OpenBSD History

Nick Holland

Pre-OpenBSD History

• Bell Labs people invent UNIX
• Bell/AT&T was The Phone Company, not a computer company
• By Law.

1974 -- Berkeley

• Prof. Bob Fabry, UofC Berkeley, gets a license.
• ... or at least, code.
• licensing was careless and sloppy.
• Berkeley's a school.
• Bell was The Phone Company (and not computers).
• We don't need no stinkin' lawyers!
• code slid back and forth between BSD and AT&T with little regard to what the lawyers would say.

1980s -- "Release" of AT&T/Bell

• De-regulation and breakup of "Ma Bell"
• AT&T was no longer The Phone Company
• ... and was thus, no longer ONLY a phone company
• ... uh-oh.

"Release" of BSD

• 1991 -- Berkeley releases 4.3BSD Net/2. MOSTLY AT&T free.
• 1992 -- 386BSD 0.0 released March
• 1993 -- Disputes regarding patches caused the formation of FreeBSD and NetBSD. Theo de Raadt suggested the name NetBSD.
• 1993 -- Berkeley releases 4.4BSD-Lite as a non-encumbered version. AFTER 386BSD.
• Not really related: BSDi's BSD/386
• April 1993 -- NetBSD 0.8 released, based on 386BSD v0.1
• October 1994 -- NetBSD 1.0 released, based on 4.4BSD-Lite.
• 1994 -- Theo de Raadt removed from NetBSD project -- both management and commit status.

The BSD world in 1994

• Open Source, but not open development
• Source came out with releases.
• ...Coders could work on enhancing OLD code.
• ...Only "developers" could work on current code.
• VERY frustrating situation for a committed coder!

1995 -- Creation of OpenBSD

• de Raadt gives up re-joining NetBSD, creates OpenBSD
• anoncvs -- public access to all code, within hours of commit!
• Attack leads to interest in security
• ... and the first of the "Code Audits"
• One-Person-in-Charge

Early Days -- v1.2 to 2.2

• 1.2 July 1996 -- First FTP release
• 2.0 October 1996 -- First CD release
• ...Privilege revocation (ping).
• ...issetugid(2)
• 2.1 -- First OS with an IPSec stack!
• ...arc4random, bcrypt
• 2.2 -- Ports infrastructure. Already a reputation for quality-inspired security at Usenix 1998

Change the world 2.3-2.9

• v2.3 -- integrate IPF
• v2.4 -- strlcpy, strlcat
• v2.5 -- I discover OpenBSD
• v2.6 -- OpenSSH. Transition from "Daemon" mascot to Puffy.
• v2.7 -- integrated sudo, ipv6, mg
• v2.9 -- softupdates

v3.0: Introducing PF

• June 1, 2001 -- OpenBSD 2.9 released. Code had froze in April.
• May 18, 2001 -- IPF license "clarification" points out that modification is not permitted.
• May 30, 2001 -- IPF removed from OpenBSD.
• June 28, 2001 -- PF Imported into OpenBSD
• IPF license issue results in a software license audit.
• 0ct 15, 2001 -- some loser called "nick@" starts committing to the OpenBSD FAQ
• 3.0 ships with PF. IPF license "fixed" on same day as PF was announced. OpenBSD never shipped a release without a filter.
• Introduction of the Release Song, "E-Railed"

Security improvements. 3.2-3.9

• 3.2 -- Privilege Separation, systrace
• 3.3 -- Stack Smash protection, W^X (sparc, sparc64, alpha, hppa)
• 3.4 -- Address Space Layout Randomization (ASLR) -- first major OS. i386 gets W^X. Propolice in kernel. Lots of de-GNUification.
• 3.5 -- sensorsd, CARP, OpenBGPD, amd64 (w/W^X, of course). 8G boot limit removed
• 3.6 -- strtonum(3) to replace atoi, strtol. hotplugd. OpenNTPD. i386, amd64 get SMP
• 3.7 -- ospfd
• 3.8 -- ifstated, bioctl, watchdogd

Intermission: Hi, Molly!

Never done making it better: 4.0-4.9

• 4.0 -- dvmrpd
• 4.1 -- ripd, relayd, Xenocara X build system
• 4.2 -- cwm, ospf6d, softraid
• 4.3 -- snmpd, sparc64 gets SMP
• 4.4 -- Sysmerge. Much improved UltraSPARC support -- IV, T1, T2, V, VI, VII
• 4.6 -- OpenSMTPD, tmux
• 4.8 -- imsg (msg passing API), mandoc, ldapd, OpenIKED
• 4.9 -- timingsafe_bcmp(3). iscsid. rc.d

High Fives!

• 5.0 -- DUIDs implemented to fix "floating" disks. Auto-install non-free firmware.
• 5.1 -- amd64 can boot from softraid volume.
• 5.2 -- drop Apache 1.3 for nginx (dropped after 5.6)
• 5.3 -- Position Independent Executables (PIE). Random Data Memory -- initialize data with random data at load time. sparc4v LDOM support
• 5.5 -- explicit_bzero(3). signify(1). Year 2038+ ready, ALL platforms! Alpha SMP.
• 5.6 -- timingsafe_memcmp, LibreSSL, httpd
• 5.7 -- Static PIE. Sparc T3, T4, T5, M5, M6, sparc64-X. etc files minimized.
• 5.8 -- doas, file(1), radiusd
• 5.9 -- rebound, pledge, eigrpd, vmm

6.0-current

• 6.0 -- W^X strictly enforced; Return Oriented Programming Mitigation enabled. Library order randomized at boot.
• 6.1 -- First "no-CD-ROM" release. :-(
• 6.2 -- KARL -- Kernel Address Random Linking
• 6.4 -- RETGUARD replacement for ProPolice stack protection for amd64, arm64. unveil.
• 6.5+ -- OpenRsync

Where does the money come from?

• User donations!
• Google (over and over!)
• Microsoft (over and over!)
• Facebook (over and over!)
• genua gmbh (over and over!)
• Target, DuckDuckGo, HP Enterprise,

Questions / Discussion