OpenBSD update promises better protection

Version 3.9 of the open-source operating system includes a memory feature designed to counter buffer overflow attacks.

Ingrid Marson
2 min read
The OpenBSD project has updated its open-source operating system, adding a new sensor framework and better protection against buffer overflow attacks.

The sensor framework in version 3.9, released Monday, will enable system administrators to monitor the environmental conditions of servers running the operating system, project founder Theo de Raadt told ZDNet UK.

"There is a significant new sensor framework which supports voltage sensors, fan sensors, temperature sensors and so on," said de Raadt, who is also the lead developer of OpenBSD. "Such a feature is still missing in Linux and other major operating systems."

Also introduced in the update is fully enabled, randomized memory allocation, which ensures that programs do not always allocate memory in the same place. The feature should offer protection against buffer overflow attacks. "No other major commercial operating system has this feature," de Raadt said.

Earlier this year, de Raadt said the OpenBSD project is running at a loss and called on open-source vendors and commercial users to contribute to it.

But he said Tuesday that Linux and Unix vendors have been reluctant to help, even though they have used the OpenSSH communications encryption program and other software developed by the project in their products.

"Roughly stated, painting with some broad strokes, the Linux vendors flat out refused to help. They have not even really replied to requests. The commercial Unix vendors have tried to stay away from funding us as well, hiding in their castles, especially when users of our software sent them requests for action," said de Raadt, in an interview with news site KernelTrap.

But while vendors have kept away, the project has received donations from "hundreds" of individuals and "large contributions" from some OpenSSH users. This included open-source projects Smoothwall and Mozilla, and the domain name registrar GoDaddy, de Raadt is quoted as saying by KernelTrap.

Version 3.9 of OpenBSD is available for download at a number of mirror sites.

Ingrid Marson reported for London-based ZDNet UK.