OpenBSD security features: Difference between revisions

 

== API and build changes ==

Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the <code>[[strcpy]]</code> and <code>[[strcat]]</code> [[String (computer science)|string]] functions in the [[C programming language|C]] programming language. There are two common alternatives, <code>[[strncpy]]</code> and <code>[[strncat]]</code>, but they can be difficult to understand and easy to misuse,<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-5.9/man3/strncpy.3|title=strncpy – copy part of a string to another|website=OpenBSD manual pages|access-date=May 26, 2016}}</ref><ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-5.9/man3/strncat.3|title=strncat – concatenate a string with part of another|website=OpenBSD manual pages|access-date=May 26, 2016}}</ref> so OpenBSD developers [[Todd C. Miller]] and [[Theo de Raadt]] designed the <code>[[strlcpy]]</code> and <code>[[strlcat]]</code> functions.<ref>{{Cite web|url=http://man.openbsd.org/OpenBSD-5.9/man3/strlcat.3|title=strlcpy, strlcat – size-bounded string copying and concatenation|website=OpenBSD manual pages|access-date=May 26, 2016}}</ref> These functions are intended to make it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed.<ref>{{cite conference |url=http://www.usenix.org/events/usenix99/millert.html |title=strlcpy and strlcat&nbsp;- Consistent, Safe, String Copy and Concatenation |last1=Miller |first1=Todd C. |last2=de Raadt |first2=Theo |author-link2=Theo de Raadt |date=June 6, 1999 |conference=[[USENIX]] Annual Technical Conference |___location=Monterey, California |accessdate=May 26, 2016}}</ref> They have been adopted by the NetBSD and FreeBSD projects but not by the [[GNU C Library]].<ref>{{cite mailing list |url=https://www.sourceware.org/ml/libc-alpha/2000-08/msg00053.html |title=Re: PATCH: safe string copy and concatenation |date=August 8, 2000 |accessdate=May 26, 2016 |mailing-list=libc-alpha@sources.redhat.com |last=Drepper |first=Ulrich}}</ref>

 

The [[network stack]] also makes heavy use of randomization to increase security and reduce the predictability of various values that may be of use to an attacker, including [[Transmission Control Protocol|TCP]] initial sequence numbers and timestamps, and ephemeral source ports.<ref>{{Cite web|url=http://www.securityfocus.com/columnists/361|title=OpenBSD's network stack|last=Biancuzzi|first=Federico|date=October 12, 2005|publisher=[[SecurityFocus]]|access-date=December 10, 2005}}</ref> A number of features to increase network resilience and availability, including countermeasures for problems with [[Internet Control Message Protocol|ICMP]] and software for redundancy, such as [[Common Address Redundancy Protocol|CARP]] and [[pfsync]], are also included. The project was the first to disable the plain-text [[telnet]] daemon in favor of the encrypted [[Secure shell|SSH]] daemon 17 years ago,<ref>{{cite web |date=10 April 1999 |first1=Theo |last1=de Raadt |author-link1=Theo de Raadt |title=disable telnet/ftp/login by default, for now |url=http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/Attic/inetd.conf?rev=1.32&content-type=text/x-cvsweb-markup|work=OpenBSD}}</ref> and features other integrated cryptographic software such as [[IPsec]]. The telnet daemon was completely removed from OpenBSD in 2005<ref>{{cite web |url=http://marc.info/?l=openbsd-cvs&m=111700017509177&w=2 |quote=Removed files: libexec/telnetd |title=CVS: cvs.openbsd.org: src |first1=Theo |last1=de Raadt |author-link1= Theo de Raadt |website=OpenBSD-CVS mailing list |date=25 May 2005}}</ref> before the release of OpenBSD version 3.8.

 

 

In X11 on OpenBSD, neither the X server nor X clients normally have any escalated direct memory or hardware privileges: When driving X with the Intel(4) or Radeon(4) drivers, these normally interact with the underlying hardware via the Direct Rendering Management(4) kernel interface only, so that lowlevel memory/hardware access is handled solely by the kernel. Other drivers such as WSFB follow a similar pattern. For this reason, X11 on OpenBSD does not open up lowlevel memory or hardware access to user/root programs as is done on some other systems, and as was done in the past, which then needed the user to escalate the machdep.allowaperture setting from its default zero setting, to an unsecure setting.{{citation needed|reason=Needs additional verification, discussed on chat forums|date=October 2017}}

 

== External links ==

* [http://tech.yandex.com/events/ruBSD/2013/talks/103/ Exploit Mitigation Techniques: an Update After 10 Years]

* [[Theo de Raadt]]'s email about secure programming: [http://marc.info/?l=openbsd-tech&m=138733933417096&w=2 On the matter of strlcpy/strlcat acceptance by industry]