[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making Debian secure by default

On Fri 29 Mar 2024 at 10:31:09 (+0100), Emanuel Berg wrote:
> David Wright wrote:
> 
> >> Ah, surely it can't refer to that as that would be
> >> completely ridiculous as it would imply "wanna install
> >> stuff? sure, but then it isn't secure anymore".
> >
> > It's not clear what "isn't secure anymore" means. [...]
> 
> It means as soon as you start doing stuff with the software,
> it isn't secure anymore.

As you wrote. But software isn't just "secure" or "not secure",
all or nothing. Security, in any aspect of life, is gradational.

> Which is comical to some extent as
> doing stuff is the purpose of computers.
> 
> So to base security boasting on people having the most
> minimal, restricted and inactive system, it is like boasting
> this marvelous piece of body armor is guaranteed to not have
> a single infantryman killed - just don't go to war.

You don't expect people working at HQ to get shot or blown up,
but that is a more likely fate for those fighting at the front.
As well as variations with seniority and physical position,
there will be temporal variations, just like in civilian life,
1 through 5 or green through red etc.

> (Note that now I'm just making fun at the slogan and boasting,
> not saying anything negative of their OS necessarily - I've
> used it myself, it send pretty good and, indeed, secure.)
> 
> >  "Secure by Default"
> >
> >  "To ensure that novice users of OpenBSD do not need to
> >   become security experts overnight (a viewpoint which other
> >   vendors seem to have), we ship the operating system in
> >   a Secure by Default mode. All non-essential services are
> >   disabled. As the user/administrator becomes more familiar
> >   with the system, he will discover that he has to enable
> >   daemons and other parts of the system. During the process
> >   of learning how to enable a new service, the novice is
> >   more likely to learn of security considerations."
> >
> > from https://www.openbsd.org/security.html
> > OTOH:
> >
> >  "There are many applications one might want to use on an
> >   OpenBSD system. To make this software easier to install
> >   and manage, it is ported to OpenBSD and packaged. The aim
> >   of the package system is to keep track of which software
> >   gets installed, so that it may be easily updated or
> >   removed. In minutes, a large number of packages can be
> >   fetched and installed, with everything put in the
> >   right place."
> >
> >  "The ports collection does not go through the same thorough
> >   security audit that is performed on the OpenBSD base
> >   system. Although we strive to keep the quality of the
> >   packages high, we just do not have enough resources to
> >   ensure the same level of robustness and security."
> >
> > from https://www.openbsd.org/faq/faq15.html (Package
> > Management).
> 
> The more you install, the less secure it gets. Yeah, can't
> base the security model on that.

Not a base; it's just inevitable, both in software and life.
You're increasing your attack surface as you install and use
more software, just like driving, visiting bars, attending
concerts, or going on foreign or adventure holidays.

> They should do it the other way around, write a piece of
> software that breaks everything. Install in on OpenBSD and if
> it breakes it, OpenBSD is not more secure than anyone else.
> If nothing happens tho most likekly you are safe.

I don't know about OpenBSD specifically, but in general it's
already done, by such methods as exposing software to malicious
and random inputs, corner cases, and so on. That doesn't have
to mean it's done /instead of/ auditing.

Cheers,
David.
Reply to: