Hacker News new | past | comments | ask | show | jobs | submit login

Among the "security improvements" that they have listed we have:

- Remove systrace. - Remove Linux emulation support. - Remove support for the usermount option.




> Among the "security improvements" that they have listed we have: > > - Remove systrace. - Remove Linux emulation support. - Remove support for the usermount option.

Systrace was used in sandboxing applications before pledge existed. Pledge has now made this defunct so it's being removed.

The Linux emulation support was seldom used in OpenBSD, so it's being removed.

The usermount option was found to expose bugs which users with this option could cause the kernel to panic, so it's being removed.

That all seems pretty sane to me.


Those caught my attention, so thanks to @gbrown_1 for the explanation


I think it's just gbrown_ - without the final "1"

I guess the "1 hour ago" next to his username might have confused you :)


Yep, I missed the space before the 1.


Yup.


As a non-"OS geek", I only have a cursory understanding of the implications of the changelog.

What impact will this have on OpenBSD users?


As someone who's used OpenBSD daily as a primary desktop OS, usermount will force me to use doas(1) (the replacement for sudo) to mount external media on my desktops/laptops. No big deal. Honestly, I usually do that anyway, just force of habit. Checking my systems, I only set kern.usermount on my daily-driver laptop, and none of my other OpenBSD boxes.

None of the other changes impact anything I do on a daily basis. I haven't used Linux emulation since 2006 or so, and even then, it was a gigantic pain in the ass. The devs have a native virtual machine hypervisor in the works that I was hoping would be ready for prime-time in OpenBSD 6.0. I doubt it'll be ready that soon. This will provide a better option than the old Linux emulation layer.


Would toad be of any use?

http://ports.su/sysutils/toad


Hotplugd is crazysauce. So much you can do with it. Toad claims to need kern.usermount so it won't work with a default install, and will be toadally broken once this option is removed in OpenBSD 6.0. I can't speak for all OpenBSD users, but I just end up putting my sd-card reader (which sees most FAT formatted cards at sd1i) and the first available USB external drive (again, usually sd2i for FAT) in my /etc/fstab and call the mount with doas.

doas mount /sdcard

Not that big of a deal.


Thanks for reply.

'toadally broken' indeed, I'm hoping that Antoine Jacoutot will come up with a clever work around. That or xfce4-mount-plugin I suppose with doas and a limited permission to run mount without a password.


Use toad + rox :p


Basically if a usermode process is compromised on OpenBSD 6.0, there will be less system call surface area for attackers to hit. This leaves the vast majority of OpenBSD users more secure.


OpenBSD in a nutshell.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: