Open-source development organisation OpenBSD's latest
version of its operating system boasts enhanced security features
and increased hardware support.
The enhancements come as a result of $2.3m in funding provided
by the US Defense Advanced Research Projects Agency (Darpa). Last
month, However, Darpa suspended a contract with the OpenBSD
project, citing "world events" as a reason for cancelling
funding.
The withdrawal of funding came just days after OpenBSD Project
Leader Theo de Raadt was quoted in a Canadian newspaper as opposing
the US-led war in Iraq. Darpa denied any connection between Raadt's
comments and its decision to pull funding.
OpenBSD 3.3 comes fully loaded with security as top priority. It
integrates the ProPolice stack protection technology developed by
Hiroaki Etoh, enabling function prologues to be modified to
rearrange the stack.
With the technology, a random "canary" is placed before the
return address and buffer variables are moved closer to the canary,
making it harder for an attacker to change return addresses when
returning from a function.
The release also features a fine-grained memory permissions
layout to ensure that memory written to by application programs
cannot be executable at the same time. This aims to prevent
attackers from writing code anywhere in memory where it can be
executed, and minimises the risk of buffer overflows and other
attacks. In addition, release 3.3's X window server and xconsole
now enforce privilege separation.
The OpenBSD software project has also enhanced Version
3.3's packet filter including queue, a bandwidth management system,
and anchors, allowing for rule sets that can be loaded and modified
independently. Also new to the packet filter are support for TCP
window scaling, and spamd, a spam deferral daemon that blocks spam
while informing spammers of why their mail has been rejected. The
packet filter also loads rule sets faster than previous
versions.
OpenBSD 3.3 is developed by volunteers and is available for
free. The software supports binary emulation of most programs from
SVR4 (Solaris), FreeBSD, Linux, BSD/OS and HP-UX.