Content deleted Content added
Braincricket (talk | contribs) →Other features: rm possible vandalism Tag: Reverted |
No edit summary Tags: Mobile edit Mobile web edit |
||
| (5 intermediate revisions by 3 users not shown) | |||
Line 1:
{{Short description|Security features as used in OpenBSD operating system}}
{{Use mdy dates|date=June 2016}}
{{Missing information|[[LibreSSL]] and the project's tendency to reduce software complexity|talksection=Suggestions for Improvement|date=
{{Update|reason=OpenBSD 7.
The [[OpenBSD]] [[operating system]] focuses on [[computer security|security]] and the development of security features.{{r|Korff-Hope-and-Potter-2005}}{{r|Lucas-2013|p=xxvii}}{{r|Palmer-and-Nazario-2004}} According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."{{r|Lucas-2013|p=xxix}}
== API and build changes ==
Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the <code>[[strcpy]]</code> and <code>[[strcat]]</code> [[String (computer science)|string]] functions in the [[C programming language|C]] programming language. There are two common alternatives, <code>[[strncpy]]</code> and <code>[[strncat]]</code>, but they can also be difficult to understand and easy to misuse,<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/strncpy.3|title=strncpy – copy part of a string to another|website=OpenBSD manual pages|access-date=2021-05-14}}</ref><ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/strncat.3|title=strncat – concatenate a string with part of another|website=OpenBSD manual pages|access-date=2021-05-14}}</ref> so OpenBSD developers [[Todd C. Miller]] and [[Theo de Raadt]] designed the <code>[[strlcpy]]</code> and <code>[[strlcat]]</code> functions.<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/strlcat.3|title=strlcpy, strlcat – size-bounded string copying and concatenation|website=OpenBSD manual pages|access-date=2021-05-14}}</ref> These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed.<ref>{{cite conference |url=http://www.usenix.org/events/usenix99/millert.html |title=strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation |last1=Miller |first1=Todd C. |last2=de Raadt |first2=Theo |author-link2=Theo de Raadt |date=June 6, 1999 |conference=[[USENIX]] Annual Technical Conference |___location=Monterey, California |access-date=May 26, 2016}}</ref> They have been adopted by the NetBSD and FreeBSD projects but not by the [[GNU C Library]].<ref>{{cite mailing list |url=https://www.sourceware.org/ml/libc-alpha/2000-08/msg00053.html |title=Re: PATCH: safe string copy and concatenation |date=August 8, 2000 |access-date=May 26, 2016 |mailing-list=libc-alpha@sources.redhat.com |last=Drepper |first=Ulrich}}</ref>
On OpenBSD, the [[Linker (computing)|linker]] has been changed to issue a warning when [[C standard library#Buffer overflow vulnerabilities|unsafe string manipulation functions]], such as <code>strcpy</code>, <code>strcat</code>, or <code>[[sprintf]]</code>, are found. All occurrences of these functions in the OpenBSD source tree have been replaced.{{citation needed|reason=This is probably in their FAQ, or at least on the mailing lists (probably tech@)|date=May 2016}} In addition, a [[Static code analysis|static bounds checker]] is included in OpenBSD in an attempt to find other common programming mistakes at compile time.<ref>{{cite mailing list |url=https://marc.info/?l=openbsd-cvs&m=105665219927976 |title=CVS: cvs.openbsd.org: src |date=June 26, 2003 |access-date=March 31, 2013 |mailing-list=openbsd-cvs |last=Madhavapeddy |first=Anil }}</ref> Other security-related [[Application programming interface|APIs]] developed by the OpenBSD project include <code>issetugid</code><ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man2/issetugid.2|title=issetugid – is current executable running setuid or setgid|website=OpenBSD manual pages|access-date=2021-05-14}}</ref> and <code>[[RC4#RC4-based random number generators|arc4random]]</code>.<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-current/man3/arc4random.3|title=arc4random, arc4random_buf, arc4random_uniform – random number generator|website=OpenBSD manual pages|access-date=2021-05-14}}</ref>
