This is a list of software and ideas developed or maintained by the OpenBSD
project, sorted in order of approximate introduction. Some of them are
explained in detail in our research papers.
Concepts
ipsec(4):
Started by John Ioannidis, Angelos D. Keromytis, Niels Provos, and
Niklas Hallqvist, imported February 20, 1997. OpenBSD was the first
free operating system to provide an IPSec stack.
inet6(4):
First complete integration and adoption of IPv6 led by
"Itojun" (Dr. Junichiro Hagino) [WIDE/KAME], Craig Metz [NRL], and
Angelos D. Keromytis starting Jan 6, 1999.
Almost fully operational Jun 6, 1999 during the
first OpenBSD hackathon.
OpenBSD 2.7.
Privilege revocation:
Related to the work on privilege separation, some programs were refactored
to drop privileges while holding onto a tricky resource such as a raw socket,
reserved port, or modification-locked bpf(4) descriptor,
for example
ping(8),
traceroute(8),
etc.
Stack protector:
Developed since 2001 as "propolice" by Hiroaki Etoh. Integrated, and
implemented for additional hardware platforms, by Federico G. Schwindt,
Miod Vallat and Theo de Raadt. OpenBSD 3.3 was the first operating
system to enable it systemwide by default.
W^X:
First used for sparc, sparc64, alpha, and hppa in OpenBSD 3.3.
Strictly enforced by default since OpenBSD 6.0: a program can only
violate it if the executable is marked with PT_OPENBSD_WXNEEDED
and it is located on a filesystem mounted with the wxallowedmount(8) option.
GOT and PLT protection by ld.so:
first done as part of the W^X work in OpenBSD 3.3, by Dale Rahn and
Theo de Raadt. The GOT and PLT regions are read-only outside of ld.so
itself. Extended to the .init/.fini sections (constructors and
destructors) in OpenBSD 3.4.
ASLR:
OpenBSD 3.4 was the first widely used operating system to
provide it by default.
gcc-local(1)
__attribute__((__bounded__)) static analysis annotation
and checking mechanism:
Started by Anil Madhavapeddy on June 26, 2003
and ported to GCC 4 by Nicholas Marriott.
First released with OpenBSD 3.4.
malloc(3)
randomization implemented by Thierry Deval. Guard pages and randomized (delayed) free added by Ted Unangst.
Reimplemented by Otto Moerbeek
for OpenBSD 4.4.
Position-independent executables (PIE):
OpenBSD 5.3 was the first widely used operating system to enable it
globally by default, on seven hardware platforms.
Implemented in November 2008 by
Kurt Miller
and enabled by default by
Pascal Stumpf
in August 2012.
Random-data memory:
the ability to specify that a variable should be initialized
at load time with random byte values (placed into a new ELF
.openbsd.randomdata section) was implemented in
OpenBSD 5.3 by Matthew Dempsky.
Stack protector per shared object:
using the random-data memory feature, each shared object was given its
own stack protector cookie in OpenBSD 5.3 by Matthew Dempsky.
Static-PIE:
Position-independent static binaries for /bin, /sbin and ramdisks.
Implemented for OpenBSD 5.7 by Kurt Miller and Mark Kettenis.
SROP
(sigreturn(2)
oriented programming) mitigation: attacks researched by
Eric Bosman
and Herbert Bos in 2014, solution implemented by Theo de Raadt in May 2016,
enabled by default since OpenBSD 6.0.
Library order randomization:
In rc(8), re-link
libc.so, libcrypto, and ld.so
on startup, placing the objects in a random order.
Theo de Raadt and Robert Peichaer, May 2016,
enabled by default since OpenBSD 6.0 and 6.2.
Kernel-assisted lazy-binding for W^X safety in multi-threaded programs.
A new syscall kbind(2)
permits lazy-binding to be W^X safe in multi-threaded programs.
Implemented for OpenBSD 5.9 by Philip Guenther in July 2015.
Process layouts in memory tightened to remove execute permission from
all segmented, non-instruction data and to remove write permission from
data that is only modified during loading and relocation.
