47
What is linux-hardened and how is it different from the basic linux kernel? (lemy.lol)
submitted 8 months ago by Octopus1348@lemy.lol to c/linux@lemmy.ml
25 comments fedilink hide all child comments

I am too lazy to research it and still wondering. Can someone give me a basic explanation of it?

you are viewing a single comment's thread
view the rest of the comments
[-] BautAufWasEuchAufbaut@lemmy.blahaj.zone 4 points 8 months ago* (last edited 8 months ago)

https://isopenbsdsecu.re/
I don't think much changed since then, but would love to be proven wrong.

[-] dsemy@lemm.ee 1 points 8 months ago* (last edited 8 months ago)

Did you read it? The author is clearly biased against OpenBSD.

As an example, he dedicates quite a lot to talk about "ROP gadgets removal" (which is an ineffective mitigation employed by OpenBSD), however he also states:

Anyway, removing ROP gadgets the way OpenBSD is doing it doesn’t add a large amount of complexity, doesn’t harm performances nor debuggability, so why not, but it doesn’t make exploitation significantly harder, at all.

When you consider the fact that some mitigations which were considered overkill were proven significant with time (for example, OpenBSD was completely unaffected by Spectre v1 and similar exploits since they disabled hyperthreading), statements like these make it clear to me that the author is biased.

Edit: This is not to say the website is deceptive, it's just that it doesn't provide a good analysis or comparison of the security of different systems IMO.

[-] scratchandgame@lemmy.ml 1 points 8 months ago* (last edited 8 months ago)

+1, but OpenBSD can enforce security (Linux have landlock, *san, ACL, MAC but cannot enforce them, while OpenBSD doesn't but can enforce pledge and unveil and even for some ports like chromium and firefox)

https://madaidans-insecurities.github.io/

But see Chimera Linux.

[-] BautAufWasEuchAufbaut@lemmy.blahaj.zone 1 points 8 months ago

I heard of Chimera multiple times now, but everytime I look into it it doesn't seem to be more interesting and useful than say Alpine.
Do you have any write-ups about the security advantages of Chimera Linux?

[-] scratchandgame@lemmy.ml 1 points 8 months ago

I mean Chimera is using FreeBSD userland, and they expressed why GNU coreutils used by most distro have "problem". Since we are talking about BSD. (OpenBSD's userland is less in feature and it is cleaner)

(so that's bring an advantage in security lol)

While coreutils may seem lightweight enough to not cause any issues already, there are some specific reasons the system uses a BSD-derived userland. The primary one is probably that the code of the BSD versions is overall much cleaner and easier to read. There are no cursed components such as gnulib, the codebase is leaner, and more aligned with the project’s goals.

this post was submitted on 18 Feb 2024
47 points (79.7% liked)

Linux

47953 readers
2826 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz