FreeBSD is more Insecure then Windows

Yesterday, We received information from a friend about some alarming information about FreeBSD and the attitude that the FreeBSD community (more like cult) has to this issue.

After being banned from accessing forum.FreeBSD.org for simply mentioning this problem, Felix Doggoson deciding to share with us this information. Here is what he says:

By Felix Doggoson


I was doing an analysis for my company who is looking to select a new operating system
for their recently created server farm. I was analyzing FreeBSD when I found something
alarming about it.

I ran a program that I made called simplegets, and then I looked at it’s layout in virtual
memory while running and this is what I got:

doggoson@fbsd:/home/doggoson % ps aux | grep simplegets

doggoson 13381 0.0 0.1 9920 1416 0 I+ 2:07PM 0:00.00 ./simplegets

doggoson 13398 0.0 0.1 16288 1776 1 S+ 2:08PM 0:00.00 grep simplegets

doggoson@fbsd:/home/doggoson % cat /proc/13381/map

0x400000 0x401000 1 0 0xfffffe003c103828 r-x 1 0 0x1000 COW NC vnode
/usr/home/doggoson/simplegets NCH -1

0x600000 0x800000 2 0 0xfffffe0016de89f8 rw- 1 0 0x3000 NCOW NNC default - CH
1001

0x800600000 0x800618000 24 0 0xfffffe00076ed658 r-x 90 0 0x1004 COW NC vnode
/libexec/ld-elf.so.1 NCH -1

0x800618000 0x800639000 21 0 0xfffffe001e195828 rw- 1 0 0x3000 NCOW NNC
default - CH 1001

0x800817000 0x800819000 2 0 0xfffffe0023bf22b8 rw- 1 0 0x3000 NCOW NNC default
- CH 1001

0x800819000 0x800947000 258 0 0xfffffe00076ed000 r-x 166 76 0x1004 COW NC
vnode /lib/libc.so.7 NCH -1

0x800947000 0x800b46000 0 0 0xfffffe005afdc9f8 --- 1 0 0x2000 NCOW NNC default -
NCH -1

0x800b46000 0x800b51000 11 0 0xfffffe00374cd9f8 rw- 1 0 0x3000 COW NNC vnode
/lib/libc.so.7 CH 1001

0x800b51000 0x800b6c000 8 0 0xfffffe0067d37740 rw- 2 0 0x3000 NCOW NNC default
- CH 1001

0x800c00000 0x801000000 8 0 0xfffffe0067d37740 rw- 2 0 0x3000 NCOW NNC default
- CH 1001

0x7ffffffdf000 0x7ffffffff000 3 0 0xfffffe00790363a0 rw- 1 0 0x3000 NCOW NNC default
- CH 1001
0x7ffffffff000 0x800000000000 0 0 0xfffffe0007515cb0 r-x 94 0 0x4 COW NC default -
NCH -1

doggoson@fbsd:/home/doggoson %


The suprise came when I ran simplegets a second time:

doggoson@fbsd:/home/doggoson % ps aux | grep simplegets

doggoson 13446 0.0 0.1 9920 1416 0 S+ 2:12PM 0:00.00 ./simplegets

doggoson 13449 0.0 0.1 16288 1776 1 S+ 2:12PM 0:00.00 grep simplegets

doggoson@fbsd:/home/doggoson % cat /proc/13446/map

0x400000 0x401000 1 0 0xfffffe003c103828 r-x 1 0 0x1000 COW NC vnode
/usr/home/doggoson/simplegets NCH -1

0x600000 0x800000 2 0 0xfffffe004a9b3910 rw- 1 0 0x3000 NCOW NNC default - CH
1001

0x800600000 0x800618000 24 0 0xfffffe00076ed658 r-x 90 0 0x1004 COW NC vnode
/libexec/ld-elf.so.1 NCH -1

0x800618000 0x800639000 21 0 0xfffffe00660a13a0 rw- 1 0 0x3000 NCOW NNC
default - CH 1001

0x800817000 0x800819000 2 0 0xfffffe00790390e8 rw- 1 0 0x3000 NCOW NNC default
- CH 1001

