Theo has been discredited before. I used to follow his drawn out debates with the PAX team. He was pretty flustered about grsecurity rolling out a solution to linux's executable stack vulnerabilities.
Claim: OpenBSD cannot protect against attacks using mprotect because it would violate POSIX, and OpenBSD does not violate POSIX.
> > We don't break anything that standards defacto standards require. (Theo de Raadt)
> You do break POSIX as pointed out above. (PaX Team)
> > False. Now go away. (Theo de Raadt)
Anyways, some more of the argument is archived here:
http://www.grsecurity.net/PaX-presentation_files/frame.htm (This link displays better in .pdf format)
On the other hand, if you've looked at any benchmarking comparing OS scalability in a number of categories (
http://bulk.fefe.de/scalability/), you'd see that OBSD did quite poorly (finished last out of all of the operating systems, actually), where Linux 2.6 finished FIRST out of all of the operating systems. OBSD of course had an argument for this:
I was asked by a few OpenBSD people why I'm even comparing them here, since "everyone knows" they don't scale well and their goal is security and not scalability.
Well... elements of that argument can be applied inversely for Linux in this situation. Linux has different goals than OBSD. If Linux users shouldn't be hounding OBSD developers about their lacking scalability, why do Linux developers catch heat for their rapid development cycle ? Also, If Linux code is so shotty, how is it that the benchmark results for scalability performance for it are significantly better than OBSD (OBSD developers don't deny the results of the benchmark) ? Linux out-performed OBSD in every category. Security is not the only requisite for quality software.