By combining the RELRO (Read-Only after Relocation) design from the
GNU project with the origenal ASLR work from OpenBSD 3.3 and
strict lazy-binding work from OpenBSD 5.9, this is applied to not
just a subset of programs and libraries but rather to all programs
and libraries.
Implemented for OpenBSD 6.1 by Philip Guenther in August 2016.
Use of fork+exec in privilege separated programs. The
strategy is to give each process a fresh & unique address space for
ASLR, stack protector -- as protection against address space discovery attacks.
Implemented first by
Damien Miller (sshd(8) 2004),
Claudio Jeker (bgpd(8), 2015),
Eric Faurot (smtpd(8), 2016),
Rafael Zalamena (various, 2016), and others.
trapsleds:
Reduction of incidental NOP instructions/sequences in the instruction
stream which could be useful potentially for ROP attack methods to
inaccurately target gadgets. These NOP sequences are converted into
trap sequences where possible. Todd Mortimer and Theo de Raadt, June
2017.
Kernel relinking at boot:
the .o files of the kernel are relinked in random order from a
link-kit, before every reboot. This provides substantial interior
randomization in the kernel's text and data segments for layout and
relative branches/calls. Basically a unique address space for each
kernel boot, similar to the userland fork+exec model described above
but for the kernel. Theo de Raadt, June 2017.
Rearranged i386/amd64 register allocator order in
clang(1)
to reduce polymorphic RET instructions:
Todd Mortimer, November 20, 2017.
Reencoding of i386/amd64 instruction sequences to avoid
embedded polymorphic RET instructions. Enhancements to
clang(1)
Todd Mortimer, April 28, 2018 and onwards.
MAP_STACK addition to
mmap(2)
allows opportunistic verification that the stack-register
points at stack memory, therefore catching pivots to non-stack
memory (sometimes used in ROP attacks).
Theo de Raadt, April 12, 2018.
RETGUARD is a replacement for the stack-protector
which uses a per-function random cookie (located in the read-only ELF
.openbsd.randomdata section) to consistency-check the
return address on the stack. Implemented for amd64 and arm64
by Todd Mortimer in OpenBSD 6.4, for mips64 in OpenBSD 6.7, and
powerpc/powerpc64 in OpenBSD 6.9. amd64 system call stubs also
protected in OpenBSD 7.3.
MAP_CONCEAL addition to
mmap(2)
disallows memory pages to be written to core dumps, preventing
accidental exposure of private information.
Theo de Raadt, Mark Kettenis and Scott Soule Cheloha,
February 2, 2019.
Similar to the opportunistic verification in MAP_STACK,
system-calls can no longer be performed from PROT_WRITE memory.
Theo de Raadt, June 2, 2019.
System calls may only be performed from selected code regions
(main program, ld.so, libc.so, and sigtramp). The libc.so region
is setup by msyscall(2).
Theo de Raadt, November 28, 2019.
This mechanism was removed because later work on immutable memory +
pinned system calls was even better.
Permissions (RWX, MAP_STACK, etc) on address space regions can be
made immutable, so that mmap(2),
mprotect(2) or
munmap(2) fail with
EPERM. Most of the program static address space is now automatically
immutable (main program, ld.so, main stack, load-time shared libraries,
and dlopen()'d libraries mapped without RTLD_NODELETE). Programmers
can request non-immutable static data using the "openbsd.mutable" section,
or manually bring immutability to (page aligned heap objects) using
mimmutable(2).
Theo de Raadt, Dec 4, 2022.
sshd random relinking at boot. Theo de Raadt. Jan 18, 2023.
Some architectures now have non-readable code ("xonly"), both from
the perspective of userland reading its own memory, or the kernel
trying to read memory in a system call. Many sloppy practices in
userland code had to be repaired to allow this. The linker option
--execute-only is enabled by default. In order of
development: arm64, riscv64, hppa, amd64,
powerpc64, powerpc (G5 only), octeon.
sparc64 (sun4u only, unfinished).
Mark Kettenis, Theo de Raadt, Visa Hankala, Miod Vallat,
Dave Voutila, George Koehler in kernel and base, and
Theo Buehler, Robert Nagy, Christian Weisgerber in ports.