0x800819000 0x800947000 258 0 0xfffffe00076ed000 r-x 166 76 0x1004 COW NC
vnode /lib/libc.so.7 NCH -1

0x800947000 0x800b46000 0 0 0xfffffe00486fd910 --- 1 0 0x2000 NCOW NNC default -
NCH -1

0x800b46000 0x800b51000 11 0 0xfffffe00600819f8 rw- 1 0 0x3000 COW NNC vnode
/lib/libc.so.7 CH 1001

0x800b51000 0x800b6c000 8 0 0xfffffe00302672b8 rw- 2 0 0x3000 NCOW NNC default
- CH 1001

0x800c00000 0x801000000 8 0 0xfffffe00302672b8 rw- 2 0 0x3000 NCOW NNC default
- CH 1001

0x7ffffffdf000 0x7ffffffff000 3 0 0xfffffe007219f740 rw- 1 0 0x3000 NCOW NNC default
- CH 1001

0x7ffffffff000 0x800000000000 0 0 0xfffffe0007515cb0 r-x 94 0 0x4 COW NC default -NCH -1

doggoson@fbsd:/home/doggoson %


As you can see, all the memory addresses have not changed which shows that FreeBSD
lacks Address Space Layout Randomization or ASLR, an important security feature that all
other operating systems including Windows have.

Linux has ASLR as shown when simplegets is executed once:

doggoson@bluebook ~ $ ps aux | grep simplegets

doggoson 4134 0.0 0.0 4080 348 pts/0 S+ 13:59 0:00 ./simplegets

doggoson 4145 0.0 0.0 8052 916 pts/1 S+ 13:59 0:00 grep --colour=auto simplegets

doggoson@bluebook ~ $ cat /proc/4134/maps

00400000-00401000 r-xp 00000000 08:06 261421
/home/doggoson/Workspace/CC+/simplegets

00600000-00601000 rw-p 00000000 08:06 261421
/home/doggoson/Workspace/CC+/simplegets

7f704e324000-7f704e4c6000 r-xp 00000000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f704e4c6000-7f704e6c6000 ---p 001a2000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f704e6c6000-7f704e6ca000 r--p 001a2000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f704e6ca000-7f704e6cc000 rw-p 001a6000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f704e6cc000-7f704e6d0000 rw-p 00000000 00:00 0

7f704e6d0000-7f704e6f1000 r-xp 00000000 08:08 4461916 /lib/x86_64-linux
gnu/ld-2.17.so

7f704e8d0000-7f704e8d3000 rw-p 00000000 00:00 0

7f704e8ee000-7f704e8f1000 rw-p 00000000 00:00 0

7f704e8f1000-7f704e8f2000 r--p 00021000 08:08 4461916 /lib/x86_64-linux
gnu/ld-2.17.so

7f704e8f2000-7f704e8f4000 rw-p 00022000 08:08 4461916 /lib/x86_64-linuxgnu/ld-2.17.so

7fffdca09000-7fffdca2a000 rw-p 00000000 00:00 0 [stack]

7fffdca49000-7fffdca4b000 r-xp 00000000 00:00 0 [vdso]

ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

doggoson@bluebook ~ $


and again

doggoson@bluebook ~ $ ps aux | grep simplegets

doggoson 4173 0.0 0.0 4080 348 pts/0 S+ 14:02 0:00 ./simplegets

doggoson 4176 0.0 0.0 8052 916 pts/1 S+ 14:02 0:00 grep --colour=auto simplegets

doggoson@bluebook ~ $ cat /proc/4173/maps

00400000-00401000 r-xp 00000000 08:06 261421
/home/doggoson/Workspace/CC+/simplegets

00600000-00601000 rw-p 00000000 08:06 261421
/home/doggoson/Workspace/CC+/simplegets

7f1e449ac000-7f1e44b4e000 r-xp 00000000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f1e44b4e000-7f1e44d4e000 ---p 001a2000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f1e44d4e000-7f1e44d52000 r--p 001a2000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f1e44d52000-7f1e44d54000 rw-p 001a6000 08:08 4461920 /lib/x86_64-linux
gnu/libc-2.17.so

