OpenBSD 3.5: a peek at another free Unix
Posted May 6, 2004 12:20 UTC (Thu) by oseemann
Parent article: OpenBSD 3.5: a peek at another free Unix
for a more complete overview of openbsd's security features see:
overflow protection with W^X and ProPolice
heavy use of random numbers (for process IDs, port numbers, ...) making it more difficult to predict sensitive information (like with the recent tcp vulnerability)
extensive code audits, use of secure string operations (like strlcpy, yeah they go through *all* the code and replace functions where necessary)
privilege separation for sshd, named, isakmpd, ...
what i like is that the complete system is relatively compact. it comes from one cd and uses only a few hundred MBs. security patches are transparent (patch && make). the documentation is very good.
on the bad side is that the performance is not as fast as on linux/freebsd (personally, not a problem for me. it's doing fine on a 200mhz, 32mb machine as a firewall, router). and much of the software comes by default in old (but stable, relatively secure) versions.
(Log in to post comments)