LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

OpenBSD 3.5: a peek at another free Unix

OpenBSD 3.5: a peek at another free Unix

Posted May 6, 2004 12:20 UTC (Thu) by oseemann (subscriber, #6687)
Parent article: OpenBSD 3.5: a peek at another free Unix

for a more complete overview of openbsd's security features see:

http://www.openbsd.org/security.html

excerpt:

  • overflow protection with W^X and ProPolice
  • heavy use of random numbers (for process IDs, port numbers, ...) making it more difficult to predict sensitive information (like with the recent tcp vulnerability)
  • extensive code audits, use of secure string operations (like strlcpy, yeah they go through *all* the code and replace functions where necessary)
  • privilege separation for sshd, named, isakmpd, ...

    what i like is that the complete system is relatively compact. it comes from one cd and uses only a few hundred MBs. security patches are transparent (patch && make). the documentation is very good.

    on the bad side is that the performance is not as fast as on linux/freebsd (personally, not a problem for me. it's doing fine on a 200mhz, 32mb machine as a firewall, router). and much of the software comes by default in old (but stable, relatively secure) versions.

    (Log in to post comments)

    • Copyright © 2008, Eklektix, Inc.
    Comments and public postings are copyrighted by their creators.
    Linux is a registered trademark of Linus Torvalds
    Powered by Rackspace Managed Hosting.