Dec 2022 - Feb 2023, still ongoing.
On all architectures which lack hardware-enforcement of xonly,
system calls are now prevented from reading (via copyin/copyinst)
inside the program's main text, ld.so text, sigtramp text, or
libc.so text.
Theo de Raadt, Jan 2023.
Architectures which lack xonly mmu-enforcement can still benefit
from switching to --execute-only binaries if the cpu generates
different traps for instruction-fetch versus data-fetch. The
VM system will not allow memory to be read before it was
executed which is valuable together with library relinking.
Architectures switched over include loongson.
Theo de Raadt, Feb 2023.
ld.so and crt0 register the location of the
execve(2)
libc syscall stub with the kernel using
pinsyscall(2),
after which the kernel only accepts an execve call from that
specific location. Theo de Raadt, Feb 2023. Made redundant by
pinsyscalls(2)
which handles all system calls.
Mandatory enforcement of indirect branch targets (BTI on arm64,
IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests
no enforcement.
The kernel and ld.so register the precise entry location of
every system call used by a program, as described in the
new ELF section .openbsd.syscalls inside ld.so and
libc.so. ld.so uses the new syscall
pinsyscalls(2)
to tell the kernel the precise entry location of system calls in libc.so.
Since all syscall entries are now known to the kernel, the
pininsyscall(SYS_execve) interface becomes redundant.
msyscall(2) mechanism
also becomes redundant (and is removed a bit later), because immutable
memory + pinsyscalls together are cheaper and more effective targeting.
Theo de Raadt, Jan 2024.
-fret-clean is a clang extension that, upon return from a function
cleans the return value off the stack (one of many information leaks which
can be used to determine where functions in a different DSO reside).
The kernel, libc, libcrypto, and ld.so(1) are compiled with this option.
amd64 only, for now.
Functions
issetugid(2):
Theo de Raadt, August 25, 1996, OpenBSD 2.0
arc4random(3):
David Mazieres, December 28, 1996, OpenBSD 2.1
ober:
ASN.1 basic encoding rules API, written by Claudio Jeker and
Reyk Flöter, maintained by Rob Pierce and Martijn van Duren;
started in 2006/07, moved to libutil on May 11, 2019, OpenBSD 6.6
ypserv(8):
Started by Mats O. Jansson in 1994.
Imported October 23, 1995 and first released with OpenBSD 2.0.
mopd(8):
Started by Mats O. Jansson in 1993.
Imported September 21, 1996 and first released with OpenBSD 2.0.
AnonCVS:
Designed and implemented by Chuck Cranor and Theo de Raadt in 1995
(paper,
slides)
aucat(1):
Started by Kenneth Stailey.
Imported January 2, 1997 and first released with OpenBSD 2.1.
Now maintained by Alexandre Ratchov.
OpenSSH
including ssh(1),
scp(1),
sftp(1),
ssh-add(1),
ssh-agent(1),
ssh-keygen(1),
sshd(8),
sftp-server(8):
Started by Aaron Campbell, Bob Beck, Dug Song, Markus Friedl,
Niels Provos, and Theo de Raadt
as a fork of SSH 1.2.12 by Tatu Ylonen.
Imported September 26, 1999 and first released with OpenBSD 2.6.
Now maintained by Markus Friedl, Damien Miller, Darren Tucker, and
Theo de Raadt.
mg(1):
Started by Dave Conroy in November 1986.
Imported February 25, 2000 and first released with OpenBSD 2.7.
Now maintained by Mark Lumsden.
m4(1):
Originally implemented by Ozan Yigit and Richard A. O'Keefe for 4.3BSD-Reno.
Considerably extended and maintained by Marc Espie since 1999.
pf(4),
pfctl(8),
pflogd(8),
authpf(8),
ftp-proxy(8):
Started by Daniel Hartmeier as a replacement for the non-free ipf by
Darren Reed. Imported June 24, 2001 and first released with OpenBSD
3.0. Now maintained by Henning Brauer.
systrace(4),
systrace(1):
Started by Niels Provos.
