OpenBSD launches latest release

Despite some lost funding, open source development organization OpenBSD unveiled the latest version of its operating system on Thursday, OpenBSD 3.3, boasting enhanced security features and increased hardware support.

The enhancements come as a result of $2.3 million in funding provided by the U.S. Defense Advanced Research Projects Agency (DARPA). Last month, DARPA announced it had suspended a contract with the OpenBSD project, citing “world events” as a reason for the cancelled funding.

The withdrawal of funding came just days after OpenBSD Project Leader Theo de Raadt was quoted in a Canadian newspaper as opposing the U.S.-led war in Iraq. DARPA denied any connection between Raadt’s comments and its decision to pull funding for the project.

Release 3.3 comes fully loaded with security as top priority. It integrates the ProPolice stack protection technology developed by Hiroaki Etoh, enabling function prologues to be modified to rearrange the stack. With the technology, a random “canary” is placed before the return address and buffer variables are moved closer to the canary, making it more difficult for an attacker to change return addresses when returning from a function.

The release also features a fine-grained memory permissions layout to ensure that memory written to by application programs cannot be executable at the same time. This aims to prevent attackers from writing code anywhere in memory where it can be executed, and minimizes the risk of buffer overflows and other attacks. In addition, release 3.3’s X window server and xconsole now enforce privilege separation.

The OpenBSD software project also announced enhancements to its packet filter including queue, a bandwidth management system, and anchors, allowing for rule sets that can be loaded and modified independently. Also new to the packet filter are support for TCP window scaling, and spamd, a spam deferral daemon that blocks spam while informing spammers of why their mail has been rejected. The packet filter also loads rule sets faster than previous versions.

OpenBSDis developed by volunteers and is available for free. The software supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS and HP-UX.