What is OpenBSD?

OpenBSD is a free multi-platform Unix-like operating system based on 4.4BSD. It is a descendant of NetBSD that focuses on security and cryptography.

What is the OpenBSD Operating System?

This operating system focuses on portability, compliance with rules and regulations, correction, proactive security, and integrated encryption. It contains binary emulation for most programs in OpenBSD, SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS, and HP-UX systems.

Historical

OpenBSD was created by addressing NetBSD due to philosophical and personal differences between Theo de Raadt and other founding members of NetBSD.

Leaving aside that security is the main reason OpenBSD exists, the project has other goals. It is a very portable operating system that is the grandson of NetBSD. It currently works on 17 different hardware platforms.

Current Version

The current version is 6.6, released on October 17, 2019; the main new features in this version are:

• General improvements and bug fixes.
• SMP Enhancements, Opening system call.
• Improved hardware support.
• Improved arm64 hardware support.
• IEEE 802.11 wireless stack enhancements.
• General network stack improvements.
• Installer enhancements.
• Security enhancements.
• Routing backend program and other user network improvements.
• VMM/VMD enhancements.
• OpenSMTPD 6.6.0.
• LibreSSL 3.0.2.
• OpenSSH 8.1.
• MandocPorts and packages.
• Continuous improvements to manual pages and other documents.

You can find more detailed documentation of all new features of OpenBSD 6.6 here.

OpenBSD License

One goal of the project is to protect the original Berkeley Unix copyright. This copyright allows for broad distribution of the software.

To achieve this, the project accepts the ISC license, a simpler version of the BSD license. This license is accepted under the Bern Convention without extra formalities.

The GNU license (GPL) is seen as too restrictive. Therefore, the project does not accept code licensed under GPL or other unwanted licenses.

Yet, they modify or re-release existing code when possible. However, replacing the GCC compiler poses challenges, so creating new code is prioritized.

Despite these challenges, significant progress has been made. A key development is OpenSSH, based on the original SSH package. It first appeared in OpenBSD 2.6.3. Today, OpenSSH is a widely used implementation of SSH.

Additionally, the PF packet filter debuted in version 3.04. This followed licensing issues with IPFilter.

Now, PF is available in DragonFlyBSD, NetBSD, and FreeBSD. Later, equivalents of GPL tools like diff, grep, and gzip were added to OpenBSD, all under BSD licenses.

OpenBSD developers also created OpenBGPD, OpenOSPFD, OpenNTPD, and OpenCVS. These are alternatives to existing BSD-licensed software.

In June 2001, changes in Darren Reed’s IPFilter license prompted a thorough check of OpenBSD source code licenses. Over a hundred files had unlicensed or improperly licensed code.

The team reached out to original copyright owners to clarify licenses. Some code was removed, some replaced, and others were properly licensed.

This included multicast routing tools released by Xerox for research. Notably, during this review, all of Daniel J. Bernstein’s software was removed.

Bernstein requested that any modified version of his code be pre-approved. OpenBSD developers did not want to comply with this request. Even after the release of OpenBSD 3.8, Bernstein’s software remained excluded.

Security

Until June 2002, the website stated it had no remote security vulnerabilities. This applied to the default installation for six years.

Later, it changed to one vulnerability in over eight years. This was after an OpenSSH vulnerability was found. Then, it noted more than ten years of safety after an IPv6 error was discovered.

However, some critics point out that not much is enabled by default in OpenBSD. They argue that stable releases often include software with flaws. Despite this, the programming team insists that the slogan is accurate for the default installation.

One major innovation is the “Secure by Default” operating system concept. Computer security standards recommend activating as few services as possible. This practice makes the system highly secure and stable.

For safety, OpenBSD replaced insecure functions with safer versions. It now uses strlcpy, strlcat, snprintf, vsnprintf, and asprintf in six codes. Ongoing code checks ensure strong cryptographic methods are in place.

Moreover, recent versions have integrated new security technologies. Since version 3.3.7, ProPolice is enabled by default in the GCC compiler. This feature protects against stack overflow attacks.

In OpenBSD 3.4.8, kernel protection was enhanced. It implements the W^X system. This system clearly separates editable and executable memory, adding another protection layer against buffer overflows.

Additionally, techniques like the separation of concessions and random library loading boost system security. In May 2004, OpenBSD/sparc added StackGhost to protect the stack.

It also introduced a static size parser to catch programming errors during compilation. Users can utilize Systrace to safeguard system ports.

OpenBSD employs a password encryption algorithm based on Bruce Schneier’s Blowfish. This method uses the natural slowness of Blowfish encryption.

It makes password control CPU-intensive and hinders parallel processing. Consequently, decryption attempts are often unsuccessful.

Because of these features, OpenBSD is popular in the computer security industry. It is commonly used for firewalls and intrusion detection systems.

The packet filter, pf, is a powerful firewall developed due to IPF license issues. OpenBSD was the first free operating system to include built-in packet filtering.

Its philosophy emphasizes three key principles: Free, Functional, and Secure. This means the free license ensures functional programs are safe due to thorough review and code control.