmut

 
 
 

Source structure similarities between OpenBSD and FreeBSD?

Post by Jordan Hubbar » Sun, 21 Nov 1999 04:00:00



> We are interested in integrating OpenBSD for the extra security
> features.  Is OpenBSD structured in a similar fashion?  Is
> re-configuring the kernel as easy as in FreeBSD?

Yes, they're quite similar, though I hope your definition of "extra
security" is fairly loose since OpenBSD is not, contrary to popular
belief, some order of magnitude "more secure" than FreeBSD.

What OpenBSD has done (roughly) is audit for a number of buffer overflow
cases and integrate IPSec.  Some of those buffer overflow cases
represented true vulnerabilites (vs internal overflows that could, at
worst, cause the program to fail rather than be exploited) and FreeBSD
has integrated them as well as many of the more cosmetic fixes.  IPSec
is an add-on package for FreeBSD (see www.kame.org) and can be easily
integrated by following the instructions there. The KAME folks are also
right now in the midst of integrating their work into the upcoming
FreeBSD 4.0.

I also don't mean to take away from the good work that OpenBSD has done
in showing many of us in the *BSD community where we needed to improve
security, but I do take issue with some of the more rabid OpenBSD
evangelists who claim that OpenBSD is uncrackable and FreeBSD is full of
holes.  Nothing could be further from the case, and the reality is that
all of the *BSDs look at one another's security fixes (one of the
virtues of open CVS repositories for all the projects) and that most, if
not all, of the recent exploits have been completely outside the OS and
have affected OpenBSD and FreeBSD equally.  An unaudited problem in
qpopper or imapd (or sendmail or...) affects ALL of the *BSD groups and
I've seen the proof of this born out in numerous advisories.  As much as
we'd like to, none of the *BSD groups have  the manpower to audit every
single 3rd party application which might also be the source of a
compromise, and even if we did that work would be quickly invalidated by
each subsequent release of such technology and we'd have to audit it all
over again.

Security is definitely one area where believing the hype can cost you a
lot, and every good admin should know full well by now that effective
security begins at home, not in the hands of the OS vendor.

-- Jordan Hubbard
   Co-founder/Release Engineer, The FreeBSD Project
   Walnut Creek CDROM

 
 
 

Source structure similarities between OpenBSD and FreeBSD?

Post by David Schwart » Tue, 23 Nov 1999 04:00:00



> Security is definitely one area where believing the hype can cost you a
> lot, and every good admin should know full well by now that effective
> security begins at home, not in the hands of the OS vendor.

        Agreed entirely. On the other hand, however, bad security can begin
anywhere.

        DS