7f1e44d54000-7f1e44d58000 rw-p 00000000 00:00 0

7f1e44d58000-7f1e44d79000 r-xp 00000000 08:08 4461916 /lib/x86_64-linux
gnu/ld-2.17.so

7f1e44f58000-7f1e44f5b000 rw-p 00000000 00:00 0

7f1e44f76000-7f1e44f79000 rw-p 00000000 00:00 0

7f1e44f79000-7f1e44f7a000 r--p 00021000 08:08 4461916 /lib/x86_64-linux
gnu/ld-2.17.so
7f1e44f7a000-7f1e44f7c000 rw-p 00022000 08:08 4461916 /lib/x86_64-linux
gnu/ld-2.17.so

7fff4049f000-7fff404c0000 rw-p 00000000 00:00 0 [stack]

7fff405fe000-7fff40600000 r-xp 00000000 00:00 0 [vdso]

ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

doggoson@bluebook ~ $


As you can see, not only is the address space layout of simplegets neater and simpler but
more importantly, the memory addresses have changed showing that Linux is well
protected using ASLR.

It just goes to show, FreeBSD is not safer then Linux but rather the other way round.

As what Felix himself said, FreeBSD and possibly all other BSDs include OpenBSD lack modern security features. By comparison, even Microsoft Windows has an implementation of ASLR.

In the case of FreeBSD, it is particularly alarming as the FreeBSD project under IXsystems has been suspected of working with malicious organizations such as Apple, Microsoft, the CIA, NSA, and possibly even the KGB.

FreeBSD’s voluntary exclusion of protection mechanisms and the unwillingness of the FreeBSD community to discuss this issue with Felix shows that it is very likely that the FreeBSD project like the OpenBSD project intentionally makes their OS releases less secure to allow easy access for malicious agencies.

Richard Stallman, Linus Torvalds and the GNU/Linux community by contrast have show that such things are unacceptable in their OS releases and go though every measure to prevent that from happening.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

9 Responses to FreeBSD is more Insecure then Windows

  1. BSD has clearly been taken over by the KGB. If you think that fascism and communism are good then use FreeBSD. I even heard that it is now popular among Nazis to use FreeBSD.

  2. Stone Forest says:

    Erm: The KGB has not existed since 1991. Perhaps you mean the FSB.

    Google Analytics is not strictly spyware, as it is not installed, embedded or otherwise part of your core operating system. It operates only in your web-browser. If you use Firefox, GA can easily be blocked. Use anti-tracking & bleachbit.

    Simple solution: do not use Google Chrome browser.

  3. Helmers Heiners says:

    I received an information that…. you silly suckers. You do edit posts you don´t like, this alone get´s your mask off.
    And Freebsd more unsecure than Windows? You made my day…. Linux is insecure by design, it was Linus himself that stated that security is not the most important thing…. Well, I respect this, everyone has another opinion, but for me security is the most important thing at all on a server.

    • Paweł S says:

      Linux is far more secure than any other system, but it’s true security isn’t the most important thing. It’s not possible to make 100% secure OS. Only idiots think it’s possible and they make false delusion of protection. BSD are the ones with nearly no security at all compared to Linux. They don’t even provide security mechanisms like SELinux. However, they “provide” backdoors like the one in openbsd and I bet there are many more backdoors in freebsd which is very proprietary friendly. Proprietary is known of its insecurity. Helmer Heiners, by being bsd troll and fanboy you have false view on reality, so your posts make no sense. Everyone knows freebsd and other bsd crap exist to help windows and apple fight against Linux. However, they’re just POS.

    • Chris says:

      If Security is your most important thing on a server dont use BSD. Use a real OS.

  4. H2SO4 says:

    @Helmers Heiners
    Linux is insecure by design. Okay! So please prove the statement or else it’s worthless. Please tell me in which points FreeBSD is superior to Linux in terms f security. Enlighten me

  5. Paweł S says:

    How is it possible ther are “operating systems” in 2013 that didn’t implement ASLR?! It makes their “security” nothing, but untasty joke. It’s so funny and sad same time it’s hard to take those lamers seriously. Every admin out there should be warned against bsd. It brings sersious risks for users data.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s