BuniX.org - Business Unix Solutions
OpenBSD - Puffy
Site index
General
Home
Site info
System info
Personal
Assignments
PGP-key
Résumé
Unix / Linux
Projects
Unices
Valid XHTML 1.1! Valid CSS!

OpenBSD

OpenBSD website

This information is taken from Deamonnews.org.

In the early 1990s, Theo de Raadt had been responsible for the SPARC port of NetBSD as well as sundry other pieces of the NetBSD system. However, after a disagreement between Theo and the NetBSD core team concerning the direction of NetBSD's development, Theo struck out on his own and founded OpenBSD.

OpenBSD diverged from NetBSD around the release of NetBSD 1.1 in November of 1995. OpenBSD's first release came a year later when OpenBSD 2.0 was released in October of 1996. OpenBSD quickly began focusing on producing the most secure operating system available. Taking advantage of his Canadian residency, de Raadt realized he was not hampered by United States munitions export laws, allowing inclusion of strong cryptography including RSA, Blowfish, and other advanced algorithms. A modified version of the Blowfish algorithm is now in use for encrypting user passwords by default. OpenBSD developers also spear-headed the development of OpenSSH, a multiplatform clone of the wildly popular protocol for secure communications.

OpenBSD also advanced the state of code auditing. Beginning in 1996, the OpenBSD team began a line-by-line analysis of the entire operating system searching for security holes and potential bugs. Unix systems have been plagued for decades by the use of fixed-sized buffers. Besides being inconvenient for the programmer, they have lead to numerous security holes like the fingerd exploit in 4.2BSD. Other security holes relating to mishandling temporary files are easily caught. OpenBSD's ground breaking audit has also discovered security-related bugs in related operating systems including FreeBSD, NetBSD, and mainstream System V derivatives. However, the nature of this process allows general coding mistakes not relating to security to be caught and corrected, as well. Additionally, a number of bugs in Ports, or third party applications have been discovered through this process.

OpenBSD's mantra of "secure-by-default" has produced one of the most robust operating systems available. OpenBSD claims three years without a remote root-exploit allowing many system administrators to sleep better at night. Most of this security came from the ongoing code-audit, but a number of smarter defaults have also helped. For instance, OpenBSD does not leave open network ports in the default installation. If, and only if, a site needs access to finger, lpd, or other protocols should they be turned on. As a rule, they should be left off and the OpenBSD installation reflects that mind set. If a new remote exploit were discovered in the NFS software, the site would not be vulnerable unless NFS were actually needed and used.

OpenBSD is also a highly portable operating system. This is mainly the influence of its NetBSD lineage. While it runs stably and well on only a small fraction of the systems supported by NetBSD, it is still usable on over half a dozen architectures, including the ubiquitous Intel-based PC platform, Motorola 68k-based Macintoshes, and some VME boards.