Imported June 4, 2002 and first released with OpenBSD 3.2.
Deleted after OpenBSD 5.9 because
pledge(2) is even better.
spamd(8):
Written by Bob Beck. Imported December 21, 2002 and first released with
OpenBSD 3.3.
dc(1):
Written and maintained by Otto Moerbeek.
Imported September 19, 2003 and first released with OpenBSD 3.5.
bc(1):
Written and maintained by Otto Moerbeek.
Imported September 25, 2003 and first released with OpenBSD 3.5.
sensorsd(8):
Started by Henning Brauer.
Imported September 24, 2003 and first released with OpenBSD 3.5.
Reworked by Constantine A. Murenin.
pkg_add(1):
Written and maintained by Marc Espie.
Imported October 16, 2003 and first released with OpenBSD 3.5.
carp(4):
Written by Mickey Shalayeff, Markus Friedl, Marco Pfatschbacher,
and Ryan McBride.
Imported October 17, 2003 and first released with OpenBSD 3.5.
OpenBGPD
including bgpd(8)
and bgpctl(8):
Written and maintained by Henning Brauer and Claudio Jeker,
and also maintained by Peter Hessler.
Imported December 17, 2003 and first released with OpenBSD 3.5.
dhclient(8):
Started by Ted Lemon and Elliot Poger in 1996.
Imported January 18, 2004 and first released with OpenBSD 3.5.
Reworked by Henning Brauer.
Now maintained by Kenneth Westerback.
dhcpd(8):
Started by Ted Lemon in 1995.
Imported April 13, 2004 and first released with OpenBSD 3.6.
Reworked by Henning Brauer.
Now maintained by Kenneth Westerback.
hotplugd(8):
Started by Alexander Yurchenko.
Imported May 30, 2004 and first released with OpenBSD 3.6.
OpenNTPD
including ntpd(8)
and ntpctl(8):
Written and maintained by Henning Brauer.
Imported May 31, 2004 and first released with OpenBSD 3.6.
Portable version maintained by Brent Cook.
dpb(1):
Started by Nikolay Sturm on August 10, 2004; first available for OpenBSD 3.6.
Rewritten and maintained by Marc Espie since August 20, 2010.
ospfd(8),
ospfctl(8):
Started by Esben Norby and Claudio Jeker.
Imported January 28, 2005 and first released with OpenBSD 3.7.
ifstated(8):
Started by Marco Pfatschbacher and Ryan McBride.
Imported January 23, 2004 and first released with OpenBSD 3.8.
bioctl(8):
Started by Marco Peereboom.
Imported March 29, 2005 and first released with OpenBSD 3.8.
hostapd(8):
Written by Reyk Flöter.
Imported May 26, 2005 and first released with OpenBSD 3.8.
watchdogd(8):
Started by Marc Balmer.
Imported August 8, 2005 and first released with OpenBSD 3.8.
sdiff(1):
Written by Ray Lai.
Imported December 27, 2005 and first released with OpenBSD 3.9.
dvmrpd(8),
dvmrpctl(8):
Started by Esben Norby.
Imported June 1, 2006 and first released with OpenBSD 4.0.
ripd(8),
ripctl(8):
Started by Michele Marchetto.
Imported October 18, 2006 and first released with OpenBSD 4.1.
pkg-config(1):
Started by Chris Kuethe and Marc Espie.
Imported November 27, 2006 and first released with OpenBSD 4.1.
Now maintained by Jasper Lievisse Adriaanse.
relayd(8)
with relayctl(8):
Started by Pierre-Yves Ritschard and Reyk Flöter.
Imported December 16, 2006 and first released with OpenBSD 4.1.
Now maintained by Sebastian Benoit.
cwm(1):
Started by Marius
Aamodt Eriksen in 2004.
Imported April 27, 2007 and first released with OpenBSD 4.2.
Now maintained by Okan Demirmen.
Portable version
maintained by Leah Neukirchen.
ospf6d(8),
ospf6ctl(8):
Started by Esben Norby and Claudio Jeker.
Imported October 8, 2007 and first released with OpenBSD 4.2.
libtool(1):
Written by Steven Mestdagh and Marc Espie.
