Content deleted Content added
This article is missing information about LibreSSL and the project's tendency to reduce software complexity, as described in the relevant talk section. |
→Other features: OpenBSD 7.3 eliminated the need for manual intervention to enable full disk encryption during installation. |
||
Line 47:
OpenBSD has a history of providing its users with [[Full disclosure (computer security)|full disclosure]] in relation to various bugs and security breaches detected by the OpenBSD team.<ref>{{cite web |url=http://bsd.slashdot.org/story/00/12/11/1455210/theo-de-raadt-responds |title=Theo de Raadt Responds |last=Miller |first=Robin |publisher=[[Slashdot]] |date=December 11, 2000 |url-status=live |archive-url=https://web.archive.org/web/20110728031830/http://bsd.slashdot.org/story/00/12/11/1455210/Theo-de-Raadt-Responds |archive-date=July 28, 2011 |access-date=May 16, 2014 }}</ref> This is exemplified by [[OpenBSD#Slogan|the project's slogan]]: "Only two remote holes in the default install, in a heck of a long time!"
In OpenBSD 5.3, support for [[full disk encryption]] was introduced
OpenBSD 5.9 included support for the then–new <code>pledge</code> [[system call]] (introduced in OpenBSD 5.8 as <code>tame</code> and renamed in 5.9 to <code>pledge</code>) for restricting process capabilities to a minimal subset required for correct operation.<ref>{{cite web|title=pledge() - a new mitigation mechanism|url=https://www.openbsd.org/papers/hackfest2015-pledge|website=OpenBSD|access-date=May 19, 2018}}</ref> If the process is compromised and attempts to perform an unintended behavior, it will be terminated by the kernel. Since its introduction, applications and ports have been changed to support <code>pledge</code>, including the [[Chromium (web browser)|Chromium]] [[web browser]].
| |||