fbpx
Wikipedia

OpenBSD security features

January 01, 1970

The OpenBSD operating system focuses on security and the development of security features.[1][2]: xxvii [3] According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."[2]: xxix 

API and build changes edit

Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the strcpy and strcat string functions in the C programming language. There are two common alternatives, strncpy and strncat, but they can also be difficult to understand and easy to misuse,[4][5] so OpenBSD developers Todd C. Miller and Theo de Raadt designed the strlcpy and strlcat functions.[6] These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed.[7] They have been adopted by the NetBSD and FreeBSD projects but not by the GNU C Library.[8]

On OpenBSD, the linker has been changed to issue a warning when unsafe string manipulation functions, such as strcpy, strcat, or sprintf, are found. All occurrences of these functions in the OpenBSD source tree have been replaced.[citation needed] In addition, a static bounds checker is included in OpenBSD in an attempt to find other common programming mistakes at compile time.[9] Other security-related APIs developed by the OpenBSD project include issetugid[10] and arc4random.[11]

Kernel randomization edit

In a June 2017 email, Theo de Raadt stated that a problem with stable systems was that they could be running for months at a time. Although there is considerable randomization within the kernel, some key addresses remain the same. The project in progress modifies the linker so that on every boot, the kernel is relinked, as well as all other randomizations. This differs from kernel ASLR; in the email he states that "As a result, every new kernel is unique. The relative offsets between functions and data are unique ... [The current] change is scaffolding to ensure you boot a newly-linked kernel upon every reboot ... so that a new random kernel can be linked together ... On a fast machine it takes less than a second ... A reboot runs the new kernel, and yet another kernel is built for the next boot. The internal deltas between functions inside the kernel are not where an attacker expects them to be, so he'll need better info leaks".[12]

Memory protection edit

OpenBSD integrates several technologies to help protect the operating system from attacks such as buffer overflows or integer overflows.

Developed by Hiroaki Etoh, ProPolice is a GCC extension designed to protect applications from stack-smashing attacks.[13] It does this through a number of operations: local stack variables are reordered to place buffers after pointers, protecting them from corruption in case of a buffer overflow; pointers from function arguments are also placed before local buffers; and a canary value is placed after local buffers which, when the function exits, can sometimes be used to detect buffer overflows. ProPolice chooses whether or not to protect a buffer based on automatic heuristics which judge how vulnerable it is, reducing the performance overhead of the protection.[vague] It was integrated in OpenBSD's version GCC in December 2002, and first made available in OpenBSD 3.3;[14] it was applied to the kernel in release 3.4.[15] The extension works on all the CPU architectures supported by OpenBSD and is enabled by default, so any C code compiled will be protected without user intervention.[16]

In May 2004, OpenBSD on the SPARC platform received further stack protection in the form of StackGhost. This makes use of features of the SPARC architecture to help prevent exploitation of buffer overflows.[17] Support for SPARC64 was added to -current in March 2005.

OpenBSD 3.4 introduced W^X, a memory management scheme to ensure that memory is either writable or executable, but never both, which provides another layer of protection against buffer overflows. While this is relatively easy to implement on a platform like x86-64, which has hardware support for the NX bit, OpenBSD is one of the few OSes to support this on the generic i386 platform,[18] which lacks built in per-page execute controls.

During the development cycle of the 3.8 release, changes were made to the malloc memory management functions. In traditional Unix operating systems, malloc allocates more memory by extending the Unix data segment, a practice that has made it difficult to implement strong protection against security problems.[vague] The malloc implementation now in OpenBSD makes use of the mmap system call, which was modified so that it returns random memory addresses and ensures that different areas are not mapped next to each other. In addition, allocation of small blocks in shared areas are now randomized and the free function was changed to return memory to the kernel immediately rather than leaving it mapped into the process. A number of additional, optional checks were also added to aid in development.[citation needed] These features make program bugs easier to detect and harder to exploit: instead of memory being corrupted or an invalid access being ignored, they often result in a segmentation fault and abortion of the process. This has brought to light several issues with software running on OpenBSD 3.8, particularly with programs reading beyond the start or end of a buffer, a type of bug that would previously not be detected directly but can now cause an error.[citation needed] These abilities took more than three years to implement without considerable performance loss.

Cryptography and randomization edit

One of the goals of the OpenBSD project is the integration of facilities and software for strong cryptography into the core operating system. To this end, a number of low-level features are provided, including a source of strong pseudo random numbers;[19] built-in cryptographic hash functions and transforms; and support for cryptographic hardware (OpenBSD Cryptographic Framework). These abilities are used throughout OpenBSD, including the bcrypt password-hashing algorithm[20] derived from Bruce Schneier's Blowfish block cipher, which takes advantage of the CPU-intensive Blowfish key schedule, making brute-force attacks less practical.

