1. 14
  1. 2

    With HardenedBSD existing I don’t entirely understand why FreeBSD exists at all anymore as a separate entity.

    1. 6

      Isn’t everything related to *BSD usually a giant ego circus? At least that’s pretty much the impression I got a few years back.

      1. 3

        That’s not been my experience, but ego definitely lives in the BSD Community sometimes. It’s not like Linux land doesn’t have it’s ego driven problems, as well though. That’s just the nature of social communities, in my experience.

      2. 4

        HBSD proactive sec features breake stuff. If you look at the commit log you will see that since Oliver left it’s mostly a single dev project, Shawn being responsible for most of the commits.

        1. 3

          Maybe because more people are contributing to FreeBSD?




          Edit it’s also unclear from the HardenedBSD site how many platforms it supports.

          1. 3

            What I never quite understood is why much of HardenedBSD hasn’t been merged upstream?

            1. 7

              Initial code quality was pretty bad, and some pax features broke userspace stuff. You could ask the question: why didn’t grsecurity got upstreamed? Since Oliver left it’s mostly a single dev project.

            2. 2

              Most OS users don’t value security over everything else. App support, that they just work, convenience, hardware support, performance, and battery life are top concerns for majority of people evaluating OS’s. Most won’t even use FreeBSD.

            3. 0

              So FreeBSD has no ASLR etc by default? Looks a bit out of date in 2020 :-/

              1. 2

                That’s not entirely true, but it’s definitely different. see: https://hardenedbsd.org/content/freebsd-and-hardenedbsd-feature-comparisons

                1. 3

                  At freeBSD ASLR is off by default, AFAIK.


                  1. 2

                    sorry, I missed the ‘by default’ part of your comment :)

                    Lots of stuff is off by default in FreeBSD, because they take a very conservative stance with default settings. If the community tests it well, it will usually get turned on by default. At least that’s my experience with FreeBSD.

                    HardenedBSD takes a different approach, security is turned on by default, which tends to break things(and it really does break things). But when I reach for a BSD, I generally install HardenedBSD, despite the breaking.

                    1. 1

                      If I had a high tolerance for using an OS where security mitigations are prioritised very highly, I’d personally use OpenBSD?

                      1. 1

                        OpenBSD is pretty great security wise too. It depends on the purpose of the machine. There are many things OpenBSD just can’t do because of their keep everything small perspective(which is a plus for security, but has it’s downsides)

                2. 2

                  ASLR makes debugging a massive pain for the benefit of a layer of security by obscurity. ASLR hasn’t stopped or lowered the frequency of security vulnerabilities on any platform that’s implemented it, as far as I’ve seen at least.

                  1. 2

                    That may be true, but a well implemented ASLR makes it harder to exploit said vulnerabilities.