Talk:OpenBSD/Rewrite

OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Research Unix derivative developed at the University of California, Berkeley. The project behind OpenBSD also maintains other software utilities, most notably OpenSSH, which are available as packages for other operating systems. OpenBSD was forked from NetBSD in 1995 by Theo de Raadt after sharp disagreements over the running of the NetBSD project; today, it is among the most widely-used BSD variants, its software utilities also appearing in many other operating systems. OpenBSD is known for its emphasis on security: it is designed to be secure by default, with many security features and frequent audits of its source code. Similar to other BSD variants, OpenBSD is also developed with an emphasis for documentation, with new code expected to meet the project's stringent documentation standards.

OpenBSD is distributed as a complete operating system, providing the kernel, device drivers, and userland utilities, unlike Linux, which is distributed as a kernel. OpenBSD is licensed under multiple permissive licenses, the project preferring the ISC license, but also adopting the BSD license.

Background
OpenBSD was descended from Berkeley Software Distribution (BSD), an operating system built upon the original Unix system developed at Bell Labs, part of AT&T Corporation. Holding a monopoly at the time, AT&T was banned from directly selling its software, so it would often license Unix to universities: the University of California, Berkeley (UC Berkeley) received a license. The university formed BSD with the Unix source code, which their Computer Systems Research Group (CSRG) developed from 1977 to 1994.

The CSRG's funding withered towards the end of BSD's development, so the CSRG released BSD to the public in 1992 under the BSD license, renouncing most of their rights to BSD. AT&T, still developing Unix at the time, saw the release as infringement, challenging UC Berkeley and Berkeley Software Design, the corporation that sold licenses to BSD from 1991 to 1992, in court. The university presented a strong defense, even proving that AT&T took significant parts of BSD in developing Unix and violated the BSD license as a result. The final settlement mandated the CSRG to delete only a small part of BSD, allowing the CSRG to release the final version of BSD under the BSD license. BSD received newfound attention from the lawsuit, spawning numerous BSD variants.

Birth and early development
Theo de Raadt was a founding developer of NetBSD, a BSD variant forked in 1993 from 386BSD. de Raadt remained one of NetBSD's core developers until December 1994, when he was asked to resign as a core developer after sharp disagreements with other developers on the running of the project.

In October 1995, de Raadt forked NetBSD to form OpenBSD, storing the code on a public read-only Concurrent Versions System (CVS) repository. The initial release, OpenBSD 1.2, was released in July 1996, while the first major release, OpenBSD 2.0, was released in October 1996.

Security
Numerous memory protection features are included in OpenBSD at the kernel level to ensure memory safety, shielding the system against memory attacks such as buffer overflows. W^X, or Write XOR Execute, prevents arbitrary code execution by allowing a program's memory to be written to or executed, but not both. This prevents an attacker from injecting code into memory and executing the code. OpenBSD protects the stack via ProPolice, which prevents attackers from injecting malicious code into the stack by detecting changes within the stack, terminating the program if it detects an unexpected change. OpenBSD prevents a program from writing to memory owned by another program by placing a "guard page" next to the memory allocated by the program, which cannot be written to. Various other memory protection features are included in OpenBSD, some of them preemptive against uncommonly-exploited or theoretical vulnerabilities.

Cryptography is deeply embedded into OpenBSD, integrating into the system not only cryptography at the software level, but also at the hardware level, using a system's hardware cryptographic facilities whenever possible. OpenBSD provides a cryptographic library providing numerous functions, such as ciphers, key-agreement protocols, public key certificate functions, and a cryptographically secure pseudorandom number generator for generating secure entropy. OpenBSD has an application programming interface providing a uniform interface to hardware cryptographic functions on various platforms.

OpenBSD supports IPsec, a protocol for encrypting Internet Protocol packets. pf was implemented into OpenBSD as a built-in firewall, with OpenBSD team successfully porting pf into other operating systems.

Privilege separation is incorporated into OpenBSD, which separates a program into individual units accorded only the privileges they need to operate, limiting the fallout when part of the program is compromised. Programmers developing code for OpenBSD may also use the pledge system call, which limits the system calls a specific program can make to the ones declared in the program.

Common on almost all Unix-like systems is a simple file system permission scheme, which specifies for each file the permissions for reading, writing to, and executing a file. OpenBSD extends this scheme by adding numerous flags, providing more fine-grained control over file permissions, with the securelevel of the system controlling the overall restrictiveness of the filesystem. A higher securelevel restricts the system's maintainability, but hardens the system against attacks.

The OpenBSD project also maintains numerous software utilities included in OpenBSD designed to keep the system secure by default. OpenSSH is a Secure Shell (SSH) protocol implementation to facilitate encrypted console connections; OpenSSH is also used by many other open source operating systems. In response to Heartbleed and other vulnerabilities in OpenSSL, the OpenBSD team forked OpenSSL and overhauled the code to form LibreSSL.

Software and system management
The OpenBSD base installation provides only the essential software packages needed for basic tasks. OpenBSD provides tools to manually build and compile third-party software, including the GNU Compiler Collection, but OpenBSD also contains automated build tools such as make to run Makefile build scripts.

OpenBSD provides two dedicated systems of building software packages: ports and packages. The OpenBSD project maintains a repository of software packages in the ports system, in which the build process is simplified. OpenBSD provides a package manager based on the ports system, which simplifies the process when only simple configuration of packages is needed.

OpenBSD handles startup scripts and system services via the rc system. Task scheduling is handled via the Cron daemon, although internal task scheduling is handled with a separate service. OpenBSD includes the syslog service, providing a common interface for programs to log events. OpenBSD supports the Network Time Protocol (NTP) via OpenNTPD, which is maintained by the project. It can fetch the current time from an NTP server, or host an NTP server providing access to the system clock via a local network or the Internet.

Storage
OpenBSD retains the original Unix File System (UFS) incorporated in BSD. OpenBSD supports two versions of UFS: UFS1, the default for smaller partitions up to about one terabyte, and UFS2, for partitions up to 8 zettabytes ($2^{32} &minus; 1$ terabytes). OpenBSD supports software RAID levels 0, 1, 4, and 5; partition-level encryption, the Network File System, and soft updates.

Networking
The OpenBSD network stack is based on the 4.4BSD network stack. OpenBSD integrates its own IPsec stack, but implements the KAME project's implementation of IPv6.