OpenBSD

OpenBSD. It is a free, open-source operating system descended from BSD Unix, renowned for its proactive emphasis on security, code correctness, and integrated cryptography. The project was founded in 1995 by Theo de Raadt after disagreements within the NetBSD project, with its first official release following in October 1996. Its development is guided by a strong focus on portability, clean documentation, and a philosophy of providing a complete, secure-by-default system out of the box.

History

The genesis of the project stemmed from a conflict between Theo de Raadt and other core developers of the NetBSD project, leading to de Raadt's removal from the team in late 1994. In October 1995, he founded the project, initially basing it on NetBSD 1.0 source code. The first official release, version 2.0, emerged from Calgary, Alberta, and established the project's six-month release cycle. Key early milestones included the integration of strong cryptography from the start, despite legal challenges like U.S. export restrictions, and the creation of the OpenBSD Foundation to support development. The project's mascot, Puffy the Pufferfish, was introduced and has become an iconic symbol.

Features

The system is known for its extensive security features, including the W^X memory protection scheme, ASLR, and a fortified malloc implementation. It includes a fully integrated IPsec stack, the OpenSSH suite (which was originally developed as part of the project), and the LibreSSL cryptographic library, a fork of OpenSSL. The operating system maintains a cohesive and audited base system, incorporating the X Window System (X.Org), the GCC and Clang compilers, and the pf packet filter firewall. Its ports collection provides a framework for building and installing third-party software, emphasizing security patches and licensing clarity.

Security

Security is the central tenet of the project's philosophy, manifesting in a rigorous process of code auditing and systematic removal of buffer overflow vulnerabilities. The developers pioneered the concept of privilege separation and privilege revocation in many system daemons, a practice later adopted by projects like OpenSSH. Proactive measures include the use of stack protection technologies like ProPolice, pledge(2) and unveil(2) system calls to restrict program capabilities, and a default-deny stance in its packet filter. These efforts have resulted in an exceptionally low number of remote vulnerabilities in the default install over decades, a record frequently highlighted in security forums.

Development model

Development is centralized around a single, authoritative CVS repository (with a read-only Git mirror), managed by a small team of core developers with Theo de Raadt as the project leader. Contributions are accepted under a strict license, primarily the ISC license, and undergo meticulous code review for correctness and security. The project is funded through donations, sales of CD-ROMs and merchandise, and support from the OpenBSD Foundation. Its famous motto, "Free, Functional, and Secure," and the six-month release schedule ensure a steady stream of audited, reliable software. Development events, known as hackathons, are regularly held in locations like Calgary and Lyon.

Reception and legacy

The project has received widespread acclaim from the security and systems administration communities for its uncompromising standards. Its most significant contributions to the broader software ecosystem are undoubtedly OpenSSH, which became the de facto standard for secure remote login, and LibreSSL. The pf firewall has been widely ported to other systems, including FreeBSD and macOS. While sometimes critiqued for its developer-driven, opinionated approach, its influence on secure coding practices is profound. It is extensively used in security-critical applications such as firewalls, routers, and embedded devices, serving as a benchmark for operating system security.

Category:Open-source operating systems Category:Berkeley Software Distribution Category:Computer security