OpenBSD
OpenBSD is a secure, freely available, multi-platform BSD-based UNIX-like operating system. OpenBSD specialises in security. Its developers work on careful and proactive auditing of the system's code, which in turn contributes to the stability and security of OpenBSD. The project is led by Theo de Raadt.
OpenBSD was created because of philosophical and developer personality differences between de Raadt and the other founders of NetBSD. Despite being the larger reason for OpenBSD's existence, security is not the only focus of the OpenBSD developers. Being a descendant of NetBSD, OpenBSD is a very portable operating system, currently running on 12 different platforms.
Starting with the upcoming release 3.5, in May 2004, OpenBSD will include a fork of Xfree86 4.4-RC2, due to changes in the XFree86 license. This will make OpenBSD the only open source BSD OS to ship with its own X implementation.
Until June 2002 the OpenBSD web page featured the slogan "No remote hole in the default install, in nearly 6 years." This was changed to "Only one remote hole in the default install, in more than 7 years" after an exploit was discovered in OpenSSH. Some have criticized this statement since not much is enabled in the default install of OpenBSD, and stable releases have included software that later were found to have remote holes. Others counter that one of the OpenBSD project's fundamental innovations is the drive for systems to be "Secure by Default". It is standard, and indeed fundamental, computer security practice to enable as few services as possible on production machines. Be that as it may, OpenBSD is still a remarkably secure and stable operating system.
As part of the recent "string cleaning," countless occurences of strcpy, strcat, sprintf, and vsprintf were replaced with bounded, safer variants like, strlcpy, strlcat, snprintf, vsnprintf, and asprintf. In addition to the ongoing source code auditing, OpenBSD contains strong cryptography throughout the OS. More recently, several new technologies have been integrated into the system, further increasing it's security. As of version 3.3, ProPolice has been enabled by default in GCC, providing additional protection against stack smashing attacks. In OpenBSD 3.4, this protection has been enabled in the kernel as well. W^X (pronounced: "W xor X") is a fine grained memory management scheme ensuring that memory is either writable, or executable, but never both, providing yet another layer of protection against buffer overflows. Privilege separation, privilege revocation, and randomized loading of libraries also play an ever increasing role in the security of the system.
A static bounds checker was added to the toolchain, which attempts to find common programming mistakes at compile time. Systrace can now be used to protect the system while building ports.
Because of its security benefits, OpenBSD is often used in the security industry as the underlying operating system for firewalls and intrusion detection systems.
OpenSSH, an open source and compatible alternative to SSH, was developed within the OpenBSD project.
OpenBSD, along with DragonFly BSD, are currently the only two major free, open source operating systems that are actively replacing "K&R" style C code with modern, ANSI equivalents.
Like the other free, open source BSDs, OpenBSD is distributed under the terms of the modern version of the BSD license.
| Table of contents |
|
2 See also 3 External links |