In OpenBSD 5.3, support for full disk encryption was introduced,[21] but enabling it during the installation of OpenBSD had required manual intervention from the user by exiting the installer and entering some commands. Starting from OpenBSD 7.3, the installer supports enabling full disk encryption using a guided procedure, not requiring manual intervention anymore.[22][23]

To protect sensitive information such as passwords from leaking on to disk, where they can persist for many years, OpenBSD supports encryption of swap space. The swap space is split up into many small regions that are each assigned their own encryption key, which is generated randomly and automatically with no input from the user, held entirely in memory, and never written to disk except when hibernating; as soon as the data in a region is no longer required, OpenBSD discards its encryption key, effectively transforming the data in that region into useless garbage.[24] Toggling this feature can be done using a single sysctl configuration option, and doesn't require any prior setup, disk partitioning, or partition-related settings to be done/changed; furthermore, there is no choice of encryption parameters (such as the algorithm or key length to use), as strong parameters are always used. There is no harm and no loss of functionality with this feature, because the encryption keys used to access swapped processes are only lost when the computer crashes (e.g. power loss), after which all operating systems discard the previous contents of the memory and swap anyway, and because hibernation continues to work as usual with this feature. This feature is enabled by default in OpenBSD 3.8 (released in November 2005) and later; OpenBSD, as of 2022, remains the only prominent operating system to have swap encrypted by default independently of disk encryption and its user-provided password. (Windows requires[citation needed] toggling a configuration setting that is not presented in its user-facing Control Panel and Settings apps, and other operating systems, including macOS[citation needed], FreeBSD,[25] and every Linux-based operating system[citation needed], rely on the existing disk encryption features to encrypt the swap, which often (a) need to be enabled by the user manually, (b) require setup (if disk encryption wasn't chosen during the operating system's installation) which is not as trivial to do as toggling swap encryption on OpenBSD, and (c) use the user-provided password, which users need to remember and could be weak/guessable or even extracted out of the users.)

The network stack also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker, including TCP initial sequence numbers and timestamps, and ephemeral source ports.[26] A number of features to increase network resilience and availability, including countermeasures for problems with ICMP and software for redundancy, such as CARP and pfsync, are also included. The project was the first to disable the plain-text telnet daemon in favor of the encrypted SSH daemon, in 1999,[27] and features other integrated cryptographic software such as IPsec. The telnet daemon was completely removed from OpenBSD in 2005[28] before the release of OpenBSD version 3.8.

The OpenBSD project had invented their own utility for cryptographic signing and verification of files, signify,[29] instead of using existing standards and software such as OpenPGP and GnuPG. The creator of the signify utility, Ted Unangst, wrote in 2015, speaking of OpenPGP and GnuPG: "The concerns I had using an existing tool were complexity, quality, and complexity."[29] This is in line with the project's longtime tendency to reduce complexity, and in turn, reduce the probability of vulnerabilities existing in the software, and help the user understand the software better and make more security-educated decisions. signify is integrated into the base operating system and used for verification of all releases, patches, and packages starting with OpenBSD 5.5.[30][31] In contrast, other Free Software operating systems and security-focused software tend to use OpenPGP for release verification, and as of 2022 continue to do so, including: Debian, a prominent operating system that's also used as a base for other operating systems, including Ubuntu;[32] Kali Linux, a specialized operating system for penetration testing, security research, digital forensics, and reverse engineering;[33] Qubes OS, a security-focused operating system;[34] Tor Browser, an anonymous Web browser;[35] SecureDrop, a software package for journalists and whistleblowers to exchange information securely and anonymously over the Internet;[36] and VeraCrypt, a software program for on-the-fly encryption and full disk encryption.[37]

X11 edit

In X11 on OpenBSD, neither the X server nor X clients normally have any escalated direct memory or hardware privileges: When driving X with the Intel(4) or Radeon(4) drivers, these normally interact with the underlying hardware via the Direct Rendering Management(4) kernel interface only, so that lowlevel memory/hardware access is handled solely by the kernel. Other drivers such as WSFB follow a similar pattern. For this reason, X11 on OpenBSD does not open up lowlevel memory or hardware access to user/root programs as is done on some other systems, and as was done in the past, which then needed the user to escalate the machdep.allowaperture setting from its default zero setting, to an unsecure setting.[citation needed]

OpenBSD's version of the X Window System (named Xenocara) has some security modifications. The server and some of the default applications are patched to make use of privilege separation, and OpenBSD provides an "aperture" driver to limit X's access to memory.[38] However, after work on X security flaws by Loïc Duflot, Theo de Raadt commented that the aperture driver was merely "the best we can do" and that X "violates all the security models you will hear of in a university class."[39] He went on to castigate X developers for "taking their time at solving this > 10-year-old problem." On November 29, 2006, a VESA kernel driver was developed that permitted X to run, albeit more slowly, without the use of the aperture driver.[40]

On February 15, 2014, X was further modified to allow it to run without root privileges.[41][42]

After the discovery of a security vulnerability in X,[43] OpenBSD doesn't support the running of X as a root user and only supports running X via a display manager as a dedicated _x11 user.

Other features edit

Privilege separation,[44] privilege revocation, chrooting and randomized loading of libraries also play a role in increasing the security of the system. Many of these have been applied to the OpenBSD versions of common programs such as tcpdump and Apache, and to the BSD Authentication system.

OpenBSD has a history of providing its users with full disclosure in relation to various bugs and security breaches detected by the OpenBSD team.[45] This is exemplified by the project's slogan: "Only two remote holes in the default install, in a heck of a long time!"

OpenBSD is intended to be secure by default, which includes (but is not limited to) having all non-essential services be disabled by default. This is done not only to not require users to learn how and waste time to secure their computers after installing OpenBSD, but also in hope of making users more aware of security considerations, by requiring them to make conscious decisions to enable features that could reduce their security. [46]

OpenBSD 5.9 included support for the then–new pledge system call (introduced in OpenBSD 5.8 as tame and renamed in 5.9 to pledge) for restricting process capabilities to a minimal subset required for correct operation.[47] If the process is compromised and attempts to perform an unintended behavior, it will be terminated by the kernel. OpenBSD 6.4 introduced the unveil system call for restricting filesystem visibility to a minimum level.[48] pledge and unveil are used together to confine applications, further limiting what they're otherwise permitted to do under the user account they're running as. Since the introduction of pledge, base OpenBSD programs (included out of the box in OpenBSD), applications (handled by their developers), and ports (of applications, handled by the OpenBSD team) have been updated to be confined with pledge and/or unveil. Some examples of third-party applications updated with these features (by their developers or in OpenBSD's app ports) include the Chromium and Firefox web browsers.

