Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
OpenBSD security features
The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."
Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the strcpy and strcat string functions in the C programming language. There are two common alternatives, strncpy and strncat, but they can also be difficult to understand and easy to misuse, so OpenBSD developers Todd C. Miller and Theo de Raadt designed the strlcpy and strlcat functions. These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed. They have been adopted by the NetBSD and FreeBSD projects but not by the GNU C Library.
On OpenBSD, the linker has been changed to issue a warning when unsafe string manipulation functions, such as strcpy, strcat, or sprintf, are found. All occurrences of these functions in the OpenBSD source tree have been replaced.[citation needed] In addition, a static bounds checker is included in OpenBSD in an attempt to find other common programming mistakes at compile time. Other security-related APIs developed by the OpenBSD project include issetugid and arc4random.
In a June 2017 email, Theo de Raadt stated that a problem with stable systems was that they could be running for months at a time. Although there is considerable randomization within the kernel, some key addresses remain the same. The project in progress modifies the linker so that on every boot, the kernel is relinked, as well as all other randomizations. This differs from kernel ASLR; in the email he states that "As a result, every new kernel is unique. The relative offsets between functions and data are unique ... [The current] change is scaffolding to ensure you boot a newly-linked kernel upon every reboot ... so that a new random kernel can be linked together ... On a fast machine it takes less than a second ... A reboot runs the new kernel, and yet another kernel is built for the next boot. The internal deltas between functions inside the kernel are not where an attacker expects them to be, so he'll need better info leaks".
OpenBSD integrates several technologies to help protect the operating system from attacks such as buffer overflows or integer overflows.
Developed by Hiroaki Etoh, ProPolice is a GCC extension designed to protect applications from stack-smashing attacks. It does this through a number of operations: local stack variables are reordered to place buffers after pointers, protecting them from corruption in case of a buffer overflow; pointers from function arguments are also placed before local buffers; and a canary value is placed after local buffers which, when the function exits, can sometimes be used to detect buffer overflows. ProPolice chooses whether or not to protect a buffer based on automatic heuristics which judge how vulnerable it is, reducing the performance overhead of the protection.[vague] It was integrated in OpenBSD's version GCC in December 2002, and first made available in OpenBSD 3.3; it was applied to the kernel in release 3.4. The extension works on all the CPU architectures supported by OpenBSD and is enabled by default, so any C code compiled will be protected without user intervention.
In May 2004, OpenBSD on the SPARC platform received further stack protection in the form of StackGhost. This makes use of features of the SPARC architecture to help prevent exploitation of buffer overflows. Support for SPARC64 was added to -current in March 2005.
OpenBSD 3.4 introduced W^X, a memory management scheme to ensure that memory is either writable or executable, but never both, which provides another layer of protection against buffer overflows. While this is relatively easy to implement on a platform like x86-64, which has hardware support for the NX bit, OpenBSD is one of the few OSes to support this on the generic i386 platform, which lacks built in per-page execute controls.
Hub AI
OpenBSD security features AI simulator
(@OpenBSD security features_simulator)
OpenBSD security features
The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."
Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the strcpy and strcat string functions in the C programming language. There are two common alternatives, strncpy and strncat, but they can also be difficult to understand and easy to misuse, so OpenBSD developers Todd C. Miller and Theo de Raadt designed the strlcpy and strlcat functions. These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed. They have been adopted by the NetBSD and FreeBSD projects but not by the GNU C Library.
On OpenBSD, the linker has been changed to issue a warning when unsafe string manipulation functions, such as strcpy, strcat, or sprintf, are found. All occurrences of these functions in the OpenBSD source tree have been replaced.[citation needed] In addition, a static bounds checker is included in OpenBSD in an attempt to find other common programming mistakes at compile time. Other security-related APIs developed by the OpenBSD project include issetugid and arc4random.
In a June 2017 email, Theo de Raadt stated that a problem with stable systems was that they could be running for months at a time. Although there is considerable randomization within the kernel, some key addresses remain the same. The project in progress modifies the linker so that on every boot, the kernel is relinked, as well as all other randomizations. This differs from kernel ASLR; in the email he states that "As a result, every new kernel is unique. The relative offsets between functions and data are unique ... [The current] change is scaffolding to ensure you boot a newly-linked kernel upon every reboot ... so that a new random kernel can be linked together ... On a fast machine it takes less than a second ... A reboot runs the new kernel, and yet another kernel is built for the next boot. The internal deltas between functions inside the kernel are not where an attacker expects them to be, so he'll need better info leaks".
OpenBSD integrates several technologies to help protect the operating system from attacks such as buffer overflows or integer overflows.
Developed by Hiroaki Etoh, ProPolice is a GCC extension designed to protect applications from stack-smashing attacks. It does this through a number of operations: local stack variables are reordered to place buffers after pointers, protecting them from corruption in case of a buffer overflow; pointers from function arguments are also placed before local buffers; and a canary value is placed after local buffers which, when the function exits, can sometimes be used to detect buffer overflows. ProPolice chooses whether or not to protect a buffer based on automatic heuristics which judge how vulnerable it is, reducing the performance overhead of the protection.[vague] It was integrated in OpenBSD's version GCC in December 2002, and first made available in OpenBSD 3.3; it was applied to the kernel in release 3.4. The extension works on all the CPU architectures supported by OpenBSD and is enabled by default, so any C code compiled will be protected without user intervention.
In May 2004, OpenBSD on the SPARC platform received further stack protection in the form of StackGhost. This makes use of features of the SPARC architecture to help prevent exploitation of buffer overflows. Support for SPARC64 was added to -current in March 2005.
OpenBSD 3.4 introduced W^X, a memory management scheme to ensure that memory is either writable or executable, but never both, which provides another layer of protection against buffer overflows. While this is relatively easy to implement on a platform like x86-64, which has hardware support for the NX bit, OpenBSD is one of the few OSes to support this on the generic i386 platform, which lacks built in per-page execute controls.