Return to security.html CVS log

Up to [local] / www

Annotation of www/security.html, Revision 1.14

1.1       deraadt     1: <!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
                      2: <html>
                      3: <head>
                      4: <title>OpenBSD</title>
                      5: <link rev=made href=mailto:www@openbsd.org>
                      6: <meta name="resource-type" content="document">
                      7: <meta name="description" content="OpenBSD advisories">
                      8: <meta name="keywords" content="openbsd,main">
                      9: <meta name="distribution" content="global">
                     10: <meta name="copyright" content="This document copyright 1997 by OpenBSD.">
                     11: </head>
                     12:
                     13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
                     14:
1.2       deraadt    15: <img alt="[OpenBSD]" SRC="/images/smalltitle.gif">
1.1       deraadt    16:
1.2       deraadt    17: <p>
1.12      deraadt    18: <h3><font color=#e00000><strong>OpenBSD Security Views</strong></font></h3>
1.14    ! deraadt    19: OpenBSD believes in strong security.  Our aspiration is to be NUMBER
        !            20: ONE in the industry for security.  Due to our open software
        !            21: development model, we are able to take a more uncompromising view
        !            22: towards increasing security than Sun, SGI, IBM, HP, or other vendors
        !            23: are able to.
1.12      deraadt    24:
                     25: <p>
1.13      deraadt    26: Like most members of the
                     27: <a href=http://www.geek-girl.com/bugtraq/index.html>
                     28: BUGTRAQ mailing list (which rarely sees OpenBSD security reports
                     29: these days :-)</a>,
                     30: we believe in full disclosure of security problems.  We have found
                     31: that the coding of proper fixes to security problems typically only
                     32: requires about 4-5 minutes of coding.  Thus we typically have fixes
                     33: available extremely quickly.
                     34:
                     35: <p>
1.12      deraadt    36: Our security auditing team typically has between six and twelve
                     37: members, and most of us continually search for and fix security holes.
                     38: We have been auditing for approximately two years.  The process we
                     39: followed to increase security was simply a comprehensive file-by-file
                     40: analysis of every critical software component.  Flaws were found in
                     41: just about every area of the system.  Entire new classes of security
                     42: problems were found while we were doing the audit, and in many cases
                     43: source code which had been audited earlier had to be re-audited with
                     44: these new flaws in mind.
                     45:
                     46: <p>
1.14    ! deraadt    47: The auditing process is not over yet, and as you can see we continue
        !            48: to find and fix new security flaws.
1.12      deraadt    49:
                     50: <p>
                     51: <h3><font color=#e00000><strong>OpenBSD 2.1 Security Advisories</strong></font></h3>
1.11      deraadt    52: These are the OpenBSD 2.1 advisories.  All these problems are solved
                     53: in OpenBSD 2.2.  Some of these problems still exist in other
1.1       deraadt    54: operating systems.
                     55:
                     56: <ul>
1.11      deraadt    57: <li><a href=rfork>Rfork() system call flaw (patch included)</a>
                     58: <li><a href=procfs>Procfs flaws (patch included)</a>
                     59: <li><a href=signals>Deviant Signals (patch included)</a>
1.9       deraadt    60: </ul>
                     61:
                     62: <p>
1.12      deraadt    63: <h3><font color=#e00000><strong>OpenBSD 2.2 Security Advisories</strong></font></h3>
1.11      deraadt    64: These are the OpenBSD 2.2 advisories.  All these problems are
1.9       deraadt    65: solved in OpenBSD current.  Some of these problems still exist in other
1.14    ! deraadt    66: operating systems.
1.9       deraadt    67:
                     68: <ul>
1.11      deraadt    69: <li><a href=/errata.html#f00f>Intel P5 f00f lockup (patch included)</a>
                     70: <li><a href=/errata.html#sourceroute>
                     71:        Sourcerouted Packet Acceptance (patch included)</a>
                     72: <li><a href=/errata.html#ruserok>Setuid coredump & Ruserok() flaw (patch included)</a>
                     73: <li><a href=/errata.html#mmap>Read-write mmap() flaw (patch included)</a>
1.1       deraadt    74: </ul>
                     75:
1.9       deraadt    76: <p>
1.12      deraadt    77: <h3><font color=#e00000><strong>Other Resources</strong></font></h3>
1.3       deraadt    78: Other security advisories that have (in the past) affected OpenBSD can
1.4       deraadt    79: be found at the <a href=http://www.secnet.com/nav1.html>Secure Networks archive</a>.
1.3       deraadt    80:
1.5       deraadt    81: <p> If you find a new security problem, you can mail it to
1.6       deraadt    82: <a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>.
1.7       deraadt    83: <br>
1.5       deraadt    84: If you wish to PGP encode it (but please only do so if privacy is very
                     85: urgent, since it is inconvenient) use this <a href=pgpkey>pgp key</a>.
                     86:
1.2       deraadt    87: <hr>
1.1       deraadt    88: <font size="-1">
1.2       deraadt    89: <em>This site Copyright &copy; 1996, 1997 OpenBSD.</em><br>
1.14    ! deraadt    90: $OpenBSD: index.html,v 1.13 1998/02/19 12:29:40 deraadt Exp $
1.1       deraadt    91: </font>
                     92:
                     93: </BODY>
                     94: </HTML>