Open BSD Security Features - API and Build Changes

API and Build Changes

Bugs and security flaws are often caused by programmer error. A common source of error is the misuse of the strcpy and strcat string functions in the C programming language. There are two common alternatives, strncpy and strncat, but they can be difficult to understand and easy to misuse, so OpenBSD developers Todd C. Miller and Theo de Raadt designed the strlcpy and strlcat functions. These functions are logical and easier to use, making it harder for programmers to accidentally leave buffers unterminated or allow them to be overflowed. They have been adopted by the NetBSD and FreeBSD projects but have not been accepted by the GNU C library, the maintainer of which, Ulrich Drepper, vehemently opposes their incorporation on the grounds that programmers using them will cease to worry about the root issues inspiring their use, which may still be exploitable in a different way.

On OpenBSD, the linker has been changed to issue a warning when unsafe functions, such as strcpy, strcat or another string manipulation function that is often a cause of errors, sprintf, are found. All occurrences of these functions in the OpenBSD source tree have been replaced. In addition, a static bounds checker is included in OpenBSD in an attempt to find other common programming mistakes at compile time. Other security-related APIs developed by the OpenBSD project are issetugid and arc4random.