In my recent article reviewing OpenBSD 3.4, I ran into a few issues. First off, a few days after my OpenBSD 3.4 article went up, OpenBSD (without bothering to consult me) went and released OpenBSD 3.5. I hope no one noticed.
USB 2.0 support on OpenBSD is here, you can try out the latest snapshots for the new code.
OpenBSD celebrated release 3.5 on 1 May 2004. In honor of this release, Federico Biancuzzi interviewed the developers of OpenBSD's PF, a powerful and flexible packet filtering interface. This is the second half of an interview. Elsewhere, the DaemonNews Ezine was released with new articles.
We are pleased to announce the official release of OpenBSD 3.5. This is our 15th release on CD-ROM (and 16th via FTP). We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system. Read the official release announcement and changelog.
OpenBSD is a name synonymous with security, having earned the respect and adoration of security-concious sysadmins everywhere. OpenBSD is used in data centers all over the world, is the basis for several security products (from OpenBSD's site), and is even the basis for Microsoft's Services For Unix.
Ryan McBride works full time on OpenBSD development. His first contribution was adding IPv6 support to PF, OpenBSD's stateful packet filter.
OpenBSD developer Ryan McBride explains the new firewall redundancy features in the upcoming OpenBSD 3.5 release in his article Firewall Failover with pfsync and CARP.
"At this point, I would recommend against anyone buying a piece of hardware from the Pegasos people because their firmware is SO BUSTED that it makes Apple roms look like hot sh**"." These are the words of the infamous Theo de Raadt, the OpenBSD founder. Theo cited problems with the BIOS of the Pegasos and other difficulties during the development of the OpenBSD port to the Pegasos platform.
As with FreeBSD's ports and NetBSD's packages, OpenBSD's ports system is a compelling reason to use the system. Its designers and maintainers are, too often, unsung heroes. That's one reason Federico Biancuzzi sat down to interview OpenBSD's Marc Espie. Along the way, they discussed security, licensing, and future plans for the system.
AMD PowerNow support as found on AMD K6 cpus, the k6-2/3+ models now works on OpenBSD while SMP is going ahead too.
The OpenBSD Journal reports that Michael Lucas has written a new piece about OpenBSD on the OnLamp BSD site. This article, Homemade Embedded BSD Systems, covers installing OpenBSD on the Soekris system, but this could apply to any system which uses a CF device to boot. As usual, some great tips to get you started.
OpenBSD team members, lead by Dale Rahn, have been actively porting OpenBSD to the StrongARM processor. You can see the result of their work on the "cats" platform page. This port is based on the NetBSD port to the platform.
Tom Cosgrove has committed the OpenBSD pieces that make booting from partitions with offsets greater than 8GB.
This article is a quick example of how to add a system call to OpenBSD. The following description is based on OpenBSD 3.4-beta on i386 machine architecture. Also, it is assumed that readers are familiar with building the OpenBSD kernel.
The OpenBSD folks are pleased to announce the official release of OpenBSD 3.4. This is their 14th release on CD-ROM (and 15th via FTP). They remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As with previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system:
An excellent feature has just been committed to OpenBSD-current : pfsync and now CARP. OpenBSD now adds high availability to security. In the meantime, the OpenBSD 3.4 CDs have begin to ship.
MirBSD is a derivative of OpenBSD. It is i386-only, and has some packages removed (Kerberos etc.). Additional features include IPv6 support in Apache, ports for djb-ware, a new bootloader and more.
gijsbert points us to this comprehensive guide to setting up and configuring PF, the BSD packet filter. PF is one of the more robust enterprise firewall applications available today.
The OpenBSD project has made available information as to what is new in the upcoming 3.4 release in November, while pre-ordering is available too. On other BSD news, Simon Schubert has offered to provide daily snapshots of DragonFly, the recent FreeBSD 4.x fork.
OpenBSD's Todd Miller reports that an improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic. No privilege escalation is possible, the attack simply runs the kernel out of memory. The bug was introduced in OpenBSD 3.3, previous versions of OpenBSD are unaffected. Earlier, Mike Frantzen has committed "Passive operating system fingerprinting" to PF which exposes the source host's OS to the filter language.