version 1.109, 1999/09/22 06:02:04 |
version 1.110, 1999/09/22 18:33:46 |
|
|
</head> |
</head> |
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E"> |
|
|
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
<img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif"> |
<hr> |
|
|
|
<p> |
<p> |
<h2><font color=#e00000><strong>Security</strong></font></h2> |
<h2><font color=#e00000>Security</font><hr></h2> |
|
|
<strong>Index</strong><br> |
<strong>Index</strong><br> |
<a href=#goals>Security goals of the Project</a>.<br> |
<a href=#goals>Security goals of the Project</a>.<br> |
|
|
|
|
<dl> |
<dl> |
<a name=goals></a> |
<a name=goals></a> |
<li><h3><font color=#e00000><strong>Goal</strong></font></h3><p> |
<li><h3><font color=#e00000>Goal</font></h3><p> |
|
|
OpenBSD believes in strong security. Our aspiration is to be NUMBER |
OpenBSD believes in strong security. Our aspiration is to be NUMBER |
ONE in the industry for security (if we are not already there). Our |
ONE in the industry for security (if we are not already there). Our |
|
|
fixing security problems.<p> |
fixing security problems.<p> |
|
|
<a name=disclosure></a> |
<a name=disclosure></a> |
<li><h3><font color=#e00000><strong>Full Disclosure</strong></font></h3><p> |
<li><h3><font color=#e00000>Full Disclosure</font></h3><p> |
|
|
Like many readers of the |
Like many readers of the |
<a href=http://www.securityfocus.com/bugtraq/archive> |
<a href=http://www.securityfocus.com/bugtraq/archive> |
|
|
turnaround is possible. Thus we think that full disclosure helps the |
turnaround is possible. Thus we think that full disclosure helps the |
people who really care about security.<p> |
people who really care about security.<p> |
|
|
<li><h3><font color=#e00000><strong>Audit Process</strong></font></h3><p> |
<li><h3><font color=#e00000>Audit Process</font></h3><p> |
|
|
Our security auditing team typically has between six and twelve |
Our security auditing team typically has between six and twelve |
members who continue to search for and fix new security holes. We |
members who continue to search for and fix new security holes. We |
|
|
managed such a success is the lpd advisory that Secure Networks put out. |
managed such a success is the lpd advisory that Secure Networks put out. |
<p> |
<p> |
|
|
<li><h3><font color=#e00000><strong>The Reward</strong></font></h3><p> |
<li><h3><font color=#e00000>The Reward</font></h3><p> |
|
|
Our proactive auditing process has really paid off. Statements like |
Our proactive auditing process has really paid off. Statements like |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
``This problem was fixed in OpenBSD about 6 months ago'' have become |
|
|
to find and fix new security flaws.<p> |
to find and fix new security flaws.<p> |
|
|
<a name=default></a> |
<a name=default></a> |
<li><h3><font color=#e00000><strong>"Secure by Default"</strong></font></h3><p> |
<li><h3><font color=#e00000>"Secure by Default"</font></h3><p> |
|
|
To ensure that novice users of OpenBSD do not need to become security |
To ensure that novice users of OpenBSD do not need to become security |
experts overnight (a viewpoint which other vendors seem to have), we |
experts overnight (a viewpoint which other vendors seem to have), we |
|
|
by default, creating instantaneous security problems for their users |
by default, creating instantaneous security problems for their users |
within minutes after their first install.<p> |
within minutes after their first install.<p> |
|
|
<li><h3><font color=#e00000><strong>Cryptography</strong></font></h3><p> |
<li><h3><font color=#e00000>Cryptography</font></h3><p> |
|
|
And of course, since the OpenBSD project is based in Canada, it is possible |
And of course, since the OpenBSD project is based in Canada, it is possible |
for us to integrate cryptography. For more information, read the page |
for us to integrate cryptography. For more information, read the page |
outlying <a href=crypto.html>what we have done with cryptography</a>.</p> |
outlying <a href=crypto.html>what we have done with cryptography</a>.</p> |
|
|
<li><h3><font color=#e00000><strong>Advisories</strong></font></h3><p> |
<li><h3><font color=#e00000>Advisories</font></h3><p> |
|
|
<dl> |
<dl> |
|
|
<li> |
<li> |
<a name=25></a> |
<a name=25></a> |
|
|
<h3><font color=#e00000><strong>OpenBSD 2.5 Security Advisories</strong></font></h3> |
<h3><font color=#e00000>OpenBSD 2.5 Security Advisories</font></h3> |
These are the OpenBSD 2.5 advisories -- all these problems are solved |
These are the OpenBSD 2.5 advisories -- all these problems are solved |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
