- Like many computer software topics, it is all about solving problems.
- Security within software is one of the most important parts.
- The purpose here is to secure applications to reduce the surface of attack vectors.
- Today we will be focusing in one particular solution.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OpenBSD is originally a fork of NetBSD from 1995. | |
Theo de Raadt who is the founder, was before a NetBSD developer until he eventually resigned due to strong disagreements with the rest of the Core Team. | |
1/ What makes OpenBSD different from other main *BSD ? | |
- OpenBSD focuses more on security, striving through the releases to defeat most of incoming attacks and security threats, | |
rather than pure performances and portability. | |
- "Softwares will never be perfect" is the main motto from Theo himself, hence it is always an ongoing work. Most of security features are enabled by default, some cannot be possibly disabled (e.g. ASLR). | |
- Similarly, apart of security, new features are rather applied in the longer term. | |
- A release every 6 month, a release officially supported for 1 year (security fixes/errata backported). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <sys/capsicum.h> | |
#include <stdio.h> | |
#include <string.h> | |
#include <errno.h> | |
int | |
main(int argc, char *argv[]) | |
{ | |
int c, errs; | |
u_int mod; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <sys/prctl.h> | |
#include <seccomp.h> | |
#include <fcntl.h> | |
#include <unistd.h> | |
#include <errno.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> |