OpenBSD is a free multi-platform Unix-like operating system based on 4.4BSD. It is a descendant of NetBSD that focuses on security and cryptography.
What is OpenBSD Operating System?
This operating system focuses on portability, compliance with rules and regulations, correction, proactive security, and integrated encryption. It contains binary emulation for most programs in OpenBSD, SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS, and HP-UX systems.
Historical
OpenBSD was created by addressing NetBSD due to philosophical and personal differences between Theo de Raadt and other founding members of NetBSD.
Leaving aside that security is the main reason OpenBSD exists, the project has other goals. It is a very portable operating system that is the grandson of NetBSD. It currently works on 17 different hardware platforms.
Current Version
The current version is 6.6, released on October 17, 2019; the main new features in this version are:
- General improvements and bug fixes.
- SMP Enhancements, Opening system call.
- Improved hardware support.
- Improved arm64 hardware support.
- IEEE 802.11 wireless stack enhancements.
- General network stack improvements.
- Installer enhancements.
- Security enhancements.
- Routing backend program and other user network improvements.
- VMM/VMD enhancements.
- OpenSMTPD 6.6.0.
- LibreSSL 3.0.2.
- OpenSSH 8.1.
- MandocPorts and packages.
- Continuous improvements to manual pages and other documents.
You can find more detailed documentation of all new features of OpenBSD 6.6 here.
Licensing
One of the objectives of the project is to protect the spirit of the original Berkeley Unix copyright, which allows a relatively unlimited distribution source.
For this purpose, although the MIT or BSD licenses have been accepted, the Internet Systems Consortium (ISC) license, a simplified version of the BSD license, has been accepted under the Bern Convention without unnecessary formalities.
The GNU license (GPL) was considered to be very restrictive compared to these: the code licensed under GNU and other permits that the project deems unwanted are not accepted for inclusion in the primary system.
Also, the existing code under these licenses is modified or re-released when it can be intensely implemented. Still, in some cases, such as the GCC compiler, there is a problematic replacement, and the creation of code is considered a priority.
Despite this, it has made significant progress: its particular interest is the development of OpenSSH based on the original SSH package and developed by the team.
It first appeared in OpenBSD 2.6.3. It is the most common simple implementation of SSH, which is currently offered as standard or as an option in many operating systems. It is interesting to mention the development of the PF packet filter, which appeared for the first time in 3.04 after license restrictions on IPFilter and is currently available in DragonFlyBSD, NetBSD, and FreeBSD.
Later, the equivalents of GPL diff, grep, gzip, bc, dc, nm, and size applications are included in OpenBSD, but they have BSD licenses. OpenBSD developers are also behind the development of OpenBGPD, OpenOSPFD, OpenNTPD, and OpenCVS, which are alternatives to existing BSD-licensed software.
In June 2001, and due to changes in the preparation of Darren Reed’s IPFilter license, a systematic check of OpenBSD source code licenses is performed. The source code that is unlicensed, explicitly licensed, or used against the license terms source code was found in more than a hundred files.
An attempt was made to communicate with the original copyright owners to ensure that the licenses were properly implemented: some code fragments were removed, others replaced, and others were licensed, including multicast routing tools, info, and map-bone. It was released by Xerox for research purposes only so that OpenBSD can continue to use them. It is also noteworthy that during this check, all Daniel J. Bernstein’s software was removed from the source tree.
Bernstein asked that any modified version of its code, a request that its developers did not want to make efforts, be approved by it before distribution. Even after the release of OpenBSD 3.8, resources do not have Bernstein software.
Security
Until June 2002, the website had the following slogan: No remote security vulnerabilities in the default installation in the past 6 years.
This has been replaced by only one vulnerability in the default installation for more than 8 years after a vulnerability in OpenSSH was found, and then more than 10 years in the default installation after more than 10 years after discovering an error in the IPv6 module.
Some people have criticized this slogan because almost nothing is enabled in the default installation of OpenBSD, and stable releases later include software with vulnerabilities. The team of programmers claims that the slogan refers to the default installation of the operating system and is correct by definition.
One of the main innovations of its project is to introduce the concept of the “Secure by default” operating system. According to the science of computer security, it is standard and also very important to activate as few services as possible on machines in production. Nevertheless, it is a highly safe and stable system, even without considering this application.
As part of string cleanup, safer variants such as strlcpy, strlcat, snprintf, vsnprintf, and asprintf have replaced all strcpy, strcat, sprintf, and vsprintf entities in 6 codes. In addition to ongoing code checks, it includes strong crypto.
Recently, many new technologies have been integrated into the system and further increased their security. Since version 3.3.7 ProPolice is enabled by default in the GCC compiler, it provides additional protection against stack overflow attacks.
In OpenBSD 3.4.8, this protection is also enabled in the kernel. It implements the W ^ X system, which is a highly detailed memory management scheme that makes the memory editable or executable. Still, not both, thus providing another layer of protection against buffer overflows.
Separation of concessions, cancellation of concessions, and utterly random loading of libraries also contribute to increasing the security of the system.
In May 2004, OpenBSD/sparc continued to protect the stack by adding StackGhost. A static size parser was added to the compiler to try to find common programming errors at compile time. Systrace can be used to protect system ports.
It uses a password encryption algorithm derived from Bruce Schneier’s Blowfish.
This system takes advantage of the natural slowness of Blowfish encryption to make password control a very intense job for the CPU and makes parallel processing extremely difficult. Decryption attempts were therefore disappointed.
Because of all these features, it is widely used in the computer security industry as an operating system for firewalls and intrusion detection systems.
Packet filter pf is a powerful firewall developed due to problems with the ipf license. It was the first free operating system to be deployed with a built-in packet filtering system.
Its philosophy can be reduced to 3 words: Free, Functional, and Secure.
This means that the free license is decided to terminate the version of functional programs and that it is safe due to excessive revision and control of the code contained in its versions.