References edit

  1. ^ Korff, Yanek; Hope, Paco; Potter, Bruce (2005). Mastering FreeBSD and OpenBSD security. Sebastopol, California, USA: O'Reilly. ISBN 0-596-00626-8.
  2. ^ a b Lucas, Michael W. (2013). Absolute OpenBSD: Unix for the practical paranoid (2nd ed.). San Francisco: No Starch Press. ISBN 978-1-59327-476-4.
  3. ^ Palmer, Brandon; Nazario, Jose (2004). Secure Architectures with OpenBSD. Boston: Addison-Wesley. ISBN 0-321-19366-0.
  4. ^ "strncpy – copy part of a string to another". OpenBSD manual pages. Retrieved May 14, 2021.
  5. ^ "strncat – concatenate a string with part of another". OpenBSD manual pages. Retrieved May 14, 2021.
  6. ^ "strlcpy, strlcat – size-bounded string copying and concatenation". OpenBSD manual pages. Retrieved May 14, 2021.
  7. ^ Miller, Todd C.; de Raadt, Theo (June 6, 1999). strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. USENIX Annual Technical Conference. Monterey, California. Retrieved May 26, 2016.
  8. ^ Drepper, Ulrich (August 8, 2000). "Re: PATCH: safe string copy and concatenation". libc-alpha@sources.redhat.com (Mailing list). Retrieved May 26, 2016.
  9. ^ Madhavapeddy, Anil (June 26, 2003). "CVS: cvs.openbsd.org: src". openbsd-cvs (Mailing list). Retrieved March 31, 2013.
  10. ^ "issetugid – is current executable running setuid or setgid". OpenBSD manual pages. Retrieved May 14, 2021.
  11. ^ "arc4random, arc4random_buf, arc4random_uniform – random number generator". OpenBSD manual pages. Retrieved May 14, 2021.
  12. ^ email 2017-06-13
  13. ^ . IBM Research. Archived from the original on June 4, 2014. Retrieved May 26, 2016.
  14. ^ "OpenBSD 3.3". OpenBSD. Retrieved May 28, 2016. Integration of the ProPolice stack protection technology [...] into the system compiler.
  15. ^ "OpenBSD 3.4". OpenBSD. Retrieved May 28, 2016. ProPolice stack protection has been enabled in the kernel as well.
  16. ^ "gcc-local – local modifications to gcc". OpenBSD manual pages. Retrieved May 28, 2016. gcc comes with the 'ProPolice' stack protection extension, which is enabled by default.
  17. ^ Frantzen, Mike; Shuey, Mike (August 13, 2001). StackGhost: Hardware Facilitated Stack Protection. 10th USENIX Security Symposium. Washington, D.C. Retrieved May 26, 2016.
  18. ^ "OpenBSD 5.8". OpenBSD. Retrieved May 28, 2016. Support for the NX (No-eXecute) bit on i386, resulting in much better W^X enforcement in userland for hardware that has this feature.
  19. ^ de Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (June 6, 1999). Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved January 30, 2005.
  20. ^ Provos, Niels; Mazières, David (June 6, 1999). A Future-Adaptable Password Scheme. USENIX Annual Technical Conference. Monterey, California. Retrieved May 26, 2016.
  21. ^ "OpenBSD 5.3". OpenBSD. Retrieved May 26, 2016.
  22. ^ "OpenBSD 7.3". www.openbsd.org. Retrieved April 19, 2023.
  23. ^ "Initial support for guided disk encryption in the installer". undeadly.org. Retrieved April 19, 2023.
  24. ^ Provos, Niels (August 14, 2000). Encrypting Virtual Memory. 9th USENIX Security Symposium. Denver, Colorado. Retrieved April 9, 2006.
  25. ^ "Chapter 20. Storage — 20.14. Encrypting Swap". FreeBSD Documentation Portal. Retrieved September 27, 2023.
  26. ^ Biancuzzi, Federico (October 12, 2005). "OpenBSD's network stack". SecurityFocus. Retrieved December 10, 2005.
  27. ^ de Raadt, Theo (April 10, 1999). "disable telnet/ftp/login by default, for now". OpenBSD.
  28. ^ de Raadt, Theo (May 25, 2005). "CVS: cvs.openbsd.org: src". OpenBSD-CVS mailing list. Removed files: libexec/telnetd
  29. ^ a b Unangst, Ted. "signify: Securing OpenBSD From Us To You". www.openbsd.org. BSDCan 2015 (June), Ottawa, Canada. Retrieved July 12, 2022.
  30. ^ "OpenBSD 5.5". www.openbsd.org. Retrieved July 12, 2022.
  31. ^ "OpenBSD: Innovations". www.openbsd.org.
  32. ^ "Verifying authenticity of Debian images". www.debian.org. Retrieved July 12, 2022.
  33. ^ "Download Kali Linux Images Securely | Kali Linux Documentation". Kali Linux. Retrieved July 12, 2022.
  34. ^ "Verifying signatures". Qubes OS. Retrieved July 12, 2022.
  35. ^ "How can I verify Tor Browser's signature? | Tor Project | Support". support.torproject.org. Retrieved July 12, 2022.
  36. ^ "Share and accept documents securely". SecureDrop. Freedom of the Press Foundation. Retrieved July 12, 2022.
  37. ^ "VeraCrypt - Free Open source disk encryption with strong security for the Paranoid". veracrypt.fr. IDRIX. Retrieved July 12, 2022.
  38. ^ "xf86 – X Window System aperture driver". OpenBSD manual pages. Retrieved May 14, 2021.
  39. ^ de Raadt, Theo (May 11, 2006). "Re: security bug in x86 hardware (thanks to X WIndows)". openbsd-misc (Mailing list). Retrieved May 26, 2016.
  40. ^ Herrb, Matthieu (November 29, 2006). "CVS: cvs.openbsd.org: XF4". openbsd-cvs (Mailing list). Retrieved May 26, 2016.
  41. ^ Kettenis, Mark (February 15, 2014). "CVS: cvs.openbsd.org: xenocara". openbsd-cvs (Mailing list). Retrieved May 26, 2016.
  42. ^ "Xorg can now run without privilege on OpenBSD". OpenBSD Journal. February 22, 2014. Retrieved May 26, 2016.
  43. ^ "OpenBSD 6.4 Errata". www.openbsd.org. Retrieved May 23, 2019.
  44. ^ Provos, Niels; Friedl, Markus; Honeyman, Peter (August 4, 2003). Preventing Privilege Escalation. 12th USENIX Security Symposium. Washington, D.C. Retrieved May 26, 2016.
  45. ^ Miller, Robin (December 11, 2000). "Theo de Raadt Responds". Slashdot. from the original on July 28, 2011. Retrieved May 16, 2014.
  46. ^ "OpenBSD: Security — "Secure by Default"". www.openbsd.org. Retrieved September 27, 2023.
  47. ^ "pledge() - a new mitigation mechanism". OpenBSD. Retrieved May 19, 2018.
  48. ^ "unveil — unveil parts of a restricted filesystem view". OpenBSD manual pages. Retrieved May 15, 2020.

