- Security
- Whats New in 3.9?
- Money and a Free OS
- Why Should I Care?
- The Future of OpenBSD
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Why Should I Care?
If you run OpenBSD, then you receive the benefit of an easy-to-use UNIX system with a professional level of code quality and security review. Even if you don’t use OpenBSD directly, there are several ways in which you can benefit from the project’s continued existence. Marco explains some of these:
"Lots of people do not realize the impact of OpenBSD on the general open source community. OpenBSD is a very harsh environment for applications due to its stringent security features. The net result of this is that applications fail in OpenBSD while they ’run’ in other OSes. Whenever possible, OpenBSD folks will report and fix this to the upstream developers. The reason why security features in other OSes fail is because they end up disabled; as an example, disabling SELinux is trivial and users who need to run a broken app will do so in favor of getting the application actually fixed."
One example of this is the X.org X server. This is standard on most Linux distributions and several commercial UNIXes. A recent release of OpenBSD included a new malloc implementation, which was more aggressive in catching write-after-free errors. This caused the X server to consistently crash on startup. The bug was eventually traced back to some code that was more than 10 years old. This had been producing intermittent crashes on other platforms throughout the years, but had not been fixed because it was very hard to consistently reproduce. Marco points out the downside of this:
"A sad statistic in all this is that we have been accused of all kinds of ugly things; the often mentioned reason is, ’Well, it works on Linux!’ These folks completely ignore the fact that the app is simply broken and needs patching."
This philosophy is part of the security mentality of the OpenBSD team. The members believe that if something is broken, then it should break, ideally in an easy-to-fix way. A program that continues operating in a way that is not what the developer intended is a potential security risk.
Even if you somehow manage to avoid using any third-party software that has benefited from OpenBSD-supplied bug fixes, the odds are that you have used OpenSSH. To quote Marco:
"OpenSSH is, bar none, the most used open source application on the planet. People don’t even realize how much they rely on this magnificent piece of code. It is deployed in every free and non-free UNIX, and it runs on virtually all routers, switches, and other networking products."
Critics have suggested that OpenSSH and OpenBSD should be funded separately. This is not really a plausible option. OpenSSH is developed by OpenBSD developers, and is an integral part of the OpenBSD user land. It is so well respected because it receives the same level of security review as the rest of the system and testing in the harsh environment of OpenBSD.