Hacker News new | past | comments | ask | show | jobs | submit login

Sounds like a demand problem rather than a FreeBSD problem. I've heard the same about SELinux etc with them overly permissive by default due to user apathy. I'd say Linux is ahead of usability of these controls, even supported by vendors like Tresys. It's also ahead in terms of risky code/tools a major distribution will support vs a major BSD. So, comparisons are a moving target.

Fortunately, the best security approaches (HW-centric) are portable to both w/ FreeBSD getting most prototypes. You can already run capability-secure FreeBSD via Cambridge CHERI project. Criswell's people are doing lots of stuff with FreeBSD and maybe Linux:

https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/

http://sva.cs.illinois.edu/pubs.html

Examples for Linux include these:

http://scholar.lib.vt.edu/theses/available/etd-10112006-2048...

https://web.archive.org/web/20120509155852/http://archives.e...

https://docs.google.com/file/d/0B1i_Zf52vJctMTA4YTI1MmUtNzdj...

That doesn't even include software-related techniques like microkernels, low TCB software, safe low-level languages, and automatic compiler transformations for security that neither are adopting. They're both low-medium assurance by my standards due to cultural refusal to apply what's proven to work. So, I already have predictions about tech-transfer of papers above to Linux/FreeBSD use at large. You can probably guess how optimistic I am. ;)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: