FreeBSD "security" is shit

Does OpenBSD come with a GUI?

I tried PCBSD recently, but I couldn't get it to boot after finishing the installation.

why even go through all that work?

just install openbsd.

Yes

I'm thinking about installing FreeBSD. Are derivatives like PC-BSD and GhostBSD even worth my time?

Hell no, PC-BSD is shit.

That's just my opinion, though.

What about GhostBSD? I've heard it's fairly good.

That one I never actually tried. Maybe I should.

Any BSD besides Net and Open is complete garbage.

FreeBSD has some merits, so does Dragonfly.

I say this as an OpenBSD user.

OpenBSD user here, this

How difficult would it be to run certain commands as a non-root user? Can't this be done simply with su/sudo like in Linux?

su is a standard unix utility, so yes, it exists in all BSDs.

they also have sudo in their packages, openbsd ships with doas which is perfect for you if all you used sudo for was elevating privilege temporarily

BSD cucks BTFO
>pkg
- no flexibility with what options things are built with
- must wait on the project to rebuild/update things
>ports
- it can take a long time to compile things, especially web browsers
- multiple unrelated tools involved (portsnap/svn, portmaster/portupgrade)

Both the ports system and pkg will do a lot of things as root where it's not
needed at all. I brought this up to a member of the ports security team and
he just shrugged it off. Simply because portsnap checks the snapshots it
fetches against a public key, he figured there was nothing to worry about.
I have to question their credibility sometimes. It's true that verifying
the files it fetches would indeed be a good countermeasure... if that was
done before the more dangerous operations. But it's not. The data integrity
check is done very late in the process, giving plenty of opportunity for
exploits against the other tools, all running as root and taking untrusted
input from the internet. Both portsnap and freebsd-update have a serious
design flaw here that could be easily fixed. Perhaps they have the utmost
confidence in the tools being bug-free. I try to be a bit more realistic.

But there's a lot more risk involved than just letting root go out to the
internet to download files. Perhaps a short summary of how building ports
works is needed for clarification here. The steps involved can be condensed
into the following:

- Fetching and updating the ports tree (a collection of makefiles and patches)
- Fetching the software's source code
- Verifying the checksum of the file(s)
- Extracting the source tarball
- Configuring, patching and building the application
- Creating a package from the built files
- Installing the package to your system (if desired)

So how many of these actually need to be done as root? Only the last one.
And how many of these are done as root by default in FreeBSD? All of them.

*FreeBSD

still has merits though

Netflix servers rooted yet ?
They run FreeBSD.

install gentoo

kek OpenBSD doesn't even have MAC and ZFS

This, actually

Most people turn off MAC, MAC is not the end all security.

so what side are you on then

you shitpost about freebsd then shitpost about openbsd

can you just admit that you're an autistic retard at least

>can you just admit that you're an autistic retard at least

Sup Forums in a nutshell

I'm on Gentoo's side

I find it funny how much shitposting BSD attracts. We have the FreeBSD autist who goes on and on about MUH JAILS and MUH MAC like they're the most important feature, the handful of shitposters who who say to install linux and cut down BSD as much as possible, and then there are the shitposters who keep attacking it as a "toy OS for hipsters". It's unbelievable how much shitposting BSD gets.

Is FreeBSD or OpenBSD better for more of a general use scene? I fancy switching over to it permanently from GNU/Linux but not entirely sure of the differences and advantages/disadvantages of each of the two. Someone mind filling me in? I know my way around using Unix and it's terminals.

Does Debian GNU/BSD have ports system?

i used to think it was always the same guy but no it's actually 3-4 autists

its simply unbelievable

openbsd is more general use than freebsd, if you can use freebsd as a desktop then that's good for you, but you should know that the devs don't really intend it that way

OpenBSD's your best bet for a desktop system, FreeBSD's geared more towards servers. Though you can make either work.

Actually, FreeBSD is more general purpose. OpenBSD is strives for code correction, security, and stability above all else. You won't find fancy features in OpenBSD, but you will find rock solid stability.

FreeBSD users will tell you it's better, OpenBSD users will tell you it's better. Try both, check out their documentation, come to your own conclusion. It's not like it costs anything but your time.

...and you're on Sup Forums, so you have plenty of that.

but then again, which one actually comes with X in base?

Why doesn't FreeBSD come with X in the base?

Netapp, Juniper and Netflix do

mostly because it's used in server roles

again, it CAN work as a desktop, but it doesn't seem to be freebsd's main goal

>The Power to Serve

Open includes X with the base system as an optional component in the install.

exactly

they even technically forked it and did some work on it by themselves

some of it got accepted upstream, some of it didn't

The irony of being unable to apply security patches because the updating tool has known vulnerabilities is delicious.

lists.freebsd.org/pipermail/freebsd-security/2016-July/009016.html

Who cares, the only BSD worth using has only ever been OpenBSD.

the last thing we need in these threads is in-fighting

OpenBSD was born out of infighting. The only reason it exists is because the FreeBSD folk were incompetent faggots, and here today we see more proof of this.

>The only reason it exists is because the FreeBSD folk were incompetent
try netbsd

the funny thing is one of the netbsd devs came out and said that kicking theo out is what bit them in the ass in the long run

who in the right mind uses bsd anyways?

