Debian Planet










Welcome to Debian Planet

Search

Apt-get into it.
Main Menu

  • Home

  • Topics

  • Web Links

  • Your Account

  • Submit News

  • Stats

  • Top 10

  • Debian

    These are important Debian sites one should not be without!

  • Official Debian site

  • Package search

  • Mailing list archives

  • Bug reports

  • Debian on CD

  • Unofficial woody CD ISOs

  • Unofficial APT sources

  • Developers' Corner

    Other great Debian news sources:

  • Debian Weekly News

  • Kernel Cousin Debian

    (Debian mailing lists digested)
  • Community Groups

    Need help? You're not alone on this planet.

  • debianHELP

    (User support site)

  • Debian International

  • DebianWorld

    (Français)

  • DebianForum.de

    (Deutsch)

  • EsDebian

    (Español)

  • Debian-BR

    (Português)

  • DebianUsers

    (Korean)

  • MaximumDebian

    (Italiano)

  • IRC

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.debian.org.

    Many of the Debian Planet staff live there so pop by and say hello.

    Wanna write?

    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you've written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    Sponsorship

    DP is sponsored by uklinux.net and CheepLinux.

    Debian Planet runs on hardware donated by Xinit systems and is using kieser.net's bandwidth.

    Who's Online

    There are currently, 75 guest(s) and 7 member(s) that are online.

    You are Anonymous user. You can register for free by clicking here.

      
    Why Debian is still not as secure as OpenBSD ?
    Contributed by Anonymous on Wednesday, May 30 @ 10:36:36 BST

    Security
    I think Debian GNU/Linux is the stablest OS, But what about security? It seem not to be the most secure one. The initial configuration is not as secure as OpenBSD. However OpenBSD does not appear to be as stable as Debian, but it is more secure. Is it a balance between security and stability?

    Should Debian GNU/Linux take steps to make woody hardened by default? Or should a drastic change like this wait for sid?

    rob: Many other distros have various security options during install, could this be the way forward?

     
    Related Links

  • More about Security
  • News by rob

    Most read story about Security:
    Why Debian is still not as secure as OpenBSD ?

    Last news about Security:

    Printer Friendly Page  Send this Story to a Friend
  • "Why Debian is still not as secure as OpenBSD ?" | Login/Create Account | 33 comments
    Threshold


    The comments are owned by the poster. We aren't responsible for their content.

    Re: Why Debian is still not as secure as OpenBSD ? (Score: 1, Informative)
    by Anonymous on Wednesday, May 30 @ 13:04:14 BST

    Hopefull task-harden (sid only?) should solve most security problems with daemons and such

    - Zoltan Kraus

    [ Reply ]


    Re: Why Debian is still not as secure as OpenBSD ? (Score: 3, Interesting)
    by Anonymous on Wednesday, May 30 @ 14:01:24 BST

    It seem that openBSD are auditing code for security hole. Why Debian does not audit at least the base install for such bug. I know there is a large number of package, so an audit of the whole system is impossible, but It seem reasonable to audit the base installation.

    "We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills."

    (source http://www.openbsd.org)

    [ Reply ]


    Re: Why Debian is still not as secure as OpenBSD ? (Score: 2, Insighful)
    by Anonymous on Wednesday, May 30 @ 14:35:34 BST

    "secure by default" is only good for good press - that way clueless users get 'secure' install.

    It's the admin that makes system secure, not having closed everything in base system - when you install debian and get only kernel+ash, it won't help anyone.

    [ Reply ]


    Re: Why Debian is still not as secure as OpenBSD ? (Score: 2, Interesting)
    by Anonymous on Wednesday, May 30 @ 16:58:08 BST

    Being a big fan of both OpenBSD and Debian I feel somewhat qualified to comment. I use OpenBSD when I want a secure ready to go server. I use Debian when I want a all-the-bells-and-whistles workstation. This is how I see the respective OSes by default. Either can be made as feature full or as secure as the other with a bit of work.

