Last week several vulnerabilities with OpenBSD were announced on the full disclosure list Bugtraq. That a hole was found and exploited is not an amazing thing. The amazing and impressive thing is how long OpenBSD had gone without a local root . . .
Last week several vulnerabilities with OpenBSD were announced on the full disclosure list Bugtraq. That a hole was found and exploited is not an amazing thing. The amazing and impressive thing is how long OpenBSD had gone without a local root exploit. There was a reaction to the announcements by the OpenBSD developer team about the exploits that surprised me. The reaction was to imply that the developers had been hiding the truth about the exploits so as to not tarnish the reputation of OpenBSD.

Just in case you think that I am a militant OpenBSD user defending the true faith, let me explain that I am a Linux user. I have played with OpenBSD and will most likely play with it again. I am not however, what you could call a member of the OpenBSD community. As I said I am a Linux user. I have been impressed with the work the OpenBSD team has done in proactivly finding bugs and the results they have gotten from this approach. I think that there is room in the world for Linux, *BSD, and even the commercial Unix variants. It is my belief there are advantages to having choices and using different approaches to solve common problems.

The link for this article located at RootPrompt.org is no longer available.