Home > OpenBSD > Theo on Security Improvements in OpenBSD

Theo on Security Improvements in OpenBSD

OpenBSD 12 Comments

From the OpenBSD Journal: In his post, Theo deRaadt gives a brief technical overview of the four major security changes in OpenBSD: POSIX page protection schemes, WorX, read only segments, and Propolice. Not all of these are on all platforms, but every platform has some protection. To quote Theo in his message, “We feel that these 4 technologies together will be a a royal pain in the a$$ for the typical buffer overflow attacker.

About The Author

Eugenia Loli

Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.

Follow me on Twitter @EugeniaLoli

12 Comments

  1. 2003-01-31 7:29 pm
    Anonymous

    Eugenia, Nice work keeping up with the latest in Open [admin edit:] BSD.

  3. 2003-01-31 8:20 pm
    Anonymous

    Thanks admin ;)

  4. 2003-01-31 8:57 pm
    Anonymous

    Glad to see OpenBSD continually improving, which seems necessary in this world full of Linux zealots, such as the AC who did the following drive by:

    use grsecurity with linux

  • 2003-01-31 9:11 pm
    Anonymous

    I like Linux as much as the next guy, but I don’t understand the irrelevant fly by droppings on articles either.

    As for OpenBSD’s becoming even more secure, this can only be a good thing. I don’t always agree with some of the politics behind OpenBSD, but they sure put out a great OS.

    I’d like to make one other midly relevant comment if I may. I have been reading a book called Absolute BSD. I think it is an excellent introduction to FreeBSD and I recommend it to anyone who is interested in BSD. The book doesn’t cover setting up X, but I don’t care, it is a great book regardless.

    Absolute BSD’s author, Michael W. Lucas, is also writing a new book called “Absolute OpenBSD: UNIX for the Practical Paranoid”. There are currently no good OpenBSD books out there for new OpenBSD users. My hope is that many who have been scared away by the OpenBSD installer, the command line, and the seeming lack of documentation once you have it installed (I realize this is not true, but it is the perception of nearly every person I have recommended OpenBSD to), will find this book a valueable introduction to OpenBSD. It is nice to see these advancements, both on the literary front and the software front, in OpenBSD.

  • 2003-01-31 9:21 pm
    Anonymous

    Hi folks,

    Any gurus around who could explain the difference between the Theo’s new implementation and the SPARC version of Solaris’ no_exec_user_stack? Is there any difference (other than that OpenBSD will no doubt enable this by default, which Sun should have done years ago)?

    Yours truly,

    Jeffrey Boulier

  • 2003-02-01 10:55 am
    Anonymous

    > My hope is that many who have been scared away by the OpenBSD installer

    This is, of course, very debatable. For me and many others, it is a much simpler installer than some flashy GUI.

    > and the seeming lack of documentation

    Well, but here, I have to disagree. The documentation for OpenBSD is OUTSTANDING compared to any other OS I worked with. The man pages are great, and man -k delivers great results.

    Still, I will buy this book either way !

  • 2003-02-01 1:17 pm
    Anonymous

    > Glad to see OpenBSD continually improving, which seems

    > necessary in this world full of Linux zealots, such as the

    > AC who did the following drive by:

    > > use grsecurity with linux

    > > http://www.grsecurity.net/

    > I don’t get what motivates comments like this. Are Linux

    > zealots uncomfortable letting any mention of another

    > operating system go by without ensuring that Linux gets

    > equal representation?

    It’s quite simple, it’s just pure prevention of some always-coming-up “bsd ist better” no “linux is better” no “osx is better” blabla. Before anyone event tried to start some not-so-new discussion I just wanted to drop that line so that no linux-enthusiast would feel that Linux doesn’t also have the same sort of security-enhancing mostly kernel but also userland improvement.

  • 2003-02-01 3:50 pm
    Anonymous

    http://www.openbsd.org/faq/ <- THE bible.

    all you need to know. don’t say openbsd lack docs. it DOESN’T.

    where’s the docs for linsux? oh, wait. did i spelled it linsux? oh yeah. linsux it was.

    why do ppl need books when the largest information source in the world exists right infront of us. (the internet that is)

  • 2003-02-01 5:38 pm
    Anonymous

    “why do ppl need books when the largest information source in the world exists right infront of us. (the

    internet that is)”

    For two reasons:

    1. reading from a screen is tiring compared to reading from a book

    (provided the book opens flat)

    2. if the screen is occupied with a manual, you can’t see the program

  • 2003-02-01 8:11 pm
    Anonymous

    all you need to know. don’t say openbsd lack docs. it DOESN’T.

    Well, but here, I have to disagree. The documentation for OpenBSD is OUTSTANDING…

    Did either of you actually read my post? Here’s the important part again (I’ve bolded the parts that you both apparently missed): “seeming lack of documentation once you have it installed (I realize this is not true, but it is the perception of nearly every person I have recommended OpenBSD to)”

    I have suggested to several people that they try OpenBSD since I really like it. Every last one of them were glad to have the installation help available in the CDROM’s fold out sleeve (since BSDs partitioning is different than they are used to), but once the system was installed, they didn’t know where to go from there.

    OpenBSD has some great documentation in the doc folder, and the man pages are top-notch; however, new users are either used to Windows, or Linux distros like RedHat that set up X for them and come with a manual and/or help screens that tell them what to do next. OpenBSD doesn’t offer them this level of hand holding. Therefore, I said I am happy to see a good beginner book, such as Absolute OpenBSD, being released so hopefully more people will try OpenBSD.

    If you want to contradict the point I was making, that is one thing, but please don’t contradict something I never said.

  • 2003-02-01 8:17 pm
    Anonymous

    why do ppl need books when the largest information source in the world exists right infront of us. (the internet that is)

    I can’t answer for other people, but I can say that I personally prefer books to reading things off the internet for two reasons.

    First, my eyes are very sensitive and I end up getting headaches if I look at a screen for too long (LCDs aren’t as bad as CRTs).

    Second, I read everywhere I go. I always have a book with me and I pop it open whenever I am not occupied with another activity. When I’m at my computer, I do use the internet for documentation too, but I just like reading books better. I can take them wherever I go, and I don’t have to worry about batteries dying on me.