sonicy at otenet.gr
Sun Jun 3 07:42:44 UTC 2007
Chad Perrin wrote:
> On Sun, Jun 03, 2007 at 09:15:22AM +0300, Manolis Kiagias wrote:
>> Chad Perrin wrote:
>>> I'm not saying that's what the OpenBSD project does. I'm just saying
>>> that, for instance, the availability of the ath driver contradicts a
>>> claim that security is a top priority of the FreeBSD project. Only if
>>> it was installed and operational by default would that really be the
>>> Obviously, I'm assuming it's not installed by default. From what I've
>>> read so far, it's not -- please correct me if I'm wrong.
>> Actually to set the record straight, the ath driver is installed by
>> default in 6.2 RELEASE.
>> Installed by default meaning the card is recognized during FreeBSD setup
>> and the user is able to configure it immediately from sysinstall.
>> The ath driver was also present in 6.1 RELEASE (and maybe earlier?)
>> although it had to be manually activated as a kernel module and it was
>> not immediately obvious it was supported since it was not present in
>> sysinstall during setup.
> That still sounds like it's not "installed by default" in the sense that
> I meant it. By "installed by default", I mean you install the system
> and, without even knowing it (or making a decision), you discover you
> have a closed-source driver in your system.
I see your point, bear in mind however that someone who is installing a
system that he believes consist of only free software may easily
overlook the fact one of the drivers is not, esp. if it is silently
recognized and configured with little intervention during setup. A
security-conscious admin would of course research both the OS and the
market and choose his hardware wisely. This leaves this kind of
"vulnerability" to smaller systems (maybe home systems) where the OS is
installed to existing hardware that was previously used with proprietary
OSes and where the user / admin is not experienced or knowledgeable
enough to care.
In fact it would be better if proprietary drivers were clearly marked as
such (or a relevant message shown in FreeBSD setup). It's been quite
some time since I setup my atheros in FreeBSD but I cannot recall seeing
any warning or indication about the ath driver.
>> Although the whole security issue is of course highly debatable, don't
>> forget how much more secure FreeBSD (or other open source OSes) are
>> compared to proprietary systems. I've been (and still am) a competent
>> Windows 200X server admin for years and have seen oh so many holes. Mind
>> you, most of them actually get exploited. It is nowhere near this in
> One of the keys for this is the fact that they're open source software,
> of course. To the extent that something like the ath driver is part of
> your system whether you want it or not, that additional security benefit
> is reduced. I'm just trying to differentiate between closed source
> software that affects system security and closed source software that
> doesn't -- because anything that isn't actually running doesn't affect
> security (all else being equal).
Agree with you completely on this, binary-only drivers can cause trouble
even if well written. If nothing else, the company which writes them has
limited resources or even incentive to support them and had they been
open source fixes - security or other - would be implemented in a timely
manner. I do prefer total open source on my server for security and
peace of mind. The desktop is however a different thing, I can live with
the occasional atheros or nvidia driver.
More information about the freebsd-questions