    I don't think Debian will ever be as secure as OpenBSD. I don't think you want Debian to be as secure as OpenBSD. OpenBSD strives to be secure. Debian seems to strives to be feature full. Features/functionality and security are typically opposite goals.

    Part of OpenBSD's security comes from the philosophy behind its development.

    OpenBSD's development model is closed and controlled. Debian has a different philosophy. Debian development is open and offers users a lot of choice. When a package is installed with OpenBSD it is disabled by default and the user/admin must enable it. Debian often installs packages and starts the software by default. Samba is a good example of this. Under OpenBSD after Samba is install the user must edit some files to enable it. Under Debian when samba is installed the user is given the choice of running samba from inetd.conf or as seperate daemons. The "no run" option is not present. This is just an example of the different OpenBSD and Debian philosophies.

    If Debian wants to be as secure as OpenBSD Debian has to be more restrictive. It is easier to take a secure system and open it up to add functionality.

    [ Reply ]


    Re: two security issues. (Score: 0)
    by Anonymous on Wednesday, May 30 @ 19:10:47 BST

    the first and easiest to deal with is which daemons are left on as part of standard install.

    Just have a checklist of the benefit/security

    risk these services represent, ie the positive and

    negative consequences of turning them off or leaving them on, and suggested alternatives.

    This could be the last thing the install does.

    At the very least, the Install should have a reminder of the existence of, and a pointer to this list ( be it a man or a pop up box whatever )

    A check list would assuage those who feel that

    Portmap should always be installed.

    Personally, I feel that it should be neither

    automatically included or excluded.

    Just have it as an install option, right at the

    end. As a default? Sure, why not, but give the user the option to nix it right from the get go.

    The second issue of auditing code for security

    bugs is a much more difficult and massive undertaking.

    [ Reply ]


    Re: Why Debian is still not as secure as OpenBSD ? (Score: 1)
    by pabellon (itura at rocketmail com) on Wednesday, May 30 @ 21:34:19 BST
    (User Info)

    However OpenBSD
    does not appear to be as stable as Debian,

    Oh, I thought all BSD's were more stable than the Linux kernel.

    Where could I get more info about this statement made by Anonymous? Is really Debian more stable than OpenBSD?

    Here just a Debian user, but somewhat interested in Free/OpenBSD.

    Thanks.

    [ Reply ]


    Re: Why Debian is still not as secure as OpenBSD ? (Score: 0)
    by Anonymous on Wednesday, May 30 @ 21:46:51 BST

    another problem with debian is it's nature as a distribution made by contributing individuals.

    if you use a certain package, you have to trust the package maintainer not do put backdoors in their package. for a really important system, i would therefore never use debian.

    [ Reply ]


    security and stability are virtually synonymous (Score: 2, Insighful)
    by xah on Thursday, May 31 @ 03:20:13 BST
    (User Info)

    The article said that Debian is more stable, but OpenBSD is more secure. Does this include DoS attacks? In my view, a stability problem deprives the user of the ability to control his computer. A security problem also deprives the user of the ability to control his computer. So, why do you consider these to be different?

    [ Reply ]


    Re: Why Debian is still not as secure as OpenBSD ? (Score: 3, Informative)
    by Anonymous on Thursday, May 31 @ 17:02:32 BST

    There are also a few kernel level issues:

    • OpenBSD supports encryption of virtual memory, AFAIK, linux does not.
    • OpenBSD uses stronger encryption than the standard unix crypt. Sure, this isn't that important what with shadow passwords, but it still makes it more secure.
    • OpenBSD supports one time passwords, i.e. S/KEY logins(can this be done in linux?)
    • Also OpenBSD appears to support more crypto hardware than linux, but only a few extra devices.
    • Of course, IMHO all this doesn't really matter for average users/admins like myself. I think OpenBSD is so secure because Theo and his gang are obsessive, egocentric hackers who judge their self worth by how few OpenBSD exploits pop up. I don't know of any other OS which can claim that.

      For me, inside firewall == debian, solaris, outside firewall == openbsd

    [ Reply ]


    Based on: PHP-Nuke

    All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2000 by Debian Planet

    You can syndicate our news using the file backend.php.