version 1.105, 1999/09/14 05:44:59 |
version 1.106, 1999/09/22 05:54:08 |
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
|
|
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
|
|
<hr> |
<hr> |
<a href=#21>For 2.1 security advisories, please refer here</a>.<br> |
|
<a href=#22>For 2.2 security advisories, please refer here</a>.<br> |
|
<a href=#23>For 2.3 security advisories, please refer here</a>.<br> |
|
<a href=#24>For 2.4 security advisories, please refer here</a>.<br> |
|
<a href=#25>For 2.5 security advisories, please refer here</a>.<br> |
|
<hr> |
|
|
|
<p> |
<p> |
<h3><font color=#e00000><strong>OpenBSD Security Views</strong></font></h3> |
<h2><font color=#e00000><strong>Security</strong></font></h2> |
|
|
|
<strong>Index</strong><br> |
|
<a href=#goals>Security goals of the Project</a>.<br> |
|
<a href=#disclosure>Full Disclosure policy</a>.<br> |
|
<a href=#process>Source code auditing process</a>.<br> |
|
<a href=#process>"Secure by Default"</a>.<br> |
|
<a href=#crypto>Use of Cryptography</a>.<br> |
|
<p> |
|
<a href=#25>For 2.5 security advisories</a>.<br> |
|
<a href=#24>For 2.4 security advisories</a>.<br> |
|
<a href=#23>For 2.3 security advisories</a>.<br> |
|
<a href=#22>For 2.2 security advisories</a>.<br> |
|
<a href=#21>For 2.1 security advisories</a>.<br> |
|
<a href=#20>For 2.0 security advisories</a>.<br> |
|
<p> |
|
<a href=#watching>Watching changes</a>.<br> |
|
<a href=#reporting>Reporting security issues</a>.<br> |
|
<p> |
|
<hr> |
|
|
|
<dl> |
|
<a name=goals></a> |
|
<li><h3><font color=#e00000><strong>Goal</strong></font></h3><p> |
|
|
OpenBSD believes in strong security. Our aspiration is to be NUMBER |
OpenBSD believes in strong security. Our aspiration is to be NUMBER |
ONE in the industry for security (if we are not already there). Our |
ONE in the industry for security (if we are not already there). Our |
open software development model permits us to take a more |
open software development model permits us to take a more |
|
|
cryptography</a>, we are able to take cryptographic approaches towards |
cryptography</a>, we are able to take cryptographic approaches towards |
fixing security problems.<p> |
fixing security problems.<p> |
|
|
|
<a name=disclosure></a> |
|
<li><h3><font color=#e00000><strong>Full Disclosure</strong></font></h3><p> |
|
|
Like many readers of the |
Like many readers of the |
<a href=http://www.securityfocus.com/bugtraq/archive> |
<a href=http://www.securityfocus.com/bugtraq/archive> |
BUGTRAQ mailing list</a>, |
BUGTRAQ mailing list</a>, |
we believe in full disclosure of security problems. Security |
we believe in full disclosure of security problems. In the |
information moves very fast in cracker circles. On the other hand, |
operating system arena, we were probably the first to embrace |
our experience is that coding and releasing of proper security fixes |
the concept. Many vendors, even of free software, still try |
typically requires about an hour of work -- very fast fix turnaround |
to hide issues from their users.<p> |
is possible. Thus we think that full disclosure helps the people who |
|
really care about security.<p> |
|
|
|
|
Security information moves very fast in cracker circles. On the other |
|
hand, our experience is that coding and releasing of proper security |
|
fixes typically requires about an hour of work -- very fast fix |
|
turnaround is possible. Thus we think that full disclosure helps the |
|
people who really care about security.<p> |
|
|
|
<li><h3><font color=#e00000><strong>Audit Process</strong></font></h3><p> |
|
|
Our security auditing team typically has between six and twelve |
Our security auditing team typically has between six and twelve |
members who continue to search for and fix new security holes. We |
members who continue to search for and fix new security holes. We |
have been auditing since the summer of 1996. The process we follow to |
have been auditing since the summer of 1996. The process we follow to |
increase security is simply a comprehensive file-by-file analysis of |
increase security is simply a comprehensive file-by-file analysis of |
every critical software component. Flaws have been found in just |
every critical software component. We are not so much looking for |
about every area of the system. Entire new classes of security |
security holes, as we are looking for basic software bugs, and if |
