Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Operating Systems Security Software Upgrades BSD

OpenBSD 4.7 Released 143

An anonymous reader writes "The release of OpenBSD 4.7 was announced today. Included in this release are support for more wireless cards, the loongson platform, pf improvements, many midlayer filesystem improvements including a new dynamic buffer cache, dynamic VFS name cache rewrite and NFS client stability fixes, routing daemon improvements including the new MPLS label distribution protocol daemon (ldpd) and over 5,800 packages. Please help support the project by ordering your copy today!"
This discussion has been archived. No new comments can be posted.

OpenBSD 4.7 Released

Comments Filter:
  • by rivaldufus ( 634820 ) on Wednesday May 19, 2010 @06:14PM (#32270804)
    Perhaps every Ubuntu release story should have a link to a site titled "The Unusability of Ubuntu." Seems fair, doesn't it? The article would necessarily have to be negative... title non-withstanding. Slashdot has turned seriously hostile to non-Linux open source operating systems. I'm not sure why. I've even heard people here use the classic, "nobody uses it, so it must be bad" argument - the same one Windows users make about Linux.
  • by magellanic ( 689252 ) <owen@magellanic.co.uk> on Wednesday May 19, 2010 @08:21PM (#32272456)

    The fact that the OS code is audited is nice, but can't protect against other insecure software. If you run postfix which isn't audited, and it has a hole and the attacker gets root, then there is nothing to stop them.

    Maybe I'm wrong, but if the mail server isn't crap it should give up root privileges as soon as possible. So, to get root you need to do two things.

    1) Exploit a bug in the mail server
    2) Exploit a bug in the operating system to gain root privileges

    If MAC is part of the operating system, and can therefore contain operating system bugs, how does it mitigate step 2? How does it mitigate it any more than an operating system without MAC?

    An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.

    Are you serious? The root user has ultimate power by definition. That's been the case with *NIX for decades.

  • by magellanic ( 689252 ) <owen@magellanic.co.uk> on Wednesday May 19, 2010 @08:53PM (#32272820)

    OpenBSD doesn't want to take over the world, see the project goals [openbsd.org]. This doesn't stop their work becoming used on a large scale, but this happens because of the software's features and technical superiority.

    On the other hand, many Linux advocates seem to be obsessed with the idea of world domination. I've seen these people choose Ubuntu for reinstall/upgrade jobs when their friends and family would genuinely be more comfortable, and better off, with Windows or OS X.

    Decide for yourself which is the more noble goal.

  • by udippel ( 562132 ) on Wednesday May 19, 2010 @09:42PM (#32273370)

    While I consider your comment as 'Interesting', if not 'Insightful', I still can't approve of your

    This is the story Slashdot should have included to run.

    The story is about the release of the most recent OpenBSD, 4.7; its availability, funding, etc. The discussion about its 'lack of security' is surely of a very different nature.

    Having read the article mentioned by you (I saw 43 comments,?), I can only agree - and I knew that for long - that OpenBSD has no access control systems on top of the Unix-permissions. If they should be there, and how their lack renders OpenBSD less secure than Linux, is quite another topic. Actually, I was kind of disappointed when reading the article, because it focuses solely on access control to crack OpenBSD. So even the title was badly chosen: the article talks about a perceived 'lack of a security feature' or something to that behalf; not about an 'insecure' OS. And yes, there is a difference, and the article is clear about it: If, and only if, the system is broken into (already), can additional access controls eventually contain damage.

  • by Ilgaz ( 86384 ) on Wednesday May 19, 2010 @09:48PM (#32273430) Homepage

    IMHO if someone has problem with OpenBSD community/leader, he should hang at Mac community/websites/mags and especially IRC channels for a while.

    I also think OpenBSD theocratic leader and hostile community could be the reason why OpenBSD has its unique and prestigious position today... We all heard how many users got banned for questioning inclusion of Mono to a "user friendly" Linux OS distro which has democratic leadership right?

  • by magellanic ( 689252 ) <owen@magellanic.co.uk> on Thursday May 20, 2010 @03:26AM (#32275804)

    The mailserver is just an example. There is plenty of insecure software running as root.


    MAC cannot prevent the exploit as such, but it can make the attacker completely limitless. You can take away execute permission, write permission (allowing just append), no file creation, absolutely nothing except the very minimal that the program actually needs.

    This sounds a lot like what securelevel(7) [openbsd.org] already does.

    There is absolutely no reason to have a user with absolute power when we have the technology to segregate power and duties, there by significantly reducing the attack surface.

    There is absolutely no reason to put up walls so the sysadmin can't do anything, rather than fix the bugs that let an attacker gain root in the first place.

  • by teknopurge ( 199509 ) on Thursday May 20, 2010 @09:56AM (#32278454) Homepage
    The difference between the OpenBSD community and the Apple community is that the OpenBSD folks know what they are doing. I'm not trying to troll here, but Theo is an asshole, and the exact type of person that I want developing my kernel. His know-it-all attitude and demand for "not-created-here" things to gtfo led to the development of things like OpenSSH. I like the OpenBSD coding style and best-practices in addition to how they audit and analyze their code; more than any feature this is paramount in selecting software for us.

    OpenBSD has fewer kernel panics than 2.6.xx.xx and for network tasks has better performance for us.

    Again, kudos to the OpenBSD team for another release.
  • by agrounds ( 227704 ) on Thursday May 20, 2010 @12:41PM (#32281190)

    Uhm... Yeah.

    Why use a cheap arm toaster that can be set up in 5 minutes when you can give CISCO a few thousand dollars for a piece of shit?

    Because that toaster doesn't provide real support and next-day RMA service. You might work in a small shop, but for people who run multiple datacenters, 100s or 1000s of network devices, and whose jobs rely on uptime this is a no-brainer. I'll take the appliance with the service guarantee, replacements, and track record over a few Dells with *nix running on them.

    You are not allowed to replace a $10000 router with a $100 redundant array of consumer hardware because it would make your boss look bad.

    I can see why you posted AC. You're out of your depth. Cisco may churn out some real crapware ancillary platforms sometimes, but when it comes to core routing and switching on the big chassis, they're pretty damned reliable.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling