OpenBSD
Project Goals
Each person working on OpenBSD has their own aims and priorities, but the goals
of project as a whole are to:
- Provide the best development platform possible - with full source access
for developers and users.
- Work towards a machine independent source tree.
- Pay attention to security problems and fix them.
- Work towards greater integration of cryptographic software where possible.
This means IPsec, IPv6, key engines, and other forms of strong crypto. OpenBSD
is from Canada and may export crypto as researched by a Canadian individual
and as layed out in the Export Control list of Canada.
- Track and implement standards (POSIX, parts of X/Open, etc.)
- Support as many different systems and hardware as feasible.
- Be as politics free as possible - solutions should be decided on the basis
of technical merit.
- Provide a good cross compile/development platform.
- Integrate good code from any source with acceptable copyright (Berkeley
style preferred, GPL acceptable, NDA not).
- Import external packages with minimal modifications - making upgrading much
easier. Also to submit back to the developers any changes made.
Changes Relative to other *BSD's.
The OpenBSD project was spawned from NetBSD (ie. a member of the 4.4BSD family)
and is developed seperately. As well as developments by our development group, good
changes from the other free operating systems are evaluated and merged into OpenBSD
(of course, depending on various factors like developer time for example.) OpenBSD
tracks bug reports and source tree changes from the NetBSD and FreeBSD projects
fairly closely. Even pieces of code from the Linux projects have been used.
In the early days of OpenBSD, it was possible to be able to say "OpenBSD is NetBSD
PLUS MORE STUFF" Now, after substantial work OpenBSD is very much is it's own thing.
Too much stuff has been added and fixed. OpenBSD is OpenBSD.
This is a partial list of the major machine independent changes (ie. these are
the changes people ask about most often). Port specific changes have also been made,
and are sometimes mentioned in the pages for the specific ports if you are interested
in for further port-specific details. Many ports have had architecture-specific
enhancements relative to NetBSD, but when they do not they certainly have plenty
of platform-independent changes, starting with those listed below..
Life for the OpenBSD project begins...
- Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
- New curses library, including libform, libpanel and libmenu.
- a termlib library which understands termcap.db, needed for new curses.
- The FreeBSD ports subsystem was integrated and is usable by you!
- ipfilter for filtering dangerous packets and Network Address Translation
for IP masquerading.
- better ELF support
- nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
to use kvm utilies
- Verbatim integration of the GNU tools (using a wrapper Makefile)
- All the pieces needed for cross compilation are in the source tree.
- Some LKM support in the tree.
- ATAPI support (should work on all ISA busses)
- new scsi, md5, pkg_* commands
- Numerous security related fixes
- Kerberos and other crypto in the source tree that is exportable
- Solid YP master, server, and client capabilities.
- /dev/*random -- a device driver providing some kinds of random data
- In-kernel update(8) with an adaptive algorithm
- Some ddb improvements and extensions
- Numerous scsi fixes
- ncheck utility for ffs
- /sbin/init now deals with non-existant ttys, no longer spins gettys madly.
- new system calls: rfork(), minherit(), poll().
- select() that can handle any amount of file descriptors.
- kernfs extensions
- ATM support (support for one company's sparc & i386 cards available)
- Boot kernels with "-c" to edit/enable/disable device configuration tables
- pax as tar, gnutar is toast
- using AT&T awk, gawk is toast
- Even more security fixes.
- Accepts FreeBSD MD5 passwords in password maps, soon will be able to generate
them too
- Linux ext2fs and BSD4.4 LFS support being worked on.
- Working ATAPI audio support for multiple architectures.
- terminfo database support.
- Fortran in the tree.
- The most secure rdist support anywhere.
- randomized port allocation in bind(), bindresvport(), and rresvport() --
security via unpredictability.
- Protection from the udp spamming and ftp bounce attacks.
- Significantly improved ftp daemon.
- Numerous more security policy and implimentation improvements (OpenBSD defaults
to installing in a very secure mode)
- zlib (non-GPL'd gzip-compatible library)
- Newest version of pppd.
- _POSIX_SAVED_IDS behaviour with permitted BSD extensions.
- Fixed long-standing vm swap-leak.
- FreeBSD malloc() that uses mmap() and is able to free unused memory.
- Numerous FreeBSD userland fixes and improvements incorporated.
- new rdisc Router Discovery daemon
- generic protection against the bind() takeover problem.
- at -f security fix.
- 20 or so more security fixes
- install now supports -C, -p, and -S flags.
- a real adduser program, which can even be used uninteractively.
- POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed by
chown(). This can be turned off with sysctl.
- partial protection against tcp SYN attacks.
- added /etc/fbtab support to login & init.
- RCS version 5.7
- much newer join command (4.4lite2 with other fixes)
- scsi subsystem security fix
- Kerberos is much more silent if not configured
- arc4-based random support in kernel
- ncr53cXXX scsi scripts assembler
- Numerous ftpd improvements and fixes, including multihomed and skey support.
- `lsof'-style features in fstat.
- rudimentary support for ISA Plug-and-Play cards
- Fixed timeout support in RPC library, and also fixed it to support more
than FD_SETSIZE file descriptors.
- improved locate command
- a good start at NETIPX support
- vim version 4.5
- gcc 2.7.2.1 (to get closer to native alpha support ar gcc bugs).
- latest version of perl, and a lndir command.
- Even more security fixes.
- cdio command for using CD audio.
- Kernel warns if /dev/console does not exist; nice warning for booting with
an unpopulated /dev directory.
- libgnumalloc is gone; our malloc() is better.
- FreeBSD pipe() system call; quite a bit faster.
- Some serial driver support for /dev/cuaXX devices to support transparent
out+dial
- DDB can now access symbol tables from LKM modules
- Say goodbye to dump, restore, and mt security holes: They are no longer
setuid.
- *Hobbit*'s netcat utility. The crackers use it, so should you.
- New routed from SGI.
- Complete in-tree development for MIPS/Alpha systems (ie. binutils).
- ftp command modified for easily scripted ftp & http downloads.
- And of course... more security related bugfixes... (ie. dump, restore, mt).
- vim is replacing nvi, since nvi does not have a pure BSD license, and vim
also works better.
- 16 partitions working on sparc and i386 (yipee!)
- Nice sample files in /etc
- sendmail gecos hole fixed (in a number of ways; other programs in the source
tree were also vulnerable.)
- secure multicast tools against possible security problems.
- latest GNU groff, incorporated in a clean wrapperized form.
- mopd for networking booting Digital machines
- less version 2.90
- deal with the SYN bomb problem (denial of service attack) as well known.
- Another kerberos security fix.
- Almost a hundred more security fixes, including /tmp races because of strncpy.
- Compile time option to compile the source tree almost completely dynamic.
- A 7% reduction in size of static binaries.
- FreeBSD's adduser(8) command. Also an rmuser(8) command.
- We have completed security reviews of almost all userland programs and libraries
except for the gnu stuff (where, based on preliminary inspection there is poor
handling of temp files).
- Working Linux ext2fs.
- Added sudo (which is maintained by one of our developers)
- CTM is now a supported way of obtaining OpenBSD source code.
OpenBSD 2.0 released.
- The NIST Posix test suite became free. As a result we have been correcting
numerous problems in the source tree, and expect to be completely POSIX compliant
very soon.
- upgrade to CVS version 1.9.
- A number of security fixes to the way coredumping works.
- The /dev/*random devices are now default on all architectures.
- Add stack tracebacks to Arc port's kernel debugger.
- Skey revamped into full OTP (RFC1938) support, including sha1 and md5 support.
- GPL i387 emulator added.
- Crank kvm space on the i386 port, also limit buffer cache useage so that
512MB machines may work (untested :-)
- Numerous fixes to the lpr suite, including security.
- More ftpd raging paranoia security fixes.
- The NIST suite showed numerous errors in libraries and the kernel. Only
a few small errors remain now, mostly regarding serial ports.
- In numerous utilities: prefer $LOGNAME, but also accept $USER.
- OLF binary type added. This is like ELF, but includes an OS-dependent tag.
elf2olf(1) converts an elf binary to a tagged OLF binary which the kernel can
recognize correctly.
- Beware $HOME overflows throughout the source tree.
- Integration of the pmax port.
- Import of ctm.
- Various repairs to the scsi scanner support.
- Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
buffer overflows found in system utilities..
- Memory leak paranoia in cron.
- Make login get more consistantly upset about failed logins, and tell user
about these failures at the next successfull login.
- pdksh version is now 5.2.11
- New bsd.*.mk feature: DEBUG=-g. Try it, you'll like it.
- The Arc port family has a new member: The rPC44 works!
- lpt driver is now bus-independent.
- com driver is now bus-independent.
- Numerous small security fixes again...
- Use pdksh as our /bin/sh. This provides excellent POSIX compliance.
- Prevent generic users from mounting filesystems by default.
- Added -C option to pax/tar. Also made -z support compressed files too.
- Increased compatibility in the pccons driver with BSDi features.
- Imported FreeBSD's calendar.
- GNU gdb works on the mips-based platforms.
- Add FreeBSD md5 diffs to mtree(8). This can be used to implement a tripwire-like
system.
- Some YP and bootparamd security changes.
- Hundreds of little fixes all over the place.
- Multiple updates for GNU software
- Add disklabels to the floppy device drivers.
- At boottime, have (*mountroot)() look at the root device's disklabel to
determine which filesystem type is to be mounted.
- If disklabel reading code discovers an ISOFS filesystem underlying, spoof
a nice disklabel (enough to fool mountroot).
- tcpdump 3.3
- Fix information gathering attack in ping(8).
- Add NetBSD's "route show" implementation, and at the samet time fix the
new buffer overflows that this provided.
- Fix a few setgroups() related security holes.
- sendmail 8.8.4
- texinfo 3.9
- f77 0.5.19
- Repair some more KerberosIV buffer overflows. Hard to believe this is supposed
to be security software.
- Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for backwards
compatibility.
- Permit NFS attribute cache to be configured on a per-mount basis.
- Properly split fsck, mount, and newfs into multiple pieces. Use disklabel
information if it is available.
- Add disklabels to the vnd device driver.
- Change the games to be run setgid games, not setuid games. This closes a
whole slew of fascinating security holes.
- Import of the powerpc port.
- Properly use _POSIX_SAVED_IDS throughout the source tree.
- Permit building of kernels without a.out support.
- ppp 2.3b3
- libcrypt goes away. We do not need this stub library anymore. Do not link
against it on OpenBSD, all the pieces you need are in libc.
- new aucat command.
- Fix a fairly nasty security hole in all of the games.
- Support for the hp300 added.
- Upgrade of awk(1), integration of BSD tsort(1), getopt fixes.
- Sendmail upgraded to version 8.8.5.
- Added lchown(2) for compatibility with SVR4 implementations.
- New gnu cpio 2.4.2
- Support lchown(2) in dump(8), cp(1), pax(1), cpio(1), chown(8), and restore(8).
- No buffer lengths in fmt(1).
- various adjtime() corrections inside the kernel.
- Prevent stat() from disclosing inode generation numbers to non-root userland.
- pax in tar mode will understand multiple -v options to generate ls-like
output.
- Repair many uses of the SIOCGIFCONF code for machines with an outrageous
number of network interfaces.
- More kerberosIV security patches.
- A working fsirand.
- Completely in-tree PowerPC port for non-Apple hardware. This port requires
nothing outside the in-tree development environment to build (except mkisofs
for building distributions).
- Some ypbind(8) tightening up, includes a method to specify a list of valid
servers
- Bug fixed that prevented bufpages/nbuf > 1 setups. This allows large buffer
caches even when available kvm space is low, like for i386 & sparc.
- Changed netinet IP_HDRINCL option to require ip_len and ip_off in network
byte order. This is a compatibility/portability fix and we expect other BSD
systems to eventually follow suit.
- amd (the automounter) is now 64-bit and working on the alpha.
- The Alpha port and all it's utilities now compiles using in-tree versions
of all tools. Yipee!
- A SA_SIGINFO implementation for sigaction() and signal handlers. This is
a small part of POSIX 1003.1b and permits the signal handler to figure out the
exact cause of a signal; such as fault address information for SIGSEGV or more
detailed information for SIGFPE.
- config.old(8) has been removed from the tree, as the hp300 port switches
to config(8).
- /sbin/dump -a saves you from needing to deal with finicky tape length options
(from FreeBSD)
- Added RFC-1812 ICMP unreachable codes to ip_icmp.h, traceroute, and ping.
- Be more careful if some fool decides to enable source routing ;-)
- Support for gzip'd kernels in some bootblocks.
- New wgrisc port for Willowglen embedded r3081-based machine with ISA slots.
- Add cdev and partition support to the ramdisk driver.
- Merge new ftp(1) changes from NetBSD.
- Change mktemp(3) and family to generate more random filenames, yet still
as collision free as possible.
- Have libc/rpc save you from yourself if you do enable source routing.
