|
|||
Security by default
Hi all,
Can anyone explain me this features: # strlcpy() and strlcat() # Memory protection purify * W^X * .rodata segment * Guard pages * Randomized malloc() * Randomized mmap() * atexit() and stdio protection # Privilege separation # Privilege revocation # Chroot jailing # New uids # ProPolice becouse I don't understand very well from official site. Best regards. |
|
|||
This is complicated to answer, several papers exist which explain the security features implemented in OpenBSD.
The developer Matthieu Herrb wrote one such paper for h2k9, it's listed at http://www.openbsd.org/papers/. A Wikipedia article also exists, but, make sure you follow the references, as you have quite a lot of reading to do. http://en.wikipedia.org/wiki/OpenBSD_security_features |
|
||||
Welcome.
The OpenBSD project is small. The target audience for the operating system is the project developers themselves. They just happen to make all source code open to anyone to do as they please (as long as copyright notices are preserved). The project does not have an extensive support structure in place, so users of the operating system are expected to be able to find their own answers. While many may interpret this to mean that Google is the solution to all problems, it is not. Having knowledge of what documentation the project makes available, & taking the time to study it in earnest marks successful users. As someone new to OpenBSD, you should study the project's official FAQ & official mailing list archives for answers to your questions. Understanding OpenBSD means understanding its culture. All conversation on technical matters quickly turn to the most authoritative source held by the project -- its manpages. As noted earlier, your questions are very open-ended. Given that this is your first message at this site, we do not know what is your background or understanding to the Unix world & way of thinking. Consequently, I will give short answers to most of your questions. This may or may not be sufficient for you needs. You are invited to respond with more specific questions, but be forewarned that you should do your homework first. Study the information provided. Read through the FAQ. Doing anything less is short-changing yourself & your troubleshooting abilities. You are also invited to read the following thread which gives information on how to ask effective questions: http://www.daemonforums.org/showthread.php?t=596 Quote:
Quote:
Quote:
http://en.wikipedia.org/wiki/Data_segment Quote:
http://www.openbsd.org/papers/auug04/index.html Again, follow-up questions are encouraged, but you will be doing yourself a favor by taking the time to study the information provided first. |
|
|||
Thank you so muck for the info ocicat and BSDfan666.
I am a OpenBSD sysadmin I use many years OpenBSD but never research about this security features, so thanks again for the info again. If any one have more examples or papers, the are wellcome. Best regards |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Default terminal color | disappearedng | FreeBSD General | 5 | 21st February 2012 01:28 AM |
how APM & ACPI duke it out to be the default | ocicat | OpenBSD General | 0 | 23rd June 2009 04:05 AM |
Default message coloration | cyril | OpenBSD Installation and Upgrading | 5 | 6th June 2009 02:13 PM |
apache 2.2.8 , is it on chroot by default? | superslot | OpenBSD Security | 9 | 30th June 2008 11:56 AM |
is default security applied? | BFlatMinor | OpenBSD Security | 7 | 21st June 2008 03:36 PM |