problems have been found during our audit, and often source code |
years later someone discovers a the problem used to be a security |
which had been audited earlier needs re-auditing with these new flaws |
issue, and we fixed it because it was just a bug, well, all the |
in mind. Code often gets audited multiple times, and by multiple |
better. Flaws have been found in just about every area of the system. |
people with different auditing skills.<p> |
Entire new classes of security problems have been found during our |
|
audit, and often source code which had been audited earlier needs |
|
re-auditing with these new flaws in mind. Code often gets audited |
|
multiple times, and by multiple people with different auditing |
|
skills.<p> |
|
|
Some members of our security auditing team worked for Secure Networks, |
Some members of our security auditing team worked for Secure Networks, |
the company that made the industry's premier network security scanning |
the company that made the industry's premier network security scanning |
software package Ballista (Secure Networks got purchased by Network |
software package Ballista (Secure Networks got purchased by Network |
Associates, Ballista got renamed to Cybercop Scanner, and well...) |
Associates, Ballista got renamed to Cybercop Scanner, and well...) |
That company did a lot of security research, and thus fit in well |
That company did a lot of security research, and thus fit in well |
with the OpenBSD stance. OpenBSD passes Ballista's tests with flying |
with the OpenBSD stance. OpenBSD passed Ballista's tests with flying |
colours.<p> |
colours since day 1.<p> |
|
|
Another facet of our security auditing process is its proactiveness. |
Another facet of our security auditing process is its proactiveness. |
In most cases we have found that the determination of exploitability |
In most cases we have found that the determination of exploitability |
|
|
managed such a success is the lpd advisory that Secure Networks put out. |
managed such a success is the lpd advisory that Secure Networks put out. |
<p> |
<p> |
|
|
|
<li><h3><font color=#e00000><strong>The Reward</strong></font></h3><p> |
|
|
Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
commonplace in security forums like |
commonplace in security forums like |
|
|
<li>Finding and fixing subtle flaws in complicated software is |
<li>Finding and fixing subtle flaws in complicated software is |
a lot of fun. |
a lot of fun. |
</ul> |
</ul> |
|
<p> |
|
|
The auditing process is not over yet, and as you can see we continue |
The auditing process is not over yet, and as you can see we continue |
to find and fix new security flaws.<p> |
to find and fix new security flaws.<p> |
|
|
|
<a name=default></a> |
|
<li><h3><font color=#e00000><strong>"Secure by Default"</strong></font></h3><p> |
|
|
|
To ensure that novice users of OpenBSD do not need to become security |
|
experts overnight (a viewpoint which other vendors seem to have), we |
|
ship the operating system in a Secure by Default mode. All non-essential |
|
services are disabled. As the user/administrator becomes more familiar |
|
with the system, he will discover that he has to enable daemons and other |
|
parts of the system. During the process of learning how to enable a new |
|
service, the novice is more likely to learn of security considerations.<p> |
|
|
|
This is in stark contrast to the increasing number of systems that |
|
ship with NFS, mountd, web servers, and various other services enabled |
|
by default, creating instantaneous security problems for their users |
|
within minutes after their first install.<p> |
|
|
|
<li><h3><font color=#e00000><strong>Cryptography</strong></font></h3><p> |
|
|
|
And of course, since the OpenBSD project is based in Canada, it is possible |
|
for us to integrate cryptography. For more information, read the page |
|
outlying <a href=crypto.html>what we have done with cryptography</a>.</p> |
|
|
|
<li><h3><font color=#e00000><strong>Advisories</strong></font></h3><p> |
|
|
|
<dl> |
|
|
|
<li> |
<a name=25></a> |
<a name=25></a> |
<p> |
|
<h3><font color=#e00000><strong>OpenBSD 2.5 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.5 Security Advisories</strong></font></h3> |
These are the OpenBSD 2.5 advisories -- all these problems are solved |