- The hp300 joins many other ports in supporting 16 disk partitions.
- IPF 1.3.7 which includes fully working NAT support (ie. IP masquerading).
- Use lots more XXXX characters in calls to the few remaining mktemp() calls
in the source tree. This cuts out a whole class of races.
- Improved NFS filehandle creation.
- Make dd(1) work fine with our 64-bit off_t types, now you can copy very
large disks using it.
- add RPC service name generation to netstat -a
- Fix pax & tar to be POSIX compliant.
- Fix a few netinet kernel crash problems.
- Fix so that stack limits which are not a multiple of the pagesize work.
- fix some more memory and file descriptor leaks in libc/rpc
- New scalable BLOWFISH-based crypt algorithm for passwd file entries. It
uses a very large strong-random `salt' and the number of rotor runs is configurable.
Hence if you have faster machines you can slow the crypt routine down and make
harder keys.
- Add support for /etc/passwd.conf which controls the format and strength
of passwd entries for the next time a user changes their password. These options
can be set per-user.
- Working kadmind for kerberosIV.
- IPSEC package from John Ioannidis and Angelos D. Keromytis.
- cvs 1.9.2
- Fix weak symbol support in ld.
- libg++ pulls in libcurses automatically.
- Replace which(1) with a C program.
- newfs(8) now has an inline fsirand(8) with no noticable speed decrease.
- settimeofday(2) won't roll back the date if securelevel > 0 (from lite2).
- deroff(1) 1.0 from Debian (a Linux).
- BIND 4.9.5-P1.
- Add support for FreeBSD md5 to /etc/passwd.conf.
- Import of the mvme88k kernel port.
- Import of libwrap and tcpd (tcp wrappers).
- Numerous improvements to pax, including full support for cpio and a lot
of fixes to tar mode.
- Let fsck and fsirand automatically work on very large filesystems.
- Various fixes to the fsck tools.
- ipsecadm as an initial cut at controlling IPSEC sessions.
- Fix pcmcia on the i386.
- Merged changes from at 2.9 into our own at.
- pccon(1) to control the pccons driver.
- Bye bye tahoe bits.
- noaccesstime option for filesystems (saves batteries on laptops)
- Substantial changes and fixes to the scsi scanner support.
- Support for "secure" YP password maps.
- Various atm fixes.
- The NE2000 if_ed driver now works on the alpha, too.
- ddb improvements for 64 bit machines.
- Fixes to fts(3).
- A few ypbind fixes.
- sysctl kern.osrevision gives OpenBSD date.
- gcc no longer defines -D__NetBSD__, only -D__OpenBSD__ now!
- Implement NOFILE_MAX--hard limit on max descriptors per proccess.
- Be more careful about modes of lost+found directories.
- New termcap and terminfo database files.
- Change mail.local -H behaviour slightly, and convince mail(1) to use it
for correct locking!
- 64 bit clean in.rarpd.
- cvs 1.9.6
- 16 partition support for the alpha port.
- Add ./.message support to ftpd
- Numerous more pax/tar fixes.
- Add md5 & blowfish passwd support to adduser(8).
- Add support for YP v1 to ypserv.
- Fixed some more mktemp races (sigh, will this ever end!)
- More buffer overflows, but none in sensitive programs.
- getnetent() and friends now work a lot more like gethostent().
- Use 10 X characters in many remaining mktemp() calls which are hard to excise.
- Solve a few resolver problems after the recent 4.9.5-P1 integration, not
all our fault.
- Fix patch to honour Index lines better.
- A whole bunch of 64 bit fixes in the source tree (hint: alpha).
- Once again, really correct the various source routing pieces of the userland
source tree.
- Make real i386 cpu's work again. In case noone noticed, they didn't work
for about 5 months. The bug was very hard to find...
- For config(8), if any kernel options get added/deleted/changed since the
previous commit, warn that the compile tree needs 'make clean'.
- Use in_addr_t and in_port_t all over the place.
- Correct DEV_BSIZE and lp->d_secsize confusion throughout the source tree.
CD9660 is much happier now.
- Fix AFS string-to-key handling in kerberos.
- NAT now gets started from /etc/netstart.
- Various man page fixes.
- For the first time ever, an obj@ populated /usr/src tree compiles cleanly
when mounted read-only.
Development is rapidly continuing...
This list only mentions platform-independent changes. For a list of changes made
in a particular platform, please check the page for that platform.
Copyright 1996