External links edit

  • Exploit Mitigation Techniques: an Update After 10 Years February 20, 2014, at the Wayback Machine
  • Theo de Raadt's email about secure programming: On the matter of strlcpy/strlcat acceptance by industry

January 01, 1970
openbsd, security, features, this, article, missing, information, about, libressl, project, tendency, reduce, software, complexity, please, expand, article, include, this, information, further, details, exist, talk, page, april, 2023, this, article, needs, upd. This article is missing information about LibreSSL and the project s tendency to reduce software complexity Please expand the article to include this information Further details may exist on the talk page April 2023 This article needs to be updated The reason given is OpenBSD 7 3 was released with new security features see release notes independent news report and updated list of innovations Please help update this article to reflect recent events or newly available information April 2023 The OpenBSD operating system focuses on security and the development of security features 1 2 xxvii 3 According to author Michael W Lucas OpenBSD is widely regarded as the most secure operating system available anywhere under any licensing terms 2 xxix Contents 1 API and build changes 2 Kernel randomization 3 Memory protection 4 Cryptography and randomization 5 X11 6 Other features 7 References 8 External linksAPI and build changes editBugs and security flaws are often caused by programmer error A common source of error is the misuse of the a href Strcpy html class mw redirect title Strcpy strcpy a and a href Strcat html class mw redirect title Strcat strcat a string functions in the C programming language There are two common alternatives a href Strncpy html class mw redirect title Strncpy strncpy a and a href Strncat html class mw redirect title Strncat strncat a but they can also be difficult to understand and easy to misuse 4 5 so OpenBSD developers Todd C Miller and Theo de Raadt designed the a href Strlcpy html class mw redirect title Strlcpy strlcpy a and a href Strlcat html class mw redirect title Strlcat strlcat a functions 6 These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed 7 They have been adopted by the NetBSD and FreeBSD projects but not by the GNU C Library 8 On OpenBSD the linker has been changed to issue a warning when unsafe string manipulation functions such as strcpy strcat or a href Sprintf html class mw redirect title Sprintf sprintf a are found All occurrences of these functions in the OpenBSD source tree have been replaced citation needed In addition a static bounds checker is included in OpenBSD in an attempt to find other common programming mistakes at compile time 9 Other security related APIs developed by the OpenBSD project include issetugid 10 and a href RC4 html RC4 based random number generators title RC4 arc4random a 11 Kernel randomization editIn a June 2017 email Theo de Raadt stated that a problem with stable systems was that they could be running for months at a time Although there is considerable randomization within the kernel some key addresses remain the same The project in progress modifies the linker so that on every boot the kernel is relinked as well as all other randomizations This differs from kernel ASLR in the email he states that As a result every new kernel is unique The relative offsets between functions and data are unique The current change is scaffolding to ensure you boot a newly linked kernel upon every reboot so that a new random kernel can be linked together On a fast machine it takes less than a second A reboot runs the new kernel and yet another kernel is built for the next boot The internal deltas between functions inside the kernel are not where an attacker expects them to be so he ll need better info leaks 12 Memory protection editOpenBSD integrates several technologies to help protect the operating system from attacks such as buffer overflows or integer overflows Developed by Hiroaki Etoh ProPolice is a GCC extension designed to protect applications from stack smashing attacks 13 It does this through a number of operations local stack variables are reordered to place buffers after pointers protecting them from corruption in case of a buffer overflow pointers from function arguments are also placed before local buffers and a canary value is placed after local buffers which when the function exits can sometimes be used to detect buffer overflows ProPolice chooses whether or not to protect a buffer based on automatic heuristics which judge how vulnerable it is reducing the performance overhead of the protection vague It was integrated in OpenBSD s version GCC in December 2002 and first made available in OpenBSD 3 3 14 it was applied to the kernel in release 3 4 15 The extension works on all the CPU architectures supported by OpenBSD and is enabled by default so any C code compiled will be protected without user intervention 16 In May 2004 OpenBSD on the SPARC platform received further stack protection in the form of StackGhost This makes use of features of the SPARC architecture to help prevent exploitation of buffer overflows 17 Support for SPARC64 was added to current in March 2005 OpenBSD 3 4 introduced W X a memory management scheme to ensure that memory is either writable or executable but never both which provides another layer of protection