Content deleted Content added
Undid revision 1190412567 by TakodaNotDakota (talk): "Could potentially" is redundant — "could" suffices; the topic of this article is security, and when presented with the theoretical options of having security by default versus working for it, the latter objectively "wastes time". |
No edit summary Tags: Mobile edit Mobile web edit |
||
| (6 intermediate revisions by 4 users not shown) | |||
Line 1:
{{Short description|Security features as used in OpenBSD operating system}}
{{Use mdy dates|date=June 2016}}
{{Missing information|[[LibreSSL]] and the project's tendency to reduce software complexity|talksection=Suggestions for Improvement|date=
{{Update|reason=OpenBSD 7.
The [[OpenBSD]] [[operating system]] focuses on [[computer security|security]] and the development of security features.{{r|Korff-Hope-and-Potter-2005}}{{r|Lucas-2013|p=xxvii}}{{r|Palmer-and-Nazario-2004}} According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."{{r|Lucas-2013|p=xxix}}
== API and build changes ==
Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the <code>[[strcpy]]</code> and <code>[[strcat]]</code> [[String (computer science)|string]] functions in the [[C programming language|C]] programming language. There are two common alternatives, <code>[[strncpy]]</code> and <code>[[strncat]]</code>, but they can also be difficult to understand and easy to misuse,<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/strncpy.3|title=strncpy – copy part of a string to another|website=OpenBSD manual pages|access-date=2021-05-14}}</ref><ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/strncat.3|title=strncat – concatenate a string with part of another|website=OpenBSD manual pages|access-date=2021-05-14}}</ref> so OpenBSD developers [[Todd C. Miller]] and [[Theo de Raadt]] designed the <code>[[strlcpy]]</code> and <code>[[strlcat]]</code> functions.<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/strlcat.3|title=strlcpy, strlcat – size-bounded string copying and concatenation|website=OpenBSD manual pages|access-date=2021-05-14}}</ref> These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed.<ref>{{cite conference |url=http://www.usenix.org/events/usenix99/millert.html |title=strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation |last1=Miller |first1=Todd C. |last2=de Raadt |first2=Theo |author-link2=Theo de Raadt |date=June 6, 1999 |conference=[[USENIX]] Annual Technical Conference |___location=Monterey, California |access-date=May 26, 2016}}</ref> They have been adopted by the NetBSD and FreeBSD projects but not by the [[GNU C Library]].<ref>{{cite mailing list |url=https://www.sourceware.org/ml/libc-alpha/2000-08/msg00053.html |title=Re: PATCH: safe string copy and concatenation |date=August 8, 2000 |access-date=May 26, 2016 |mailing-list=libc-alpha@sources.redhat.com |last=Drepper |first=Ulrich}}</ref>
On OpenBSD, the [[Linker (computing)|linker]] has been changed to issue a warning when [[C standard library#Buffer overflow vulnerabilities|unsafe string manipulation functions]], such as <code>strcpy</code>, <code>strcat</code>, or <code>[[sprintf]]</code>, are found. All occurrences of these functions in the OpenBSD source tree have been replaced.{{citation needed|reason=This is probably in their FAQ, or at least on the mailing lists (probably tech@)|date=May 2016}} In addition, a [[Static code analysis|static bounds checker]] is included in OpenBSD in an attempt to find other common programming mistakes at compile time.<ref>{{cite mailing list |url=https://marc.info/?l=openbsd-cvs&m=105665219927976 |title=CVS: cvs.openbsd.org: src |date=June 26, 2003 |access-date=March 31, 2013 |mailing-list=openbsd-cvs |last=Madhavapeddy |first=Anil }}</ref> Other security-related [[Application programming interface|APIs]] developed by the OpenBSD project include <code>issetugid</code><ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man2/issetugid.2|title=issetugid – is current executable running setuid or setgid|website=OpenBSD manual pages|access-date=2021-05-14}}</ref> and <code>[[RC4#RC4-based random number generators|arc4random]]</code>.<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/arc4random.3|title=arc4random, arc4random_buf, arc4random_uniform – random number generator|website=OpenBSD manual pages|access-date=2021-05-14}}</ref>
Line 34:
The [[network stack]] also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker, including [[Transmission Control Protocol|TCP]] initial sequence numbers and timestamps, and ephemeral source ports.<ref>{{Cite web|url=http://www.securityfocus.com/columnists/361|title=OpenBSD's network stack|last=Biancuzzi|first=Federico|date=October 12, 2005|publisher=[[SecurityFocus]]|access-date=December 10, 2005}}</ref> A number of features to increase network resilience and availability, including countermeasures for problems with [[Internet Control Message Protocol|ICMP]] and software for redundancy, such as [[Common Address Redundancy Protocol|CARP]] and [[pfsync]], are also included. The project was the first to disable the plain-text [[telnet]] daemon in favor of the encrypted [[Secure shell|SSH]] daemon, in 1999,<ref>{{cite web |date=10 April 1999 |first1=Theo |last1=de Raadt |author-link1=Theo de Raadt |title=disable telnet/ftp/login by default, for now |url=http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/Attic/inetd.conf?rev=1.32&content-type=text/x-cvsweb-markup|work=OpenBSD}}</ref> and features other integrated cryptographic software such as [[IPsec]]. The telnet daemon was completely removed from OpenBSD in 2005<ref>{{cite web |url=http://marc.info/?l=openbsd-cvs&m=111700017509177&w=2 |quote=Removed files: libexec/telnetd |title=CVS: cvs.openbsd.org: src |first1=Theo |last1=de Raadt |author-link1= Theo de Raadt |website=OpenBSD-CVS mailing list |date=25 May 2005}}</ref> before the release of OpenBSD version 3.8.
