Open-source development organisation OpenBSD's latest version of its operating system boasts enhanced security features and increased hardware support.
The enhancements come as a result of $2.3m in funding provided by the US Defense Advanced Research Projects Agency (Darpa). Last month, However, Darpa suspended a contract with the OpenBSD project, citing "world events" as a reason for cancelling funding.
The withdrawal of funding came just days after OpenBSD Project Leader Theo de Raadt was quoted in a Canadian newspaper as opposing the US-led war in Iraq. Darpa denied any connection between Raadt's comments and its decision to pull funding.
OpenBSD 3.3 comes fully loaded with security as top priority. It integrates the ProPolice stack protection technology developed by Hiroaki Etoh, enabling function prologues to be modified to rearrange the stack.
With the technology, a random "canary" is placed before the return address and buffer variables are moved closer to the canary, making it harder for an attacker to change return addresses when returning from a function.
The release also features a fine-grained memory permissions layout to ensure that memory written to by application programs cannot be executable at the same time. This aims to prevent attackers from writing code anywhere in memory where it can be executed, and minimises the risk of buffer overflows and other attacks. In addition, release 3.3's X window server and xconsole now enforce privilege separation.
The OpenBSD software project has also enhanced Version 3.3's packet filter including queue, a bandwidth management system, and anchors, allowing for rule sets that can be loaded and modified independently. Also new to the packet filter are support for TCP window scaling, and spamd, a spam deferral daemon that blocks spam while informing spammers of why their mail has been rejected. The packet filter also loads rule sets faster than previous versions.
OpenBSD 3.3 is developed by volunteers and is available for free. The software supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS and HP-UX.