against buffer overflows While this is relatively easy to implement on a platform like x86 64 which has hardware support for the NX bit OpenBSD is one of the few OSes to support this on the generic i386 platform 18 which lacks built in per page execute controls During the development cycle of the 3 8 release changes were made to the a href Malloc html class mw redirect title Malloc malloc a memory management functions In traditional Unix operating systems malloc allocates more memory by extending the Unix data segment a practice that has made it difficult to implement strong protection against security problems vague The malloc implementation now in OpenBSD makes use of the a href Mmap html title Mmap mmap a system call which was modified so that it returns random memory addresses and ensures that different areas are not mapped next to each other In addition allocation of small blocks in shared areas are now randomized and the free function was changed to return memory to the kernel immediately rather than leaving it mapped into the process A number of additional optional checks were also added to aid in development citation needed These features make program bugs easier to detect and harder to exploit instead of memory being corrupted or an invalid access being ignored they often result in a segmentation fault and abortion of the process This has brought to light several issues with software running on OpenBSD 3 8 particularly with programs reading beyond the start or end of a buffer a type of bug that would previously not be detected directly but can now cause an error citation needed These abilities took more than three years to implement without considerable performance loss Cryptography and randomization editOne of the goals of the OpenBSD project is the integration of facilities and software for strong cryptography into the core operating system To this end a number of low level features are provided including a source of strong pseudo random numbers 19 built in cryptographic hash functions and transforms and support for cryptographic hardware OpenBSD Cryptographic Framework These abilities are used throughout OpenBSD including the bcrypt password hashing algorithm 20 derived from Bruce Schneier s Blowfish block cipher which takes advantage of the CPU intensive Blowfish key schedule making brute force attacks less practical In OpenBSD 5 3 support for full disk encryption was introduced 21 but enabling it during the installation of OpenBSD had required manual intervention from the user by exiting the installer and entering some commands Starting from OpenBSD 7 3 the installer supports enabling full disk encryption using a guided procedure not requiring manual intervention anymore 22 23 To protect sensitive information such as passwords from leaking on to disk where they can persist for many years OpenBSD supports encryption of swap space The swap space is split up into many small regions that are each assigned their own encryption key which is generated randomly and automatically with no input from the user held entirely in memory and never written to disk except when hibernating as soon as the data in a region is no longer required OpenBSD discards its encryption key effectively transforming the data in that region into useless garbage 24 Toggling this feature can be done using a single sysctl configuration option and doesn t require any prior setup disk partitioning or partition related settings to be done changed furthermore there is no choice of encryption parameters such as the algorithm or key length to use as strong parameters are always used There is no harm and no loss of functionality with this feature because the encryption keys used to access swapped processes are only lost when the computer crashes e g power loss after which all operating systems discard the previous contents of the memory and swap anyway and because hibernation continues to work as usual with this feature This feature is enabled by default in OpenBSD 3 8 released in November 2005 and later OpenBSD as of 2022 remains the only prominent operating system to have swap encrypted by default independently of disk encryption and its user provided password Windows requires citation needed toggling a configuration setting that is not presented in its user facing Control Panel and Settings apps and other operating systems including macOS citation needed FreeBSD 25 and every Linux based operating system citation needed rely on the existing disk encryption features to encrypt the swap which often a need to be enabled by the user manually b require setup if disk encryption wasn t chosen during the operating system s installation which is not as trivial to do as toggling swap encryption on OpenBSD and c use the user provided password which users need to remember and could be weak guessable or even extracted out of the users The network stack also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker including TCP initial sequence numbers and timestamps and ephemeral source ports 26 A number of features to increase network resilience and availability including countermeasures for problems with ICMP and software for redundancy such as CARP and pfsync are also included The project was the first to disable the plain text telnet daemon in favor of the encrypted SSH daemon in 1999 27 and features other integrated cryptographic software such