Wikipedia

OpenBSD security features: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
SasPau (talk | contribs)
1 edit
Running X as root no longer supported
m clean up
Line 38:
On February 15, 2014, X was further modified to allow it to run without root privileges.<ref>{{cite mailing list |url=https://marc.info/?l=openbsd-cvs&;m=139245772023497&w=2 |title=CVS: cvs.openbsd.org: xenocara |date=February 15, 2014 |accessdate=May 26, 2016 |mailing-list=openbsd-cvs |last=Kettenis |first=Mark}}</ref><ref>{{Cite web|url=http://undeadly.org/cgi?action=article&sid=20140223112426|title=Xorg can now run without privilege on OpenBSD|date=February 22, 2014|publisher=[[OpenBSD Journal]]|access-date=May 26, 2016}}</ref>
 
After the discovery of a security vulnerability in X,<ref>{{Cite web|url=https://www.openbsd.org/errata64.html#p001_xserver|title=OpenBSD 6.4 Errata|website=www.openbsd.org|access-date=2019-05-23}}</ref>, OpenBSD doesn't support the running of X as a root user and only supports running X via a display manager as a dedicated <code>_x11</code> user.
 
== Other features ==
Line 45:
OpenBSD has a history of providing its users with [[Full disclosure (computer security)|full disclosure]] in relation to various bugs and security breaches detected by the OpenBSD team.<ref>{{cite web |url=http://bsd.slashdot.org/story/00/12/11/1455210/theo-de-raadt-responds |title=Theo de Raadt Responds |last=Miller |first=Robin |publisher=[[Slashdot]] |date=December 11, 2000 |deadurl=no |archiveurl=https://web.archive.org/web/20110728031830/http://bsd.slashdot.org/story/00/12/11/1455210/Theo-de-Raadt-Responds |archivedate=July 28, 2011 |accessdate=May 16, 2014 }}</ref> This is exemplified by [[OpenBSD#Slogan|the project's slogan]]: "Only two remote holes in the default install, in a heck of a long time!"
 
In OpenBSD 5.3, support for [[full disk encryption]] was introduced.<ref>{{cite web|title=OpenBSD 5.3|url=http://www.openbsd.org/53.html|website=OpenBSD|accessdate=May 26, 2016}}</ref>
 
OpenBSD 5.8 introduced the first work on a new process-containment facility, originally named tame, later renamed to pledge.<ref>{{cite web|title=pledge() - a new mitigation mechanism|url=https://www.openbsd.org/papers/hackfest2015-pledge|website=OpenBSD|accessdate=May 19, 2018}}</ref> Since the original introduction, applications and ports have been changed to support this new technique.
Retrieved from "https://en.wikipedia.org/wiki/OpenBSD_security_features"