Return to plus.html CVS log

Up to [local] / www

new info....

<!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD changes</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the main OpenBSD page">
<meta name="keywords" content="openbsd,main">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
</head>

<body>

<h1>OpenBSD</h1>
<h3><hr>Changes Relative to other *BSD's.</h3>

<p>
OpenBSD looks a lot like NetBSD (which it is derived from, following
the 4.4BSD roots), but is now being developed seperately.  Good changes
from other free operating systems will be merged in (of course, depending
on various factors like developer time for example.)  OpenBSD tracks
NetBSD changes very closely; say anywhere between 2 days to 10 days
behind the state of NetBSD-current all the time.  Hence you can truly
say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
</p>

<p>
Various additions have been made. This is only a small partial list of
the major machine independent changes (ie. it is the most interesting
changes or what people ask about most often). Check the specific port
you are interested in for further details of that port -- many of them
have been extended too.
<ul>
<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
<li>New curses library, including libform, libpanel and libmenu.
<li>a termlib library which understands termcap.db, needed for new curses. 
<li>The FreeBSD ports subsystem was integrated and is usable by you! 
<li>ipfilter for filtering dangerous packets
<li>better ELF support
<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
	to use kvm utilies 
<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
<li>All the pieces needed for cross compilation are in the source tree.
<li>Some LKM support in the tree.
<li>ATAPI support (should work on all ISA busses)
<li>new scsi, md5, pkg_* commands
<li>Numerous security related fixes
<li>Kerberos and other crypto in the source tree that is exportable
<li>Solid YP master, server, and client capabilities.
<li>/dev/*random -- a device driver providing some kinds of random data
<li>In-kernel update(8) with an adaptive algorithm
<li>Some ddb improvements and extensions
<li>Numerous scsi fixes
<li>ncheck utility for ffs
<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
<li>new system calls: rfork(), minherit(), poll().
<li>select() that can handle any amount of file descriptors.
<li>kernfs extensions
<li>ATM support (support for one company's sparc & i386 cards available)
<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
<li>pax as tar, gnutar is toast
<li>using AT&T awk, gawk is toast
<li>Even more security fixes.
<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
	generate them too
<li>Linux ext2fs and BSD4.4 LFS support being worked on.
<li>Working ATAPI audio support for multiple architectures.
<li>terminfo database support.
<li>Fortran in the tree.
<li>The most secure rdist support anywhere.
<li>randomized port allocation in bind(), bindresvport(), and rresvport() --
	security via unpredictability.
<li>Protection from the udp spamming and ftp bounce attacks.
<li>Significantly improved ftp daemon.
<li>Numerous more security policy and implimentation improvements (OpenBSD
	defaults to installing in a very secure mode)
<li>zlib (non-GPL'd gzip-compatible library)
<li>Newest version of pppd.
<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
<li>Fixed long-standing vm swap-leak.
<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
<li>Numerous FreeBSD userland fixes and improvements incorporated.
<li>new rdisc Router Discovery daemon
<li>generic protection against the bind() takeover problem.
<li>at -f security fix. 
<li>install now supports -C, -p, and -S flags.
<!-- <li>a real adduser program, which can even be used uninteractively. -->
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
	by chown(). This can be turned off with sysctl.
<li>partial protection against tcp SYN attacks.
<li>added /etc/fbtab support to login & init.
<li>RCS version 5.7
<li>much newer join command (4.4lite2 with other fixes)
<li>scsi subsystem security fix
<li>Kerberos is much more silent if not configured
<li>arc4-based random support in kernel
<li>ncr53cXXX scsi scripts assembler
<li>Numerous ftpd improvements and fixes, including multihomed support.
<li>`lsof'-style features in fstat.
<li>/bin/ksh (latest version of pdksh) with more fixes.
<li>rudimentary support for ISA Plug-and-Play cards
<li>Fixed timeout support in RPC library, and also fixed it to support more than
	FD_SETSIZE file descriptors.
<li>improved locate command
<li>a good start at NETIPX support
<li>nvi version 1.76
<li>gcc 2.7.2.1 (to get closer to native alpha support and fix a few other gcc
	bugs).
<li>latest version of perl, and a lndir command.
<li>Even more security fixes.
<li>cdio command for using CD audio. 
<li>Kernel warns if /dev/console does not exist; nice warning for booting with an
	unpopulated /dev directory.
<li>libgnumalloc is gone; our malloc() is better.
<li>FreeBSD pipe() system call; quite a bit faster.
<li>Some serial drivers support /dev/cuaXX devices for transparent
	dialout+dialout, like in SunOS
<li>DDB can now access symbol tables from LKM modules
<li>Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
<li>YP can be compiled out of the system.
<li>New routed (from SGI).
<li>Almost complete in-tree development for MIPS/Alpha systems (ie. binutils).
<li>ftp command modified for easily scripted ftp & http downloads.
<li>And of course... more security related fixes.
<li>$RSH environment variable used throughout for "ssh" users (ie. dump, restore, mt).
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
	also works better.
<li>16 partitions per disk on i386 and sparc ports (yipee!)
<li>Nice sample files in /etc
<li>sendmail gecos hole fixed (in a number of ways; other programs in the source
	tree were also vulnerable.)
<li>secure multicast tools against possible security problems.
<li>latest GNU groff, incorporated in a clean wrapperized form.
<li>use vim instead of nvi. vim has been extended to add many missing features.
<li>mopd for networking booting Digital machines
<li>less version 2.90
<li>deal with the SYN bomb problem as well as currently known.
<li>sendmail version 8.7.6.
<li>Some more ftpd and lpd fixes.
<li>MIPS shared library ld.so, soon to be others as well.
<li>Another kerberos security fix.
<li>Almost a hundred more security fixes (just in the last 3 weeks), including
	a few more /tmp race conditions and more uses of snprintf and strncpy.
<li>Compile time option to compile the source tree almost completely dynamic.
<li>A 7% reduction in size of static binaries.
<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
<li>MD5/SHA-1 support in skey -- basically RFC 1938 One Time Password support.
<li>We have completed security reviews of almost all userland programs and
	libraries except for the gnu stuff (where, based on preliminary
	inspection, poor handling of temporary files appears rampant).
</ul>
</p>

<p>
This list only mentions platform-independent changes.  For a list of changes
made in a particular platform, please check the page for that platform.

<hr>
<a href=index.html><img src=back.gif border=0 alt=OpenBSD></a> 
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: plus.html,v 1.11 1996/10/02 01:24:15 deraadt Exp $</small>

</body>
</html>