Line 34:
The [[network stack]] also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker, including [[Transmission Control Protocol|TCP]] initial sequence numbers and timestamps, and ephemeral source ports.<ref>{{Cite web|url=http://www.securityfocus.com/columnists/361|title=OpenBSD's network stack|last=Biancuzzi|first=Federico|date=October 12, 2005|publisher=[[SecurityFocus]]|access-date=December 10, 2005}}</ref> A number of features to increase network resilience and availability, including countermeasures for problems with [[Internet Control Message Protocol|ICMP]] and software for redundancy, such as [[Common Address Redundancy Protocol|CARP]] and [[pfsync]], are also included. The project was the first to disable the plain-text [[telnet]] daemon in favor of the encrypted [[Secure shell|SSH]] daemon, in 1999,<ref>{{cite web |date=10 April 1999 |first1=Theo |last1=de Raadt |author-link1=Theo de Raadt |title=disable telnet/ftp/login by default, for now |url=http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/Attic/inetd.conf?rev=1.32&content-type=text/x-cvsweb-markup|work=OpenBSD}}</ref> and features other integrated cryptographic software such as [[IPsec]]. The telnet daemon was completely removed from OpenBSD in 2005<ref>{{cite web |url=http://marc.info/?l=openbsd-cvs&m=111700017509177&w=2 |quote=Removed files: libexec/telnetd |title=CVS: cvs.openbsd.org: src |first1=Theo |last1=de Raadt |author-link1= Theo de Raadt |website=OpenBSD-CVS mailing list |date=25 May 2005}}</ref> before the release of OpenBSD version 3.8.
===Signify===
The OpenBSD project had invented their own utility for cryptographic signing and verification of files, <code>signify</code>,<ref name="BSDCan 2015 signify paper">{{cite web |last1=Unangst |first1=Ted |title=signify: Securing OpenBSD From Us To You |url=https://www.openbsd.org/papers/bsdcan-signify.html |website=www.openbsd.org |publisher=BSDCan 2015 (June), Ottawa, Canada |access-date=12 July 2022 |ref=bsdcan-signify}}</ref> instead of using existing standards and software such as [[OpenPGP]] and [[GNU Privacy Guard|GnuPG]]. The creator of the <code>signify</code> utility, Ted Unangst, wrote in 2015, speaking of [[OpenPGP]] and [[GNU Privacy Guard|GnuPG]]: ''"The concerns I had using an existing tool were complexity, quality, and complexity."''<ref name="BSDCan 2015 signify paper" /> This is in line with the project's longtime tendency to reduce complexity, and [[Vulnerability (computing)#Causes|in turn, reduce the probability of vulnerabilities]] existing in the software, and help the user understand the software better and make more security-educated decisions. <code>signify</code> is integrated into the base operating system and used for verification of all releases, patches, and packages starting with OpenBSD 5.5.<ref>{{cite web |title=OpenBSD 5.5 |url=https://www.openbsd.org/55.html |website=www.openbsd.org |access-date=12 July 2022}}</ref><ref>{{cite web |title=OpenBSD: Innovations |url=https://www.openbsd.org/innovations.html |website=www.openbsd.org |ref=innovations}}</ref> In contrast, other [[Free Software]] operating systems and security-focused software tend to use [[OpenPGP]] for release verification, and as of 2022 continue to do so, including: [[Debian]], a prominent operating system that's also used as a base for other operating systems, including [[Ubuntu]];<ref>{{cite web |title=Verifying authenticity of Debian images |url=https://www.debian.org/CD/verify |website=www.debian.org |access-date=12 July 2022}}</ref> [[Kali Linux]], a specialized operating system for [[penetration testing]], security research, [[digital forensics]], and [[Reverse engineering#Software|reverse engineering]];<ref>{{cite web |title=Download Kali Linux Images Securely {{!