as IPsec The telnet daemon was completely removed from OpenBSD in 2005 28 before the release of OpenBSD version 3 8 The OpenBSD project had invented their own utility for cryptographic signing and verification of files signify 29 instead of using existing standards and software such as OpenPGP and GnuPG The creator of the signify utility Ted Unangst wrote in 2015 speaking of OpenPGP and GnuPG The concerns I had using an existing tool were complexity quality and complexity 29 This is in line with the project s longtime tendency to reduce complexity and in turn reduce the probability of vulnerabilities existing in the software and help the user understand the software better and make more security educated decisions signify is integrated into the base operating system and used for verification of all releases patches and packages starting with OpenBSD 5 5 30 31 In contrast other Free Software operating systems and security focused software tend to use OpenPGP for release verification and as of 2022 continue to do so including Debian a prominent operating system that s also used as a base for other operating systems including Ubuntu 32 Kali Linux a specialized operating system for penetration testing security research digital forensics and reverse engineering 33 Qubes OS a security focused operating system 34 Tor Browser an anonymous Web browser 35 SecureDrop a software package for journalists and whistleblowers to exchange information securely and anonymously over the Internet 36 and VeraCrypt a software program for on the fly encryption and full disk encryption 37 X11 editIn X11 on OpenBSD neither the X server nor X clients normally have any escalated direct memory or hardware privileges When driving X with the Intel 4 or Radeon 4 drivers these normally interact with the underlying hardware via the Direct Rendering Management 4 kernel interface only so that lowlevel memory hardware access is handled solely by the kernel Other drivers such as WSFB follow a similar pattern For this reason X11 on OpenBSD does not open up lowlevel memory or hardware access to user root programs as is done on some other systems and as was done in the past which then needed the user to escalate the machdep allowaperture setting from its default zero setting to an unsecure setting citation needed OpenBSD s version of the X Window System named Xenocara has some security modifications The server and some of the default applications are patched to make use of privilege separation and OpenBSD provides an aperture driver to limit X s access to memory 38 However after work on X security flaws by Loic Duflot Theo de Raadt commented that the aperture driver was merely the best we can do and that X violates all the security models you will hear of in a university class 39 He went on to castigate X developers for taking their time at solving this gt 10 year old problem On November 29 2006 a VESA kernel driver was developed that permitted X to run albeit more slowly without the use of the aperture driver 40 On February 15 2014 X was further modified to allow it to run without root privileges 41 42 After the discovery of a security vulnerability in X 43 OpenBSD doesn t support the running of X as a root user and only supports running X via a display manager as a dedicated x11 user Other features editPrivilege separation 44 privilege revocation chrooting and randomized loading of libraries also play a role in increasing the security of the system Many of these have been applied to the OpenBSD versions of common programs such as tcpdump and Apache and to the BSD Authentication system OpenBSD has a history of providing its users with full disclosure in relation to various bugs and security breaches detected by the OpenBSD team 45 This is exemplified by the project s slogan Only two remote holes in the default install in a heck of a long time OpenBSD is intended to be secure by default which includes but is not limited to having all non essential services be disabled by default This is done not only to not require users to learn how and waste time to secure their computers after installing OpenBSD but also in hope of making users more aware of security considerations by requiring them to make conscious decisions to enable features that could reduce their security 46 OpenBSD 5 9 included support for the then new pledge system call introduced in OpenBSD 5 8 as tame and renamed in 5 9 to pledge for restricting process capabilities to a minimal subset required for correct operation 47 If the process is compromised and attempts to perform an unintended behavior it will be terminated by the kernel OpenBSD 6 4 introduced the unveil system call for restricting filesystem visibility to a minimum level 48 pledge and unveil are used together to confine applications further limiting what they re otherwise permitted to do under the user account they re running as Since the introduction of pledge base OpenBSD programs included out of the box in OpenBSD applications handled by their developers and ports of applications handled by the OpenBSD team have been updated to be confined with pledge and or unveil Some examples of third party applications updated with these features by their developers or in OpenBSD s app ports include the Chromium and Firefox web browsers References edit Korff Yanek Hope Paco Potter Bruce 2005 Mastering FreeBSD and OpenBSD security