Annotation of www/plus.html, Revision 1.11
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.2 deraadt 4: <title>OpenBSD changes</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the main OpenBSD page">
8: <meta name="keywords" content="openbsd,main">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
11: </head>
12:
13: <body>
14:
15: <h1>OpenBSD</h1>
16: <h3><hr>Changes Relative to other *BSD's.</h3>
17:
18: <p>
19: OpenBSD looks a lot like NetBSD (which it is derived from, following
20: the 4.4BSD roots), but is now being developed seperately. Good changes
21: from other free operating systems will be merged in (of course, depending
22: on various factors like developer time for example.) OpenBSD tracks
23: NetBSD changes very closely; say anywhere between 2 days to 10 days
24: behind the state of NetBSD-current all the time. Hence you can truly
25: say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
26: </p>
27:
28: <p>
29: Various additions have been made. This is only a small partial list of
30: the major machine independent changes (ie. it is the most interesting
31: changes or what people ask about most often). Check the specific port
32: you are interested in for further details of that port -- many of them
33: have been extended too.
34: <ul>
35: <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
36: <li>New curses library, including libform, libpanel and libmenu.
37: <li>a termlib library which understands termcap.db, needed for new curses.
38: <li>The FreeBSD ports subsystem was integrated and is usable by you!
39: <li>ipfilter for filtering dangerous packets
40: <li>better ELF support
41: <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
42: to use kvm utilies
43: <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
44: <li>All the pieces needed for cross compilation are in the source tree.
45: <li>Some LKM support in the tree.
46: <li>ATAPI support (should work on all ISA busses)
47: <li>new scsi, md5, pkg_* commands
48: <li>Numerous security related fixes
49: <li>Kerberos and other crypto in the source tree that is exportable
50: <li>Solid YP master, server, and client capabilities.
51: <li>/dev/*random -- a device driver providing some kinds of random data
52: <li>In-kernel update(8) with an adaptive algorithm
53: <li>Some ddb improvements and extensions
54: <li>Numerous scsi fixes
55: <li>ncheck utility for ffs
56: <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
57: <li>new system calls: rfork(), minherit(), poll().
58: <li>select() that can handle any amount of file descriptors.
59: <li>kernfs extensions
60: <li>ATM support (support for one company's sparc & i386 cards available)
61: <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
62: <li>pax as tar, gnutar is toast
63: <li>using AT&T awk, gawk is toast
64: <li>Even more security fixes.
65: <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
66: generate them too
67: <li>Linux ext2fs and BSD4.4 LFS support being worked on.
68: <li>Working ATAPI audio support for multiple architectures.
69: <li>terminfo database support.
70: <li>Fortran in the tree.
71: <li>The most secure rdist support anywhere.
72: <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
73: security via unpredictability.
74: <li>Protection from the udp spamming and ftp bounce attacks.
75: <li>Significantly improved ftp daemon.
76: <li>Numerous more security policy and implimentation improvements (OpenBSD
77: defaults to installing in a very secure mode)
78: <li>zlib (non-GPL'd gzip-compatible library)
79: <li>Newest version of pppd.
80: <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
81: <li>Fixed long-standing vm swap-leak.
82: <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
83: <li>Numerous FreeBSD userland fixes and improvements incorporated.
84: <li>new rdisc Router Discovery daemon
85: <li>generic protection against the bind() takeover problem.
86: <li>at -f security fix.
87: <li>install now supports -C, -p, and -S flags.
88: <!-- <li>a real adduser program, which can even be used uninteractively. -->
89: <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
90: by chown(). This can be turned off with sysctl.
91: <li>partial protection against tcp SYN attacks.
92: <li>added /etc/fbtab support to login & init.
93: <li>RCS version 5.7
94: <li>much newer join command (4.4lite2 with other fixes)
95: <li>scsi subsystem security fix
96: <li>Kerberos is much more silent if not configured
97: <li>arc4-based random support in kernel
98: <li>ncr53cXXX scsi scripts assembler
99: <li>Numerous ftpd improvements and fixes, including multihomed support.
