Contributed by jose on from the sheer,-rampant-paranoia dept.
"Theo has posted on tech@ an interesting report on the security improvements recently committed to OpenBSD-current. It certainly makes me look forward to the next release. Theo's post is archived at the MARC archives "In his post Theo gives a brief technical overview of the four major security changes in OpenBSD: POSIX page protection schemes, WxorX, read only segments, and Propolice. Not all of these are on all platforms, but every platform has some protection. To quote Theo in his message, "We feel that these 4 technologies together will be a a royal pain in the ass for the typical buffer overflow attacker."
(Comments are closed)
By Anonymous Coward () on
Comments
By Ray () on
Comments
By Anonymous Coward () on
Cheerios..
By Anonymous Coward () on
By Bruno Rohée () bruno@rohee.com on mailto:bruno@rohee.com
Theos's point (as in this article ) was that it was not worth the effort if other memory existed that was executable and attacker writable.
He considered trivial to change most exploit to jump somewhere in the heap or in static data instead of jumping on the stack so just having a non executable stack did not win you much.
Now with no memory executable and writable you get somewhere, there will perhaps still be ways to attack programs that for some reasons mprotect(x, y, PROT_EXEC) some part of the memory but that for sure is not a common behaviour.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Crypto filesystems are slower, and are a PITA to recover after a power failure or something. Moreover, most people don't need it, so why make it a default?
If you want it, go ahead and use it. OpenBSD is not about enabling everything it can do out-of-the box. You enable what you want yourself.
Comments
By Anonymous Coward () on
Because police tends to go beyond law here, and just come in and take the HDD's out from computers when they want to.
Besides with the idiotic world leaders it's only getting worse.
> Crypto filesystems are slower
A P1/200 is slower then a Xeon 3,06 gHz. So? A bicycle is slower then a motorcycle. So? This is not _the_ argument not to chose a cryptofs, nor the fact that a Xeon or motorcycle is faster then P200 or bicycle is nor the main reason why you won't want the less faster one.
> and are a PITA to recover after a power failure or something.
If it's really important data, one would create backups, use UPS, etc. and think of this kind of disasters.
Don't agree with the rest you said either, but it's not that important then this...
Comments
By couderc () on
I don't where is the problem in the case all you do is legal.
Comments
By Anonymous Coward () on
Comments
By couderc () on
By tedu () on
You: Don't worry, it's not subversive.
Police: Let's check. What's the password?
You: I forget.
Police: Oh, ok. You're free to go then.
Comments
By Gimlet () on
FBI: So this...ID address? That's where the hacker came from?
Gimlet: IP address...and it's probable that the box in question was probably cracked as well
Network admin: Oh and it was U-D-P, so he probably spoofed it.
FBI: "Spoofed?"
Gimlet: It's possible to lie about your IP address sometimes. With some protocols, it's pretty easy to do. This is one of them.
FBI: So...(silence)...this could be the wrong ID address? You're telling me that it might not even be this guy?
Network admin: Oh yeah, these hackers do it all the time.
FBI: (already putting hat & coat on) I'll get back to you on this.
So I'm not too worried about the cops...honestly, I worry more about people like that professor, who insist on the absence of security and have more say in the matter than an IT professional.
By Anonymous Coward () on
By Anonymous Coward () on
Sometimes the police will use any little thing they can get to get you put away. Extract something that "says something about you" to sway a jury for example. They have it in for you because they think you are guilty, then they may as well be judge and jury.
I have personal experience with this. A friend of mine did something that is barely immoral, which was used against him as a "means to another end".
Police entered his house and took ALL of his computers. He is now in prison. He is there because police want him there, for reasons that are well behind him and which he has already dearly paid.
I also know someone (a completely innocent someone) who was pack raped by a group of police officers.
You think I'm talking about some police state where life is cheap?...
I'm talking about Eastern Australia.
You think 100% of people in prison right now are guilty?
Comments
By couderc () on
You think 100% of people in prison right now are guilty?