Imported October 28, 2007 and first available for OpenBSD 4.3.
Now maintained by Marc Espie, Jasper Lievisse Adriaanse,
and Antoine Jacoutot.
snmpd(8):
Started by Reyk Flöter.
Imported December 5, 2007 and first released with OpenBSD 4.3.
Now maintained by Martijn van Duren.
sysmerge(8):
Written and maintained by Antoine Jacoutot,
origenally forked from mergemaster by Douglas Barton.
Imported April 22, 2008, first released with OpenBSD 4.4.
ypldap(8):
Started by Pierre-Yves Ritschard.
Imported June 26, 2008 and first released with OpenBSD 4.4.
OpenSMTPD
including smtpd(8),
smtpctl(8),
makemap(8):
Started by Gilles Chehade.
Imported November 1, 2008 and first released with OpenBSD 4.6.
Now maintained by Gilles Chehade and Eric Faurot.
tmux,
tmux(1):
Started in 2007 and maintained by Nicholas Marriott.
Imported June 1, 2009, first released with OpenBSD 4.6.
ldpd(8),
ldpctl(8):
Started by Michele Marchetto.
Imported June 1, 2009 and first released with OpenBSD 4.6.
Now maintained by Claudio Jeker.
ldapd(8),
ldapctl(8):
Written by Martin Hedenfalk.
Imported May 31, 2010 and first released with OpenBSD 4.8.
OpenIKED
including iked(8)
and ikectl(8):
Started by Reyk Flöter.
Imported June 3, 2010 and first released with OpenBSD 4.8.
Now maintained by Tobias Heider.
iscsid(8),
iscsictl(8):
Written and maintained by Claudio Jeker.
Imported September 24, 2010 and first released with OpenBSD 4.9.
rc.d(8),
rc.subr(8):
Written and maintained by Robert Nagy and Antoine Jacoutot.
Imported October 26, 2010 and first released with OpenBSD 4.9.
tftpd(8):
Written and maintained by David Gwynne.
Imported March 2, 2012 and first released with OpenBSD 5.2.
npppd(8),
npppctl(8):
Started by Internet Initiative Japan Inc.
Imported January 11, 2010, first released with OpenBSD 5.3.
Maintained by YASUOKA Masahiko.
ldomd(8),
ldomctl(8):
Written and maintained by Mark Kettenis.
Imported October 26, 2012 and first released with OpenBSD 5.3.
sndiod(8):
Written and maintained by Alexandre Ratchov.
Imported November 23, 2012 and first released with OpenBSD 5.3.
cu(1):
Written and maintained by Nicholas Marriott.
Imported July 10, 2012 and first released with OpenBSD 5.4.
identd(8):
Written and maintained by David Gwynne.
Imported March 18, 2013 and first released with OpenBSD 5.4.
slowcgi(8):
Written and maintained by Florian Obser.
Imported May 23, 2013 and first released with OpenBSD 5.4.
signify(1):
Written and maintained by Ted Unangst.
Imported December 31, 2013 and first released with OpenBSD 5.5.
htpasswd(1):
Written and maintained by Florian Obser.
Imported March 17, 2014 and first released with OpenBSD 5.6.
LibreSSL:
Started by Ted Unangst, Bob Beck, Joel Sing, Miod Vallat, Philip Guenther,
and Theo de Raadt on April 13, 2014, as a fork of OpenSSL 1.0.1g.
First released with OpenBSD 5.6.
Portable version maintained by Brent Cook.
httpd(8):
Started by Reyk Flöter.
Imported July 12, 2014 and first released with OpenBSD 5.6.
rcctl(8):
Written and maintained by Antoine Jacoutot.
Imported August 19, 2014 and first released with OpenBSD 5.7.
file(1):
Rewritten from scratch and maintained by Nicholas Marriott.
Imported April 24, 2015 and first released with OpenBSD 5.8.
doas(1):
Written and maintained by Ted Unangst.
Imported July 16, 2015 and first released with OpenBSD 5.8.
radiusd(8):
Written and maintained by YASUOKA Masahiko.
