Revision as of 00:09, 17 May 2022 edit 85.64.76.29 (talk) →Cryptography and randomization: It's OpenBSD 3.8, not 3.9, that enabled swap encryption by default. ← Previous edit		Revision as of 00:17, 17 May 2022 edit undo 85.64.76.29 (talk) →Other features: OpenBSD 5.8 introduced the 'tame' system call; OpenBSD 5.9 renamed it to 'pledge'. Next edit →
Line 45: In OpenBSD 5.3, support for [[full disk encryption]] was introduced.<ref>{{cite web\|title=OpenBSD 5.3\|url=http://www.openbsd.org/53.html\|website=OpenBSD\|access-date=May 26, 2016}}</ref> OpenBSD 5.89 ~~introduced~~included support for the then–new <code>pledge</code> [[system call]] (introduced in OpenBSD 5.8 as <code>tame</code> and renamed in 5.9 to <code>pledge</code>) for restricting process capabilities to a minimal subset required for correct operation.<ref>{{cite web\|title=pledge() - a new mitigation mechanism\|url=https://www.openbsd.org/papers/hackfest2015-pledge\|website=OpenBSD\|access-date=May 19, 2018}}</ref> If the process is compromised and attempts to perform an unintended behavior, it will be terminated by the kernel. Since its introduction, applications and ports have been changed to support <code>pledge</code>, including the [[Chromium (web browser)\|Chromium]] [[web browser]]. OpenBSD 6.4 introduced the <code>unveil</code> [[system call]] for restricting [[filesystem]] visibility to a minimum level.<ref>{{cite web\|title=unveil — unveil parts of a restricted filesystem view\|url=https://man.openbsd.org/unveil\|website=OpenBSD manual pages\|access-date=2020-05-15}}</ref> == References == {{reflist \| 30em \| refs =

OpenBSD security features: Difference between revisions