}} Kali Linux Documentation |url=https://www.kali.org/docs/introduction/download-images-securely/ |website=Kali Linux |access-date=12 July 2022 |language=English}}</ref> [[Qubes OS]], a security-focused operating system;<ref>{{cite web |title=Verifying signatures |url=https://www.qubes-os.org/security/verifying-signatures/ |website=Qubes OS |access-date=12 July 2022 |language=en}}</ref> [[Tor Browser]], an anonymous Web browser;<ref>{{cite web |title=How can I verify Tor Browser's signature? {{!}} Tor Project {{!}} Support |url=https://support.torproject.org/tbb/how-to-verify-signature/ |website=support.torproject.org |access-date=12 July 2022}}</ref> [[SecureDrop]], a software package for journalists and whistleblowers to exchange information securely and anonymously over the Internet;<ref>{{cite web |title=Share and accept documents securely |url=https://securedrop.org/ |website=SecureDrop |publisher=Freedom of the Press Foundation |access-date=12 July 2022 |language=en}}</ref> and [[VeraCrypt]], a software program for [[on-the-fly encryption]] and [[full disk encryption]].<ref>{{cite web |title=VeraCrypt - Free Open source disk encryption with strong security for the Paranoid |url=https://veracrypt.fr/en/Digital%20Signatures.html |website=veracrypt.fr |publisher=IDRIX |access-date=12 July 2022}}</ref>
Line 50 ⟶ 51:
OpenBSD has a history of providing its users with [[Full disclosure (computer security)|full disclosure]] in relation to various bugs and security breaches detected by the OpenBSD team.<ref>{{cite web |url=http://bsd.slashdot.org/story/00/12/11/1455210/theo-de-raadt-responds |title=Theo de Raadt Responds |last=Miller |first=Robin |publisher=[[Slashdot]] |date=December 11, 2000 |url-status=live |archive-url=https://web.archive.org/web/20110728031830/http://bsd.slashdot.org/story/00/12/11/1455210/Theo-de-Raadt-Responds |archive-date=July 28, 2011 |access-date=May 16, 2014 }}</ref> This is exemplified by [[OpenBSD#Slogan|the project's slogan]]: "Only two remote holes in the default install, in a heck of a long time!"
OpenBSD is intended to be secure by default, which includes (but is not limited to) having all non-essential services be disabled by default. This is done not only to not require users to learn how and waste time to secure their computers after installing OpenBSD, but also in hope of making users more aware of security considerations, by requiring them to make conscious decisions to enable features that could reduce their security. <ref>{{cite web |title=OpenBSD: Security — "Secure by Default" |url=https://www.openbsd.org/security.html#default |website=www.openbsd.org |access-date=27 September 2023}}</ref>
OpenBSD 5.9 included support for the then–new <code>pledge</code> [[system call]] (introduced in OpenBSD 5.8 as <code>tame</code> and renamed in 5.9 to <code>pledge</code>) for restricting process capabilities to a minimal subset required for correct operation.<ref>{{cite web|title=pledge() - a new mitigation mechanism|url=https://www.openbsd.org/papers/hackfest2015-pledge|website=OpenBSD|access-date=May 19, 2018}}</ref> If the process is compromised and attempts to perform an unintended behavior, it will be terminated by the kernel. OpenBSD 6.4 introduced the <code>unveil</code> [[system call]] for restricting [[filesystem]] visibility to a minimum level.<ref>{{cite web|title=unveil — unveil parts of a restricted filesystem view|url=https://man.openbsd.org/unveil|website=OpenBSD manual pages|access-date=2020-05-15}}</ref> <code>pledge</code> and <code>unveil</code> are used together to confine applications, further limiting what they're otherwise permitted to do under the user account they're running as. Since the introduction of <code>pledge</code>, base OpenBSD programs (included [[Out of the box (feature)|out of the box]] in OpenBSD), applications (handled by their developers), and ports (of applications, handled by the OpenBSD team) have been updated to be confined with <code>pledge</code> and/or <code>unveil</code>. Some examples of third-party applications updated with these features (by their developers or in OpenBSD's app ports) include the [[Chromium (web browser)|Chromium]] and [[Firefox]] [[web browser]]s.
| |||