| version 1.105, 1999/09/14 05:44:59 |
version 1.106, 1999/09/22 05:54:08 |
|
|
| <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
| |
|
| <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
| |
|
| <hr> |
<hr> |
| <a href=#21>For 2.1 security advisories, please refer here</a>.<br> |
|
| <a href=#22>For 2.2 security advisories, please refer here</a>.<br> |
|
| <a href=#23>For 2.3 security advisories, please refer here</a>.<br> |
|
| <a href=#24>For 2.4 security advisories, please refer here</a>.<br> |
|
| <a href=#25>For 2.5 security advisories, please refer here</a>.<br> |
|
| <hr> |
|
| |
|
| <p> |
<p> |
| <h3><font color=#e00000><strong>OpenBSD Security Views</strong></font></h3> |
<h2><font color=#e00000><strong>Security</strong></font></h2> |
| |
|
| |
<strong>Index</strong><br> |
| |
<a href=#goals>Security goals of the Project</a>.<br> |
| |
<a href=#disclosure>Full Disclosure policy</a>.<br> |
| |
<a href=#process>Source code auditing process</a>.<br> |
| |
<a href=#process>"Secure by Default"</a>.<br> |
| |
<a href=#crypto>Use of Cryptography</a>.<br> |
| |
<p> |
| |
<a href=#25>For 2.5 security advisories</a>.<br> |
| |
<a href=#24>For 2.4 security advisories</a>.<br> |
| |
<a href=#23>For 2.3 security advisories</a>.<br> |
| |
<a href=#22>For 2.2 security advisories</a>.<br> |
| |
<a href=#21>For 2.1 security advisories</a>.<br> |
| |
<a href=#20>For 2.0 security advisories</a>.<br> |
| |
<p> |
| |
<a href=#watching>Watching changes</a>.<br> |
| |
<a href=#reporting>Reporting security issues</a>.<br> |
| |
<p> |
| |
<hr> |
| |
|
| |
<dl> |
| |
<a name=goals></a> |
| |
<li><h3><font color=#e00000><strong>Goal</strong></font></h3><p> |
| |
|
| OpenBSD believes in strong security. Our aspiration is to be NUMBER |
OpenBSD believes in strong security. Our aspiration is to be NUMBER |
| ONE in the industry for security (if we are not already there). Our |
ONE in the industry for security (if we are not already there). Our |
| open software development model permits us to take a more |
open software development model permits us to take a more |
|
|
| cryptography</a>, we are able to take cryptographic approaches towards |
cryptography</a>, we are able to take cryptographic approaches towards |
| fixing security problems.<p> |
fixing security problems.<p> |
| |
|
| |
<a name=disclosure></a> |
| |
<li><h3><font color=#e00000><strong>Full Disclosure</strong></font></h3><p> |
| |
|
| Like many readers of the |
Like many readers of the |
| <a href=http://www.securityfocus.com/bugtraq/archive> |
<a href=http://www.securityfocus.com/bugtraq/archive> |
| BUGTRAQ mailing list</a>, |
BUGTRAQ mailing list</a>, |
| we believe in full disclosure of security problems. Security |
we believe in full disclosure of security problems. In the |
| information moves very fast in cracker circles. On the other hand, |
operating system arena, we were probably the first to embrace |
| our experience is that coding and releasing of proper security fixes |
the concept. Many vendors, even of free software, still try |
| typically requires about an hour of work -- very fast fix turnaround |
to hide issues from their users.<p> |
| is possible. Thus we think that full disclosure helps the people who |
|
| really care about security.<p> |
|
| |
|
| |
Security information moves very fast in cracker circles. On the other |
| |
hand, our experience is that coding and releasing of proper security |
| |
fixes typically requires about an hour of work -- very fast fix |
| |
turnaround is possible. Thus we think that full disclosure helps the |
| |
people who really care about security.<p> |
| |
|
| |
<li><h3><font color=#e00000><strong>Audit Process</strong></font></h3><p> |
| |
|
| Our security auditing team typically has between six and twelve |
Our security auditing team typically has between six and twelve |
| members who continue to search for and fix new security holes. We |
members who continue to search for and fix new security holes. We |
| have been auditing since the summer of 1996. The process we follow to |
have been auditing since the summer of 1996. The process we follow to |
| increase security is simply a comprehensive file-by-file analysis of |
increase security is simply a comprehensive file-by-file analysis of |
| every critical software component. Flaws have been found in just |
every critical software component. We are not so much looking for |
| about every area of the system. Entire new classes of security |
security holes, as we are looking for basic software bugs, and if |
| problems have been found during our audit, and often source code |