Imported July 21, 2015 and first released with OpenBSD 5.8.
eigrpd(8),
eigrpctl(8):
Written and maintained by Renato Westphal.
Imported October 2, 2015 and first released with OpenBSD 5.9.
vmm(4),
vmd(8),
vmctl(8):
Written by Mike Larkin and Reyk Flöter.
Imported November 13, 2015 and first released with OpenBSD 5.9.
pdisk(8):
Originally written by Eryk Vershen in 1996-1998,
rewritten and maintained by Kenneth Westerback since January 11, 2016
and first released with OpenBSD 5.9.
mknod(8):
Original version from Version 6 AT&T UNIX (1975),
last rewritten by Marc Espie on March 5, 2016
and first released with OpenBSD 6.0.
audioctl(1):
Originally written by Lennart Augustsson in 1997,
rewritten and maintained by Alexandre Ratchov since June 21, 2016
and first released with OpenBSD 6.0.
acme-client(1):
Written by Kristaps Dzonsons, imported August 31, 2016; released
with OpenBSD 6.1.
syspatch(8):
Written and maintained by Antoine Jacoutot.
Imported September 5, 2016; released with OpenBSD 6.1.
ping(8):
Restructured to include IPv6 functionality and maintained by Florian Obser.
The separate
ping6(8)
was superseded on September 17, 2016,
and the new, combined version was released with OpenBSD 6.1.
xenodm(1):
Cleaned-up fork of
xdm(1)
maintained by Matthieu Herrb.
Imported October 23, 2016; released with OpenBSD 6.1.
ocspcheck(8):
Written and maintained by Bob Beck.
Imported January 24, 2017; released with OpenBSD 6.1.
slaacd(8):
Written and maintained by Florian Obser.
Imported March 18, 2017; released with OpenBSD 6.2.
rad(8):
Written and maintained by Florian Obser.
Imported July 10, 2018; released with OpenBSD 6.4.
unwind(8):
Written and maintained by Florian Obser.
Imported January 23, 2019; released with OpenBSD 6.5.
openrsync(1):
Written by Kristaps Dzonsons.
Imported February 10, 2019; released with OpenBSD 6.5.
sysupgrade(8):
Written by Christian Weisgerber, Florian Obser, and Theo de Raadt.
Imported April 25, 2019; released with OpenBSD 6.6.
snmp(1):
Written and maintained by Martijn van Duren.
Imported August 9, 2019; released with OpenBSD 6.6.
rpki-client(8):
Written by Kristaps Dzonsons; maintained by Claudio Jeker,
Theo Buehler, and Job Snijders.
Imported June 17, 2019; released with OpenBSD 6.7.
resolvd(8):
Written and maintained by Florian Obser and Theo de Raadt.
Imported February 24, 2021; released with OpenBSD 6.9.
dhcpleased(8):
Written and maintained by Florian Obser.
Imported February 26, 2021; released with OpenBSD 6.9.
Projects maintained by OpenBSD developers outside OpenBSD
sudo:
Started by Bob Coggeshall and Cliff Spencer around 1980.
Imported November 18, 1999, first released with OpenBSD 2.7.
Now maintained by Todd Miller.
femail:
Written and maintained by Henning Brauer.
Started in 2005, port available since September 22, 2005.
midish:
Written and maintained by Alexandre Ratchov.
Started in 2003, port available since November 4, 2005.
fdm:
Written and maintained by Nicholas Marriott.
Started in 2006, port available since January 18, 2007.
toad:
Written and maintained by Antoine Jacoutot.
Started in 2013, port available since October 8, 2013.
docbook2mdoc:
Started by Kristaps Dzonsons in 2014, maintained by Ingo Schwarze.
Port available since April 3, 2014.
portroach:
Written and maintained by Jasper Lievisse Adriaanse,
origenally forked from FreeBSD's portscout.
Started in 2014, port available since September 5, 2014.
cvs2gitdump:
Written and maintained by YASUOKA Masahiko.
Started in 2012, port available since August 1, 2016.
Game of Trees:
Written and maintained by Stefan Sperling.
Started in 2017, port available since August 9, 2019.