Of course not.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Half my friends are cops, I've admin'd and otherwise worked for 3 of the largest WAN's on my continent and held extremely high security clearances, being trusted with stuff that still makes the hairs on my neck stand up. I'm a good law abiding person and I feel my friends are too.
But even I know good people who have unjustly had their PC's taken and been locked up for petty "crimes".
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
And how many times do i reboot? This is not MS Windows, and not i-want-to-run-the-new-kernel-of-Linux.
And who says it's the rootfs? Might as well be /home
> What if you forget that password?
You don't. Because it's an important passwd. You only forget it under police interogation.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
One who has problems with the police is ALWAYS a criminal. That's a fact! (it ain't).
One who never has any problems with the police is NEVER a criminal. That's a fact! (again, it ain't).
One who uses a CFS does always use it to hide his/her criminal activities. That's a fact! (once again, it plain ain't). One who uses OpenSSH... ahhh, never mind.
Conclusion: your logic is flawed.
Also, some governments/police don't like people who are critizing their behaviour......
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
I want my goddamn privacy and i'll do as much as possible to increase it. CFS helps me in that way. None of them have the right to break my privacy.
Cops are only 'good' if they don't have anything against you. When you do things they don't like (wether it's legal or not) you have a a+ Problem.
What has been done here: http://squat.net/ascii/houtsma
is illegal because they didn't had a warrant. And i don't want a cop to read my homedir (incluses ~/Maildir), it's none of their business, it hurts my privacy.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
MS Windows has encryption in the filesystem, too. When you have Administrator access you can just read them. Good, huh? Would you like to have it that way?
Why would i care that cops would waste time if they would investigate me? I'm not a criminal, and no clues could prove that. Besides that, they just throw you in jail when you ask them something or when you just stand somewhere. So why should i behave nice to them when they don't behave nice to me? Go bust real criminals instead. The big business people who use junky tricks to get even more money. Never having enought.
It's no secret that cryptography can be used by the Good and the Bad side. Just like guns. The US restrics cryptography due to export restrictions (read: plain paranoia) but otoh it's totally legal and easy to buy a weapon like an uzi, handgun in the local weapon store. How ironic...
And like i said, if the police don't like you, you have a problem. Like in the URL i posted, they do things they may not do to get information about activities and they lie about it as well. I'm don't wish to cooperate with fascists...
Comments
By Anonymous Coward () on
Time wasted on you (assuming you're innocent) would be better spent somewhere else obviously.
> Besides that, they just throw you in jail when you ask them something or when you just stand somewhere.
Right. The prisons are just FULL of people who were just standing somewhere and not actually commiting crimes.
Comments
By Anonymous Coward () on
So who makes the mistake to spend time on me? Did i asked for that? No i didn't. And i didn't do anything illegal, nor i made such intentions.
> Right. The prisons are just FULL of people who were just standing somewhere and not actually commiting crimes.
Didn't wrote that. Fact is that they bust people, releasing them a few hours thereafter just because the stand somewhere near a crime. Yes, you read that right. Just to tease them, because they don't behave like the police wants them to (not with legit reasons). And no, not in a real prison but on the police office.
By Anonymous Coward () on
Where I live, you could even get bashed by police for being a gay or drug addict.
God help you if you're slightly attractive and they rape you.
By Anonymous Coward () on
With the DMCA and other crazy stuff going on nowdays, who knows, you may well be a big criminal and not even realise it yet.
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
and http://www.tcfs.it
And indeed vnconfig
By Rojareyn () on
/usr/ports/security/cfs
By Anonymous Coward () on
Install OpenBSD, leave room on hard drive.
Install CFS from ports.
Make partition for data you want encrypted.
Format with cfs.
Mount...
Was it that hard?
By zil0g () on
... that about says it :)
Theo is a good writer too, even a turdburglar like myself understood most of what he said, I like that ;)
Proud OpenBSD User.
Comments
By Unknown () on
Comments
By Lars Hansson () on
Whine whine whine, that's all you people do.