===Signify===
The OpenBSD project had invented their own utility for cryptographic signing and verification of files, <code>signify</code>,<ref name="BSDCan 2015 signify paper">{{cite web |last1=Unangst |first1=Ted |title=signify: Securing OpenBSD From Us To You |url=https://www.openbsd.org/papers/bsdcan-signify.html |website=www.openbsd.org |publisher=BSDCan 2015 (June), Ottawa, Canada |access-date=12 July 2022 |ref=bsdcan-signify}}</ref> instead of using existing standards and software such as [[OpenPGP]] and [[GNU Privacy Guard|GnuPG]]. The creator of the <code>signify</code> utility, Ted Unangst, wrote in 2015, speaking of [[OpenPGP]] and [[GNU Privacy Guard|GnuPG]]: ''"The concerns I had using an existing tool were complexity, quality, and complexity."''<ref name="BSDCan 2015 signify paper" /> This is in line with the project's longtime tendency to reduce complexity, and [[Vulnerability (computing)#Causes|in turn, reduce the probability of vulnerabilities]] existing in the software, and help the user understand the software better and make more security-educated decisions. <code>signify</code> is integrated into the base operating system and used for verification of all releases, patches, and packages starting with OpenBSD 5.5.<ref>{{cite web |title=OpenBSD 5.5 |url=https://www.openbsd.org/55.html |website=www.openbsd.org |access-date=12 July 2022}}</ref><ref>{{cite web |title=OpenBSD: Innovations |url=https://www.openbsd.org/innovations.html |website=www.openbsd.org |ref=innovations}}</ref> In contrast, other [[Free Software]] operating systems and security-focused software tend to use [[OpenPGP]] for release verification, and as of 2022 continue to do so, including: [[Debian]], a prominent operating system that's also used as a base for other operating systems, including [[Ubuntu]];<ref>{{cite web |title=Verifying authenticity of Debian images |url=https://www.debian.org/CD/verify |website=www.debian.org |access-date=12 July 2022}}</ref> [[Kali Linux]], a specialized operating system for [[penetration testing]], security research, [[digital forensics]], and [[Reverse engineering#Software|reverse engineering]];<ref>{{cite web |title=Download Kali Linux Images Securely {{!}} Kali Linux Documentation |url=https://www.kali.org/docs/introduction/download-images-securely/ |website=Kali Linux |access-date=12 July 2022 |language=English}}</ref> [[Qubes OS]], a security-focused operating system;<ref>{{cite web |title=Verifying signatures |url=https://www.qubes-os.org/security/verifying-signatures/ |website=Qubes OS |access-date=12 July 2022 |language=en}}</ref> [[Tor Browser]], an anonymous Web browser;<ref>{{cite web |title=How can I verify Tor Browser's signature? {{!}} Tor Project {{!}} Support |url=https://support.torproject.org/tbb/how-to-verify-signature/ |website=support.torproject.org |access-date=12 July 2022}}</ref> [[SecureDrop]], a software package for journalists and whistleblowers to exchange information securely and anonymously over the Internet;<ref>{{cite web |title=Share and accept documents securely |url=https://securedrop.org/ |website=SecureDrop |publisher=Freedom of the Press Foundation |access-date=12 July 2022 |language=en}}</ref> and [[VeraCrypt]], a software program for [[on-the-fly encryption]] and [[full disk encryption]].<ref>{{cite web |title=VeraCrypt - Free Open source disk encryption with strong security for the Paranoid |url=https://veracrypt.fr/en/Digital%20Signatures.html |website=veracrypt.fr |publisher=IDRIX |access-date=12 July 2022}}</ref>
| |||