years later someone discovers a the problem used to be a security |
| which had been audited earlier needs re-auditing with these new flaws |
issue, and we fixed it because it was just a bug, well, all the |
| in mind. Code often gets audited multiple times, and by multiple |
better. Flaws have been found in just about every area of the system. |
| people with different auditing skills.<p> |
Entire new classes of security problems have been found during our |
| |
audit, and often source code which had been audited earlier needs |
| |
re-auditing with these new flaws in mind. Code often gets audited |
| |
multiple times, and by multiple people with different auditing |
| |
skills.<p> |
| |
|
| Some members of our security auditing team worked for Secure Networks, |
Some members of our security auditing team worked for Secure Networks, |
| the company that made the industry's premier network security scanning |
the company that made the industry's premier network security scanning |
| software package Ballista (Secure Networks got purchased by Network |
software package Ballista (Secure Networks got purchased by Network |
| Associates, Ballista got renamed to Cybercop Scanner, and well...) |
Associates, Ballista got renamed to Cybercop Scanner, and well...) |
| That company did a lot of security research, and thus fit in well |
That company did a lot of security research, and thus fit in well |
| with the OpenBSD stance. OpenBSD passes Ballista's tests with flying |
with the OpenBSD stance. OpenBSD passed Ballista's tests with flying |
| colours.<p> |
colours since day 1.<p> |
| |
|
| Another facet of our security auditing process is its proactiveness. |
Another facet of our security auditing process is its proactiveness. |
| In most cases we have found that the determination of exploitability |
In most cases we have found that the determination of exploitability |
|
|
| managed such a success is the lpd advisory that Secure Networks put out. |
managed such a success is the lpd advisory that Secure Networks put out. |
| <p> |
<p> |
| |
|
| |
<li><h3><font color=#e00000><strong>The Reward</strong></font></h3><p> |
| |
|
| Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
| ``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
| commonplace in security forums like |
commonplace in security forums like |
|
|
| <li>Finding and fixing subtle flaws in complicated software is |
<li>Finding and fixing subtle flaws in complicated software is |
| a lot of fun. |
a lot of fun. |
| </ul> |
</ul> |
| |
<p> |
| |
|
| The auditing process is not over yet, and as you can see we continue |
The auditing process is not over yet, and as you can see we continue |
| to find and fix new security flaws.<p> |
to find and fix new security flaws.<p> |
| |
|
| |
<a name=default></a> |
| |
<li><h3><font color=#e00000><strong>"Secure by Default"</strong></font></h3><p> |
| |
|
| |
To ensure that novice users of OpenBSD do not need to become security |
| |
experts overnight (a viewpoint which other vendors seem to have), we |
| |
ship the operating system in a Secure by Default mode. All non-essential |
| |
services are disabled. As the user/administrator becomes more familiar |
| |
with the system, he will discover that he has to enable daemons and other |
| |
parts of the system. During the process of learning how to enable a new |
| |
service, the novice is more likely to learn of security considerations.<p> |
| |
|
| |
This is in stark contrast to the increasing number of systems that |
| |
ship with NFS, mountd, web servers, and various other services enabled |
| |
by default, creating instantaneous security problems for their users |
| |
within minutes after their first install.<p> |
| |
|
| |
<li><h3><font color=#e00000><strong>Cryptography</strong></font></h3><p> |
| |
|
| |
And of course, since the OpenBSD project is based in Canada, it is possible |
| |
for us to integrate cryptography. For more information, read the page |
| |
outlying <a href=crypto.html>what we have done with cryptography</a>.</p> |
| |
|
| |
<li><h3><font color=#e00000><strong>Advisories</strong></font></h3><p> |
| |
|
| |
<dl> |
| |
|
| |
<li> |
| <a name=25></a> |
<a name=25></a> |
| <p> |
|
| <h3><font color=#e00000><strong>OpenBSD 2.5 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.5 Security Advisories</strong></font></h3> |
| These are the OpenBSD 2.5 advisories -- all these problems are solved |
These are the OpenBSD 2.5 advisories -- all these problems are solved |
| in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
|
| with the -S flag, when called by nroff(1) (patch included).</a> |
with the -S flag, when called by nroff(1) (patch included).</a> |
| </ul> |
</ul> |
| |
|
| <a name=24></a> |
|
| <p> |
<p> |
| |
<li> |
| |
<a name=24></a> |
| <h3><font color=#e00000><strong>OpenBSD 2.4 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.4 Security Advisories</strong></font></h3> |
| These are the OpenBSD 2.4 advisories -- all these problems are solved |
These are the OpenBSD 2.4 advisories -- all these problems are solved |
| in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
|
| bug in the TCP decoding kernel. (patch included).</a> |
bug in the TCP decoding kernel. (patch included).</a> |
| </ul> |
</ul> |
| |
|
| <a name=23></a> |
|
| <p> |
<p> |
| |
<li> |
| |
<a name=23></a> |
| <h3><font color=#e00000><strong>OpenBSD 2.3 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.3 Security Advisories</strong></font></h3> |
| These are the OpenBSD 2.3 advisories -- all these problems are solved |
These are the OpenBSD 2.3 advisories -- all these problems are solved |
| in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
|
|
| if IPSEC is enabled (patch included).</a> |
if IPSEC is enabled (patch included).</a> |
| </ul> |
</ul> |
| |
|
| <a name=22></a> |
|
| <p> |
<p> |
| |
<li> |
| |
<a name=22></a> |
| <h3><font color=#e00000><strong>OpenBSD 2.2 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.2 Security Advisories</strong></font></h3> |
| These are the OpenBSD 2.2 advisories. All these problems are solved |
These are the OpenBSD 2.2 advisories. All these problems are solved |
| in <a href=23.html>OpenBSD 2.3</a>. Some of these problems |
in <a href=23.html>OpenBSD 2.3</a>. Some of these problems |
|
|
| (patch included).</a> |
(patch included).</a> |
| </ul> |
</ul> |
| |
|
| <a name=21></a> |
|
| <p> |
<p> |
| |
<li> |
| |
<a name=21></a> |
| <h3><font color=#e00000><strong>OpenBSD 2.1 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.1 Security Advisories</strong></font></h3> |
| These are the OpenBSD 2.1 advisories. All these problems are solved |
These are the OpenBSD 2.1 advisories. All these problems are solved |
| in <a href=22.html>OpenBSD 2.2</a>. Some of these problems still |
in <a href=22.html>OpenBSD 2.2</a>. Some of these problems still |
|
|
| <li><a href=advisories/procfs>Jun 24, 1997: Procfs flaws (patch included)</a> |
<li><a href=advisories/procfs>Jun 24, 1997: Procfs flaws (patch included)</a> |
| </ul> |
</ul> |
| |
|
| |
<p> |
| |
<li> |
| |
<a name=20></a> |
| <h3><font color=#e00000><strong>OpenBSD 2.0 Security Advisories</strong></font></h3> |
<h3><font color=#e00000><strong>OpenBSD 2.0 Security Advisories</strong></font></h3> |
| These are the OpenBSD 2.0 advisories. All these problems are solved |
These are the OpenBSD 2.0 advisories. All these problems are solved |
| in <a href=21.html>OpenBSD 2.1</a>. Some of these problems still |
in <a href=21.html>OpenBSD 2.1</a>. Some of these problems still |
|
|
| and we'll put them up here. |
and we'll put them up here. |
| </ul> |
</ul> |
| |
|
| |
</dl> |
| <p> |
<p> |
| <h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
|
| |
<a name=watching></a> |
| |
<li><h3><font color=#e00000><strong>Watching our Changes</strong></font></h3><p> |
| |
|
| Since we take a proactive stance with security, we are continually |
Since we take a proactive stance with security, we are continually |
| finding and fixing new security problems. Not all of these problems |
finding and fixing new security problems. Not all of these problems |
| get widely reported because (as stated earlier) many of them are not |
get widely reported because (as stated earlier) many of them are not |
|
|
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
| <h3><font color=#e00000><strong>Other Resources</strong></font></h3> |
<li><h3><font color=#e00000><strong>Reporting problems</strong></font></h3><p> |
| |
|
| <p> If you find a new security problem, you can mail it to |
<p> If you find a new security problem, you can mail it to |
| <a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
| <br> |
<br> |
| If you wish to PGP encode it (but please only do so if privacy is very |
If you wish to PGP encode it (but please only do so if privacy is very |
| urgent, since it is inconvenient) use this <a href=advisories/pgpkey>pgp key</a>. |
urgent, since it is inconvenient) use this <a href=advisories/pgpkey>pgp key</a>. |
| |
|
| |
</dl> |
| |
|
| <hr> |
<hr> |
| <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
<a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www