OpenBSD 2.4 advisories listed below are fixed in OpenBSD 2.5. |
OpenBSD 2.4 advisories listed below are fixed in OpenBSD 2.5. |
|
|
<p> |
<p> |
<li> |
<li> |
<a name=24></a> |
<a name=24></a> |
<h3><font color=#e00000><strong>OpenBSD 2.4 Security Advisories</strong></font></h3> |
<h3><font color=#e00000>OpenBSD 2.4 Security Advisories</font></h3> |
These are the OpenBSD 2.4 advisories -- all these problems are solved |
These are the OpenBSD 2.4 advisories -- all these problems are solved |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
OpenBSD 2.3 advisories listed below are fixed in OpenBSD 2.4. |
OpenBSD 2.3 advisories listed below are fixed in OpenBSD 2.4. |
|
|
<p> |
<p> |
<li> |
<li> |
<a name=23></a> |
<a name=23></a> |
<h3><font color=#e00000><strong>OpenBSD 2.3 Security Advisories</strong></font></h3> |
<h3><font color=#e00000>OpenBSD 2.3 Security Advisories</font></h3> |
These are the OpenBSD 2.3 advisories -- all these problems are solved |
These are the OpenBSD 2.3 advisories -- all these problems are solved |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
in <a href=anoncvs.html>OpenBSD current</a>. Obviously, all the |
OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3. |
OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3. |
|
|
<p> |
<p> |
<li> |
<li> |
<a name=22></a> |
<a name=22></a> |
<h3><font color=#e00000><strong>OpenBSD 2.2 Security Advisories</strong></font></h3> |
<h3><font color=#e00000>OpenBSD 2.2 Security Advisories</font></h3> |
These are the OpenBSD 2.2 advisories. All these problems are solved |
These are the OpenBSD 2.2 advisories. All these problems are solved |
in <a href=23.html>OpenBSD 2.3</a>. Some of these problems |
in <a href=23.html>OpenBSD 2.3</a>. Some of these problems |
still exist in other operating systems. (The supplied patches are for |
still exist in other operating systems. (The supplied patches are for |
|
|
<p> |
<p> |
<li> |
<li> |
<a name=21></a> |
<a name=21></a> |
<h3><font color=#e00000><strong>OpenBSD 2.1 Security Advisories</strong></font></h3> |
<h3><font color=#e00000>OpenBSD 2.1 Security Advisories</font></h3> |
These are the OpenBSD 2.1 advisories. All these problems are solved |
These are the OpenBSD 2.1 advisories. All these problems are solved |
in <a href=22.html>OpenBSD 2.2</a>. Some of these problems still |
in <a href=22.html>OpenBSD 2.2</a>. Some of these problems still |
exist in other operating systems. (If you are running OpenBSD 2.1, we |
exist in other operating systems. (If you are running OpenBSD 2.1, we |
|
|
<p> |
<p> |
<li> |
<li> |
<a name=20></a> |
<a name=20></a> |
<h3><font color=#e00000><strong>OpenBSD 2.0 Security Advisories</strong></font></h3> |
<h3><font color=#e00000>OpenBSD 2.0 Security Advisories</font></h3> |
These are the OpenBSD 2.0 advisories. All these problems are solved |
These are the OpenBSD 2.0 advisories. All these problems are solved |
in <a href=21.html>OpenBSD 2.1</a>. Some of these problems still |
in <a href=21.html>OpenBSD 2.1</a>. Some of these problems still |
exist in other operating systems. (If you are running OpenBSD 2.0, we |
exist in other operating systems. (If you are running OpenBSD 2.0, we |
|
|
<p> |
<p> |
|
|
<a name=watching></a> |
<a name=watching></a> |
<li><h3><font color=#e00000><strong>Watching our Changes</strong></font></h3><p> |
<li><h3><font color=#e00000>Watching our Changes</font></h3><p> |
|
|
Since we take a proactive stance with security, we are continually |
Since we take a proactive stance with security, we are continually |
finding and fixing new security problems. Not all of these problems |
finding and fixing new security problems. Not all of these problems |
|
|
</ul> |
</ul> |
|
|
<p> |
<p> |
<li><h3><font color=#e00000><strong>Reporting problems</strong></font></h3><p> |
<li><h3><font color=#e00000>Reporting problems</font></h3><p> |
|
|
<p> If you find a new security problem, you can mail it to |
<p> If you find a new security problem, you can mail it to |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
|
|
|
|
<p> |
<p> |
<a name=papers></a> |
<a name=papers></a> |
<li><h3><font color=#e00000><strong>Further Reading</strong></font></h3><p> |
<li><h3><font color=#e00000>Further Reading</font></h3><p> |
|
|
A number of papers have been written by OpenBSD team members, about security |
A number of papers have been written by OpenBSD team members, about security |
related changes they have done in OpenBSD. The postscript versions of these |
related changes they have done in OpenBSD. The postscript versions of these |