OpenBSD

OpenBSD is a free, Unix-like multi - platform operating system based on 4.4 BSD. It is a descendant of NetBSD, with a special focus on security and cryptography. The emphasis is on portability, standardization, correctness, proactive security and integrated cryptography.

This operating system focuses on portability, compliance with standards and regulations, correction, proactive security and integrated cryptography. OpenBSD includes binary emulation for most SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX systems.

OpenBSD is available in the form of a set of three CDs, but also available for free via FTP sites. OpenBSD is released under the BSD license.

OpenBSD is being developed by volunteers. The project finances the development with the sale of CDs and with donations. Organizations and individuals donate money or hardware and ensure that OpenBSD can continue to exist.

History

OpenBSD was created as a variant of NetBSD due to the philosophical and personal differences between Theo de Raadt and the other founding members of NetBSD. Apart from the fact that security is the main reason for OpenBSD to exist, the project also has other goals. Being a descendant of NetBSD, it is a very portable operating system. Currently it operates on 17 different platforms of hardware.

Details

OpenBSD is originally based on NetBSD and focuses primarily on security. For this the following two things are done:

• The OpenBSD source code is always checked for any security breaches (the OpenBSD team has a lot of experience with this so-called "audit")
• Security components are programmed, such as OpenSSH. Over time, many of these components have also been included in the other BSDs and other Unices.

Another difference is that OpenBSD, unlike NetBSD and FreeBSD, no longer uses the Darren Reed IP Filter packet filter, but their own packet filter, pf. The latter has been ported to both FreeBSD and NetBSD.

OpenBSD is known as the safest operating system after OpenVMS. The motto of OpenBSD is therefore: "Only two remote holes in the default installation, in a heck or a long time!" ("Only two leaks in the standard installation in a considerable long time!"). The second leak was discovered, but it was only found on March 5 that the error could be used to execute malicious code, and a patch for the problem was published just two days later.

The best-known OpenBSD project is OpenSSH. OpenSSH is used on almost all platforms and is known for its security. Other projects under the OpenBSD umbrella are LibreSSL, OpenBGPD, OpenOSPFD, OpenNTPD, OpenCVS, OpenSMTPD and tmux.

Security

Until June 2002, the OpenBSD website had the slogan:

"No remote security fault in the default installation in the last 6 years".

This should have been changed to:

"A single security hole in the default installation, in more than 8 years".

after a hole was found in OpenSSH and then by:

Only two security holes in the default installation, in more than 10 years.

when a fault is found in the IPv6 module.

Some people have criticized this motto since almost nothing is activated in the default OpenBSD installation, and stable versions have included software in which security holes were later found. The OpenBSD team of programmers maintains that the slogan refers to a default installation of the operating system, and that it is correct according to its definition.

One of the fundamental innovations of the OpenBSD project is to introduce the concept of the "Default Insurance" operating system. According to the science of computer security, it is standard and also essential to activate as few services as possible on machines that are in production. Even without considering this practice, OpenBSD is considered a secure and stable system.

As part of a chain cleanup, all occurrences of strcpy, strcat, sprintf and vsprintf in the code have been replaced by safer variants, such as strlcpy, strlcat, snprintf, vsnprintf and asprintf. In addition to its permanent code audits, OpenBSD contains strong cryptography.

More recently, many new technologies have been integrated into the system, further increasing its security. Since version 3.3, ProPolice is enabled by default in the compiler GCC, ensuring additional protection against attacks stack overflow. In OpenBSD 3.4, this protection was also activated in the kernel. OpenBSD also implements the W ^ X system(pronounced W XOR X), which is a memory management scheme of great detail, which ensures that the memory is editable or executable, but never both, thus providing another layer of protection against buffer overflows. Separation of privileges, revocation of privileges and load of libraries completely random also contribute to increase the security of the system.

In May of 2004, OpenBSD/sparc went further in protecting the battery, adding StackGhost.

A static dimension analyzer was added to the compiler, which attempts to find common programming failures at compile time. Systrace can be used to protect system ports.

OpenBSD uses an encryption algorithm passwords derived from Blowfish of Bruce Schneier. This system takes advantage of the inherent slowness of Blowfish encryption to make password checking a very intensive work for the CPU, making parallel processing much more difficult. This is expected to frustrate attempts to decipher by brute force.

Because of all these features, OpenBSD is widely used in the computer security sector as an operating system for firewalls and intruder detection systems. The OpenBSD packet filter, pf is a powerful firewall developed because of problems with the ipf license. OpenBSD was the first free operating system that was distributed with a built-in packet filtering system.

Development

The OpenBSD project was started and is led by Theo de Raadt. Theo de Raadt is not only known for his intelligence and cleverness, but also for his obstinacy. Not everyone appears to be able to work with him, and some people find him blunt in his expressions. The latter caused a break between Theo and the NetBSD team (December 1994), resulting in OpenBSD.

A new release of OpenBSD is released every six months. The version number is incremented by 0.1 each time. Since version 3.0 a release song has been released with every release, available as mp3 and as ogg. In the lyrics of the release song there is always a message that responds to current events. For example, with the release song of OpenBSD 3.9, the text is about hardware vendors that do not provide documentation and do not want to release the source code for drivers. The OpenBSD team calls such drivers blobs, and refuses to include them because they are a threat to the integrity and stability of the system.

Since the end of 2014, USB 3.0 is also supported.

Since version 5.9 there is support to start up with UEFI.

Platforms

OpenBSD is available for the following platforms:

• alpha (DEC Alpha- based systems)
• amd64 (AMD64- based systems)
• armv7 (replaces beagle. For ARM-based devices such as BeagleBone, BeagleBoard, PandaBoard ES.)
• hppa (HP Precision Architecture (PA-RISC) systems)
• i386 (IA-32)
• landisk (Hitachi SH-4 processor-based network systems)
• loongson (2E and 2F MIPS- based machines)
• luna88k (Omron LUNA-88K and LUNA-88K2 workstations)
• macppc (Apple New World PowerPC- based machines, from the iMac)
• octeon (Cavium Octeon-based MIPS64 systems)
• sgi (SGI MIPS- based workstations)
• sparc64 (Sun UltraSPARC systems)

OpenBSD, however, runs on yet another platform, but this is considered "active porting attempt". This platform is:

• arm64 (ARMv8 with ARM64)

For a number of platforms, interest has declined to such an extent that they are considered "stagnant platforms". These platforms are:

• amiga (Amiga and DraCo systems with MMU)
• armish (ARM- based devices (from Thecus, IO-DATA, and others))
• arc (ARC-compatible MIPS R4k and R5k systems)
• aviion (Motorola M881x0-based Data General AViiON systems)
• cats (StrongARM 110 Evaluation Board)
• hp300 (HP 9000 series 300 and 400 workstations)
• hppa64 (Hewlett-Packard Precision Architecture (PA-RISC) 64-bit systems)
• mvme68k (Motorola 680x0-based VME systems)
• mvme88k (Motorola 881x0-based VME systems)
• palm (PDAs based on Palm/PXA)
• pegasos (Pegasos machines by Genesi Sarl. PowerPC-based, VIA chip motherboards.)
• pmax (Digital MIPS-based systems)
• socppc (Freescale PowerPC SoC- based machines)
• solbourne (Solbourne "IDT" Sparc-like S3000, S4000 and S4000DX systems).
• sparc (Sun sun4, sun4c and sun4m class SPARC systems)
• sun3 (Sun sun3 class systems)
• vax (DEC VAX- based systems)
• zaurus (Sharp Zaurus C3x00 PDAs).