OpenBSD - Security and Code Auditing

Security and Code Auditing

For more details on this topic, see OpenBSD security features.

Shortly after OpenBSD's creation, Theo de Raadt was contacted by a local security software company named Secure Networks, Inc. or SNI. They were developing a "network security auditing tool" called Ballista (later renamed to Cybercop Scanner after SNI was purchased by Network Associates), which was intended to find and attempt to exploit possible software security flaws. This coincided well with de Raadt's own interest in security, so for a time the two cooperated, a relationship that was of particular usefulness leading up to the release of OpenBSD 2.3 and helped to define security as the focal point of the project.

OpenBSD includes features designed to improve security. These include API additions, such as the strlcat and strlcpy functions; toolchain alterations, including a static bounds checker; memory protection techniques to guard against invalid accesses, such as ProPolice and the W^X (W xor X) page protection feature; and cryptography and randomization features.

To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, some programs have been written or adapted to make use of privilege separation, privilege revocation and chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege. Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these features to OpenBSD versions of common applications, including tcpdump and the Apache web server.

OpenBSD developers were instrumental in the birth of—and the project continues to develop—OpenSSH, a secure replacement for Telnet. OpenSSH is based on the original SSH suite and developed further by the OpenBSD team. It first appeared in OpenBSD 2.6 and is now the most popular SSH implementation, available on many operating systems.

The project has a policy of continually auditing code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted". He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the compiler to warn against this specific problem".