Sebastopol California USA O Reilly ISBN 0 596 00626 8 a b Lucas Michael W 2013 Absolute OpenBSD Unix for the practical paranoid 2nd ed San Francisco No Starch Press ISBN 978 1 59327 476 4 Palmer Brandon Nazario Jose 2004 Secure Architectures with OpenBSD Boston Addison Wesley ISBN 0 321 19366 0 strncpy copy part of a string to another OpenBSD manual pages Retrieved May 14 2021 strncat concatenate a string with part of another OpenBSD manual pages Retrieved May 14 2021 strlcpy strlcat size bounded string copying and concatenation OpenBSD manual pages Retrieved May 14 2021 Miller Todd C de Raadt Theo June 6 1999 strlcpy and strlcat Consistent Safe String Copy and Concatenation USENIX Annual Technical Conference Monterey California Retrieved May 26 2016 Drepper Ulrich August 8 2000 Re PATCH safe string copy and concatenation libc alpha sources redhat com Mailing list Retrieved May 26 2016 Madhavapeddy Anil June 26 2003 CVS cvs openbsd org src openbsd cvs Mailing list Retrieved March 31 2013 issetugid is current executable running setuid or setgid OpenBSD manual pages Retrieved May 14 2021 arc4random arc4random buf arc4random uniform random number generator OpenBSD manual pages Retrieved May 14 2021 email 2017 06 13 GCC extension for protecting applications from stack smashing attacks IBM Research Archived from the original on June 4 2014 Retrieved May 26 2016 OpenBSD 3 3 OpenBSD Retrieved May 28 2016 Integration of the ProPolice stack protection technology into the system compiler OpenBSD 3 4 OpenBSD Retrieved May 28 2016 ProPolice stack protection has been enabled in the kernel as well gcc local local modifications to gcc OpenBSD manual pages Retrieved May 28 2016 gcc comes with the ProPolice stack protection extension which is enabled by default Frantzen Mike Shuey Mike August 13 2001 StackGhost Hardware Facilitated Stack Protection 10th USENIX Security Symposium Washington D C Retrieved May 26 2016 OpenBSD 5 8 OpenBSD Retrieved May 28 2016 Support for the NX No eXecute bit on i386 resulting in much better W X enforcement in userland for hardware that has this feature de Raadt Theo Hallqvist Niklas Grabowski Artur Keromytis Angelos D Provos Niels June 6 1999 Cryptography in OpenBSD An Overview USENIX Annual Technical Conference Monterey California Retrieved January 30 2005 Provos Niels Mazieres David June 6 1999 A Future Adaptable Password Scheme USENIX Annual Technical Conference Monterey California Retrieved May 26 2016 OpenBSD 5 3 OpenBSD Retrieved May 26 2016 OpenBSD 7 3 www openbsd org Retrieved April 19 2023 Initial support for guided disk encryption in the installer undeadly org Retrieved April 19 2023 Provos Niels August 14 2000 Encrypting Virtual Memory 9th USENIX Security Symposium Denver Colorado Retrieved April 9 2006 Chapter 20 Storage 20 14 Encrypting Swap FreeBSD Documentation Portal Retrieved September 27 2023 Biancuzzi Federico October 12 2005 OpenBSD s network stack SecurityFocus Retrieved December 10 2005 de Raadt Theo April 10 1999 disable telnet ftp login by default for now OpenBSD de Raadt Theo May 25 2005 CVS cvs openbsd org src OpenBSD CVS mailing list Removed files libexec telnetd a b Unangst Ted signify Securing OpenBSD From Us To You www openbsd org BSDCan 2015 June Ottawa Canada Retrieved July 12 2022 OpenBSD 5 5 www openbsd org Retrieved July 12 2022 OpenBSD Innovations www openbsd org Verifying authenticity of Debian images www debian org Retrieved July 12 2022 Download Kali Linux Images Securely Kali Linux Documentation Kali Linux Retrieved July 12 2022 Verifying signatures Qubes OS Retrieved July 12 2022 How can I verify Tor Browser s signature Tor Project Support support torproject org Retrieved July 12 2022 Share and accept documents securely SecureDrop Freedom of the Press Foundation Retrieved July 12 2022 VeraCrypt Free Open source disk encryption with strong security for the Paranoid veracrypt fr IDRIX Retrieved July 12 2022 xf86 X Window System aperture driver OpenBSD manual pages Retrieved May 14 2021 de Raadt Theo May 11 2006 Re security bug in x86 hardware thanks to X WIndows openbsd misc Mailing list Retrieved May 26 2016 Herrb Matthieu November 29 2006 CVS cvs openbsd org XF4 openbsd cvs Mailing list Retrieved May 26 2016 Kettenis Mark February 15 2014 CVS cvs openbsd org xenocara openbsd cvs Mailing list Retrieved May 26 2016 Xorg can now run without privilege on OpenBSD OpenBSD Journal February 22 2014 Retrieved May 26 2016 OpenBSD 6 4 Errata www openbsd org Retrieved May 23 2019 Provos Niels Friedl Markus Honeyman Peter August 4 2003 Preventing Privilege Escalation 12th USENIX Security Symposium Washington D C Retrieved May 26 2016 Miller Robin December 11 2000 Theo de Raadt Responds Slashdot Archived from the original on July 28 2011 Retrieved May 16 2014 OpenBSD Security Secure by Default www openbsd org Retrieved September 27 2023 pledge a new mitigation mechanism OpenBSD Retrieved May 19 2018 unveil unveil parts of a restricted filesystem view OpenBSD manual pages Retrieved May 15 2020 External links editExploit Mitigation Techniques an Update After 10 Years Archived February 20 2014 at the Wayback Machine Theo de Raadt s email about secure programming On the matter of strlcpy strlcat acceptance by industry Retrieved from https en wikipedia org w index php title OpenBSD security features amp oldid 1217964909, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.