Dumb question: has anybody tried making a Linux distribution with the whole "designed as a single piece" philosophy? This is the primary thing that BSD is interesting to me for. It's refreshing coming from a galaxy full of glued together distros

The BSDs are completely separate projects with different code, in contrast to Linux distros. While FreeBSD has a lot of the security problems mentioned in this thread, OpenBSD is actually pretty cool. Don't let one of them sucking turn you off from trying the others.

unless someone decides to develop their own distro with their own userland, i don't think that will ever happen

That's impossible with Linux. One team develops the kernel, another the userland, another the SSL library, another the ...

Yes it comes with FVWM in the default installation. Some random hardware issues a work around and a firmware update later, it comes with gnome 3.
I'd use it if it wasn't for the software I'm using, that old gcc is too harsh to compile with.

You can install newer GCC or Clang from packages/ports you know.

there is a newer version of GCC in ports

but yeah it's really a shame, not only does GCC now use GPLv3, which all BSD people despise, it also uses C++, which most C programmers (aka all of openbsd and linus torvalds) despise

Theo might be an asshole, but it's honestly debatable if he's better at programming and computers than stallman or even linus.

But this is a BSD shitting thread, user.

Don't forget cwm and twm
>GNOME3 on OpenBSD
You can stick with it if you want but I really advise against that.

No, it's a thread about FreeBSD's security issues.

fvwm is the thing i never understood about openbsd

why the fuck is it even in base, the version's old as fuck too

he did most of the porting work for the initial netbsd SPARC port

> We have other documents, dated 2014 and 2015, detailing attacks against the update systems of multiple Linux distributions...

delete this

If you were using BSD for security why weren't you using OpenBSD?

let's be frank here, freebsd is meant to be a server OS

a server OS not having these security features is kind of mind-blowing in a way

>it's okay for my system to have gaping security holes because security wasn't my primary intent for my system
Now there's some pants on head retarded logic.

Any BSD besides Free is literally used by 5 people.

>I want security
>lets use the BSD not known for caring about security
>WHAAA WHY IS THE SECURITY SO BAD

You're too retarded to even use a non-windows OS

You are beyond retarded.

Don't forget about the SJWs that use FreeBSD

Linux uses root to update files too...You wouldn't be able to install stuff without it.

Also, in FreeBSD you can compile your shit in jails.

You have no real argument here.

>Also, in FreeBSD you can compile your shit in jails.
>muh jails
Get over it, idiot.

Not everyone wants to set up a jail just to update their system, are you nuts?

OP didn't really describe the problem. The issue is FreeBSD queries the package repos and fetches updates using the root account which is completely unnecessary. The only part that requires root privileges is the installation which is the last part.

Lmao, you can't talk shit about jails when OpenMEMEsd still uses chroot. Jails are inescapable, you'll never need to worry about security.

So you're just gonna go and ignore everything I'm saying.

Here's a tip: the more complex your system is, the easier it is to fuck up. Building a jail just for updating your system is insanity.

>OpenMEMEsd
XD

And the simpler you make it, the less secure it is.

Yeah I guess Sendmail is good software then since it's so complex.

eho would need anything besides fvwm anyways.

>Linux uses root to update files too...You wouldn't be able to install stuff without it.

Linux uses root to write the new files to the filesystem in directories that regular users can't write to by default.

It does not download, decompress, verify, or extract the files as root. If a bug (like the currently UNPATCHED one described on the security mailing list) is found in any of the software in this chain, the result is a root-level compromise. This is even easier to do on FreeBSD specifically, due to it having no ASLR, PIE, W^X, SSP or really any sort of exploit mitigation. What's more freebsd-update and portsnap fetch the files over plaintext http, not https. It's a very bad situation caused by very bad design.

>Also, in FreeBSD you can compile your shit in jails.

You can compile ports in jails, sure. You can't run freebsd-update in a jail -- even if you could, that doesn't update the host system!

>You have no real argument here.

I think it is you who has no argument, friend.

CWM is another one that comes with OpenBSD and it's the best WM of all time.

this

debian does the same thing with exim

samefagging your posts doesn't mean anyone actually thought it was funny...

I was making fun of the retard, you dumbass.

LibertyBSD

That's just OpenBSD with a libre kernel. Theo chewed the guy who asked for a libre kernel out hard.

well he's been fighting off blob allegations for like 3 decades

i'd be pretty fucking peeved too

Firmware has never been classified as blobs because it runs off the hardware, not the OS.

well yeah that's what i'm saying

even the user above who said "openbsd with a libre kernel" is wrong since the kernel has NO blobs in the first place

For an OS that doesn't even have ASLR it's probably easier to break out of a jail then a linux chroot

At least FreeBSD doesn't have an FBI backdoor like OpenMEMEsd does.

there he is, there he goes again

Nice FUD

With a security record as bad as FreeBSD's, there doesn't even need to be a backdoor.

Anyone can get in already.

...

If you're interested in theo yelling at someone, here it is.
news.ycombinator.com/item?id=9671025

marc.info/?l=openbsd-misc&m=143355112811564&w=2

im honestly shocked he still responds to "lol you have blobs"

lmfao

Man, I'm trying out OpenBSD in a vm, it's amazing how tiny the ISOs are. It can still fit on a regular 700mb CD and still have plenty of room on it when these days 1-2 GB is standard for an OS ISO.