LWN.net Logo

OpenBSD 3.5: a peek at another free Unix

OpenBSD 3.5: a peek at another free Unix

Posted May 6, 2004 12:20 UTC (Thu) by oseemann (subscriber, #6687)
Parent article: OpenBSD 3.5: a peek at another free Unix

for a more complete overview of openbsd's security features see:

http://www.openbsd.org/security.html

excerpt:

  • overflow protection with W^X and ProPolice
  • heavy use of random numbers (for process IDs, port numbers, ...) making it more difficult to predict sensitive information (like with the recent tcp vulnerability)
  • extensive code audits, use of secure string operations (like strlcpy, yeah they go through *all* the code and replace functions where necessary)
  • privilege separation for sshd, named, isakmpd, ...

    what i like is that the complete system is relatively compact. it comes from one cd and uses only a few hundred MBs. security patches are transparent (patch && make). the documentation is very good.

    on the bad side is that the performance is not as fast as on linux/freebsd (personally, not a problem for me. it's doing fine on a 200mhz, 32mb machine as a firewall, router). and much of the software comes by default in old (but stable, relatively secure) versions.


    (Log in to post comments)

  • Copyright © 2013, Eklektix, Inc.
    Comments and public postings are copyrighted by their creators.
    Linux is a registered trademark of Linus Torvalds