These are the OpenBSD 2.5 advisories -- all these problems are solved |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
|
with the -S flag, when called by nroff(1) (patch included).</a> |
with the -S flag, when called by nroff(1) (patch included).</a> |
</ul> |
</ul> |
|
|
<a name=24></a> |
|
<p> |
<p> |
|
<li> |
|
<a name=24></a> |
<h3><font color=#e00000><strong>OpenBSD 2.4 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.4 Security Advisories</strong></font></h3> |
These are the OpenBSD 2.4 advisories -- all these problems are solved |
These are the OpenBSD 2.4 advisories -- all these problems are solved |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
|
bug in the TCP decoding kernel. (patch included).</a> |
bug in the TCP decoding kernel. (patch included).</a> |
</ul> |
</ul> |
|
|
<a name=23></a> |
|
<p> |
<p> |
|
<li> |
|
<a name=23></a> |
<h3><font color=#e00000><strong>OpenBSD 2.3 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.3 Security Advisories</strong></font></h3> |
These are the OpenBSD 2.3 advisories -- all these problems are solved |
These are the OpenBSD 2.3 advisories -- all these problems are solved |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
|
if IPSEC is enabled (patch included).</a> |
if IPSEC is enabled (patch included).</a> |
</ul> |
</ul> |
|
|
<a name=22></a> |
|
<p> |
<p> |
|
<li> |
|
<a name=22></a> |
<h3><font color=#e00000><strong>OpenBSD 2.2 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.2 Security Advisories</strong></font></h3> |
These are the OpenBSD 2.2 advisories. All these problems are solved |
These are the OpenBSD 2.2 advisories. All these problems are solved |
in <a href=23.html>OpenBSD 2.3</a>. Some of these problems |
in <a href=23.html>OpenBSD 2.3</a>. Some of these problems |
|
|
(patch included).</a> |
(patch included).</a> |
</ul> |
</ul> |
|
|
<a name=21></a> |
|
<p> |
<p> |
|
<li> |
|
<a name=21></a> |
<h3><font color=#e00000><strong>OpenBSD 2.1 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.1 Security Advisories</strong></font></h3> |
These are the OpenBSD 2.1 advisories. All these problems are solved |
These are the OpenBSD 2.1 advisories. All these problems are solved |
in <a href=22.html>OpenBSD 2.2</a>. Some of these problems still |
in <a href=22.html>OpenBSD 2.2</a>. Some of these problems still |
|
|
<li><a href=advisories/procfs>Jun 24, 1997: Procfs flaws (patch included)</a> |
<li><a href=advisories/procfs>Jun 24, 1997: Procfs flaws (patch included)</a> |
</ul> |
</ul> |
|
|
|
<p> |
|
<li> |
|
<a name=20></a> |
<h3><font color=#e00000><strong>OpenBSD 2.0 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.0 Security Advisories</strong></font></h3> |
These are the OpenBSD 2.0 advisories. All these problems are solved |
These are the OpenBSD 2.0 advisories. All these problems are solved |
in <a href=21.html>OpenBSD 2.1</a>. Some of these problems still |
in <a href=21.html>OpenBSD 2.1</a>. Some of these problems still |
|
|
and we'll put them up here. |
and we'll put them up here. |
</ul> |
</ul> |
|
|
|
</dl> |
<p> |
<p> |
<h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
|
|
<a name=watching></a> |
|
<li><h3><font color=#e00000><strong>Watching our Changes</strong></font></h3><p> |
|
|
Since we take a proactive stance with security, we are continually |
Since we take a proactive stance with security, we are continually |
finding and fixing new security problems. Not all of these problems |
finding and fixing new security problems. Not all of these problems |
get widely reported because (as stated earlier) many of them are not |
get widely reported because (as stated earlier) many of them are not |
|
|
</ul> |
</ul> |
|
|
<p> |
<p> |
<h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
<li><h3><font color=#e00000><strong>Reporting problems</strong></font></h3><p> |
|
|
<p> If you find a new security problem, you can mail it to |
<p> If you find a new security problem, you can mail it to |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<br> |
<br> |
If you wish to PGP encode it (but please only do so if privacy is very |
If you wish to PGP encode it (but please only do so if privacy is very |
urgent, since it is inconvenient) use this <a href=advisories/pgpkey>pgp key</a>. |
urgent, since it is inconvenient) use this <a href=advisories/pgpkey>pgp key</a>. |
|
|
|
</dl> |
|
|
<hr> |
<hr> |
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |