| version 1.5, 2015/12/18 11:30:47 |
version 1.6, 2015/12/18 12:32:30 |
|
|
| Now maintained by Ingo Schwarze.</li> |
Now maintained by Ingo Schwarze.</li> |
| </ul> |
</ul> |
| |
|
| <h2>Early adoption of new techniques</h2> |
<h2>New techniques and concepts</h2> |
| |
|
| |
<h3>Invented in OpenBSD</h3> |
| |
|
| <ul> |
<ul> |
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ipsec.4">ipsec(4)</a>: |
|
| Started by John Ioannidis, Angelos D. Keromytis, Niels Provos, and Niklas Hallqvist, imported February 20, 1997. OpenBSD was the first free operating system to provide an IPSec stack. |
|
| <li>Privilege separation: |
<li>Privilege separation: |
| First implemented by |
First implemented by |
| <a href="http://www.citi.umich.edu/u/provos/ssh/privsep.html">Niels Provos</a> |
<a href="http://www.citi.umich.edu/u/provos/ssh/privsep.html">Niels Provos</a> |
| and Markus Friedl in OpenSSH in March 2002, released with OpenBSD 3.2. |
and Markus Friedl in OpenSSH in March 2002, released with OpenBSD 3.2. |
| The concept is now used in many programs. |
The concept is now used in many programs. |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/gcc-local.1">gcc-local(1)</a> |
| |
__attribute__((__bounded__)) static analysis annotation |
| |
and checking mechanism: |
| |
Started by Anil Madhavapeddy on June 26, 2003 |
| |
and ported to GCC 4 by Nicholas Marriott. |
| |
First released with OpenBSD 3.4. |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/malloc.3">malloc(3)</a> randomization: |
| |
Implemented by <a href="http://www.openbsd.org/papers/eurobsdcon2009/otto-malloc.pdf">Otto Moerbeek</a> for OpenBSD 4.4.</li> |
| |
</ul> |
| |
|
| |
<h3>Early adoption of concepts invented outside OpenBSD</h3> |
| |
|
| |
<ul> |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/ipsec.4">ipsec(4)</a>: |
| |
Started by John Ioannidis, Angelos D. Keromytis, Niels Provos, and Niklas Hallqvist, imported February 20, 1997. OpenBSD was the first free operating system to provide an IPSec stack. |
| <li>W^X: First used for sparc, sparc64, alpha, and hppa in OpenBSD 3.3. |
<li>W^X: First used for sparc, sparc64, alpha, and hppa in OpenBSD 3.3. |
| Today, most architectures implement it.</li> |
Today, most architectures implement it.</li> |
| <li>ASLR: OpenBSD 3.4 was the first widely used operating system to |
<li>ASLR: OpenBSD 3.4 was the first widely used operating system to |
|
|
| Integrated, and implemented for additional hardware platforms, |
Integrated, and implemented for additional hardware platforms, |
| by Miod Vallat and Theo de Raadt. OpenBSD 3.3 was the first operating |
by Miod Vallat and Theo de Raadt. OpenBSD 3.3 was the first operating |
| system to enable it systemwide by default. |
system to enable it systemwide by default. |
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/malloc.3">malloc(3)</a> randomization: |
|
| Implemented by <a href="http://www.openbsd.org/papers/eurobsdcon2009/otto-malloc.pdf">Otto Moerbeek</a> for OpenBSD 4.4.</li> |
|
| <li>PIE: OpenBSD 5.3 was the first widely used operating system to enable |
<li>PIE: OpenBSD 5.3 was the first widely used operating system to enable |
| it globally by default, on seven hardware platforms.</li> |
it globally by default, on seven hardware platforms.</li> |
| </ul> |
</ul> |
![[BACK]](/icons/back.gif){kind=icon}
Return to innovations.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www