100: <li>`lsof'-style features in fstat.
101: <li>/bin/ksh (latest version of pdksh) with more fixes.
102: <li>rudimentary support for ISA Plug-and-Play cards
103: <li>Fixed timeout support in RPC library, and also fixed it to support more than
104: FD_SETSIZE file descriptors.
105: <li>improved locate command
106: <li>a good start at NETIPX support
1.9 deraadt 107: <li>nvi version 1.76
1.1 deraadt 108: <li>gcc 2.7.2.1 (to get closer to native alpha support and fix a few other gcc
109: bugs).
110: <li>latest version of perl, and a lndir command.
111: <li>Even more security fixes.
112: <li>cdio command for using CD audio.
113: <li>Kernel warns if /dev/console does not exist; nice warning for booting with an
114: unpopulated /dev directory.
115: <li>libgnumalloc is gone; our malloc() is better.
116: <li>FreeBSD pipe() system call; quite a bit faster.
117: <li>Some serial drivers support /dev/cuaXX devices for transparent
118: dialout+dialout, like in SunOS
119: <li>DDB can now access symbol tables from LKM modules
1.5 deraadt 120: <li>Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
121: <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
122: <li>YP can be compiled out of the system.
123: <li>New routed (from SGI).
124: <li>Almost complete in-tree development for MIPS/Alpha systems (ie. binutils).
125: <li>ftp command modified for easily scripted ftp & http downloads.
126: <li>And of course... more security related fixes.
1.6 deraadt 127: <li>$RSH environment variable used throughout for "ssh" users (ie. dump, restore, mt).
1.8 deraadt 128: <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
129: also works better.
1.7 deraadt 130: <li>16 partitions per disk on i386 and sparc ports (yipee!)
1.8 deraadt 131: <li>Nice sample files in /etc
132: <li>sendmail gecos hole fixed (in a number of ways; other programs in the source
133: tree were also vulnerable.)
134: <li>secure multicast tools against possible security problems.
135: <li>latest GNU groff, incorporated in a clean wrapperized form.
1.9 deraadt 136: <li>use vim instead of nvi. vim has been extended to add many missing features.
137: <li>mopd for networking booting Digital machines
138: <li>less version 2.90
139: <li>deal with the SYN bomb problem as well as currently known.
140: <li>sendmail version 8.7.6.
141: <li>Some more ftpd and lpd fixes.
142: <li>MIPS shared library ld.so, soon to be others as well.
143: <li>Another kerberos security fix.
144: <li>Almost a hundred more security fixes (just in the last 3 weeks), including
145: a few more /tmp race conditions and more uses of snprintf and strncpy.
146: <li>Compile time option to compile the source tree almost completely dynamic.
147: <li>A 7% reduction in size of static binaries.
1.10 deraadt 148: <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
1.11 ! deraadt 149: <li>MD5/SHA-1 support in skey -- basically RFC 1938 One Time Password support.
! 150: <li>We have completed security reviews of almost all userland programs and
! 151: libraries except for the gnu stuff (where, based on preliminary
! 152: inspection, poor handling of temporary files appears rampant).
1.1 deraadt 153: </ul>
154: </p>
155:
156: <p>
1.3 deraadt 157: This list only mentions platform-independent changes. For a list of changes
1.1 deraadt 158: made in a particular platform, please check the page for that platform.
159:
160: <hr>
1.4 deraadt 161: <a href=index.html><img src=back.gif border=0 alt=OpenBSD></a>
1.1 deraadt 162: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.11 ! deraadt 163: <br><small>$OpenBSD: plus.html,v 1.10 1996/09/28 22:36:06 deraadt Exp $</small>
1.1 deraadt 164:
165: </body>
166: </html>