On Wed, 12 Sep 2018 17:52:35 +0100
"Roberto E. Vargas Caballero" <k0ga_AT_shike2.com> wrote:
Dear Roberto,
> Your oppinion is irrelevant, I don't accept sugestions form fanboys.
> This is not about security, it is about writing suckless code that
> can be understood easily, that can be maintained easily and it is
> portable.
that's your choice as the maintainer and I am not a fanboy. OpenBSD is
objectively more secure and it's mainly due to their approach. Credit
where credit is due.
OpenBSD has weaknesses in other fields where Linux shines, but to be
honest OpenBSD always has a special place in my heart and their work is
truly inspiring.
> Security is about designing good system and doing a proper separation
> of responsabilities. Mitigations are only a distraction. You should
> read [1].
>
> [1] https://cr.yp.to/qmail/qmailsec-20071101.pdf
Separation of concerns and mitigations are both approaches that should
not be made exclusively, but in concert in my opinion. I will make sure
to read the paper you pointed me to.
> If you don't understand any of my reasons, then you should stop
> posting here and begin to post to OpenBSD, I am pretty sure that Theo
> will be more friendly than we are (irony mode off).
Your reasons are simple to understand. The main argument is to
ask: "When we add OpenBSD-specific code, why not Linux-specific code as
well?".
I gave you my 2 cents on this topic. If you disregard them, that's
okay, as I said in the original mail that you as the maintainer make
that decision. There is no canonical choice here, as I also already
said.
In an ideal world we would have portable interfaces for this, but there
aren't. Surely ii runs without unveil() just fine, however, you have
bigger problems when you need a good source of entropy that is secure
to "tap".
Anyway, I didn't want to explode this thread. Dimitris and Hiltjo also
expressed their positions on this and gave very good reasons, so in the
end the decision to externalize the patches into the wiki is supported
by the majority, including myself. :)
With best regards
Laslo
--
Laslo Hunhold <dev_AT_frign.de>
Received on Wed Sep 12 2018 - 20:08:39 CEST