Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.4 Released

Posted by timothy on from the new-poster-too dept.

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."

20 of 275 comments (clear)

  1. What he/she really meant is... by Anonymous Coward · · Score: 5, Informative


    "Remember to please use a mirror."

    1. Re:What he/she really meant is... by LordHunter317 · · Score: 4, Insightful

      DO NOT USE OpenBSD ISOs you randomly find on the Internet. During the 3.3 release, many people downloaded ISOS, only to find out that they were trojaned. This is not a safe, nor supported way, of installing OpenBSD.

      If you want the CDs so bad, buy them. They're only $40.

  2. shocking concern by t0ny · · Score: 5, Funny
    Remember to please use a mirror

    Since when does Slashdot care about overloading webservers?

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

    1. Re:shocking concern by Anonymous Coward · · Score: 4, Funny

      And here I thought it was a comment about personal grooming...

  3. no, no, you don't understand... by jusdisgi · · Score: 5, Funny

    ...perfect code is irrelevant to security! Didn't you hear me?!

    -Bill

    --
    Given a choice between free speech and free beer, most people will take the beer.
  4. OpenBSD song by Malcolm+Scott · · Score: 5, Informative

    And make sure you listen to the release song too. It's great :-)

  5. Thoughts on security by arvindn · · Score: 5, Interesting
    From the release notes:
    Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree.
    That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc. Of course its a pain to keep track of the length of each string (making them fixed size is not always feasible), but I would have expected that in kernel level code convenience would take the back seat.

    Note: this is purely an academic question, it is not my intention to critisize anyone, but just to learn why these things happen, not being a very experienced programmer myself.

    1. Re:Thoughts on security by OttoM · · Score: 4, Informative

      The kernel has its own set of library functions, aptly named "the kernel library". This kernel library included strcpy() and strcat(), but not aymore.

    2. Re:Thoughts on security by __past__ · · Score: 5, Insightful
      That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc.
      You realize that OpenBSD is not a clean-room reimplementation of Unix? Most of the code is probably simply ages old, probably older than strlcpy and friends, or the OpenBSD project itself. Obviously, there was a time where programmers thought gets would be a useful function...
      --
      Programming can be fun again. Film at 11.
    3. Re:Thoughts on security by dmiller · · Score: 4, Informative

      Note thst strcpy() and friends _can_ be used safely, and the usage of the ones in the tree before the removal had been audited at least once. For example, the following construct is safe (assuming you check the malloc return):

      len = strlen(foo) + 1;
      bar = malloc(len);
      strcpy(bar, foo);

      But is was easier to just banish them from the tree entirely, so that it is easier to grep for potentially unsafe ones when new code is imported.

  6. From the changelog by debilo · · Score: 5, Funny

    Remove unlicensed MATH_EMULATE code (written by some guy named Torvalds) from the kernel, leaving only the GNU emulation code for the moment.

    Gotta love that.

  7. Unfortunately by Ryvar · · Score: 5, Informative

    Unlike 3.3, which made it months before a single security-related patch was issued, 3.4 LAUNCHES with 3 such patches.

    That said, it's such a huge release in terms of changes made (x86 Write or eXecute memory pages, for one) that it's more than worth the upgrade.

    As with most such fundamental updates to OBSD, though, I expect this release to be significantly patchier than the last couple.

    --Ryv

  8. Binary format changed to ELF by snake_dad · · Score: 5, Insightful
    Be careful when upgrading from older versions of OpenBSD, the upgrade procedure for i386 is a little bit more complicated than usual. As noted here and here. There's a document describing a possible upgrade path available from 3.3 to 3.4.

    As I was lucky enough to run into this on a relatively new install I could just do a complete reinstall, but not reading the upgrade instructions can get you in a lot of trouble this time... :)

    --
    karma capped .sig seeking available Slashdot poster for long-term relationship.
  9. Re:OpenBSD performance facts by quigonn · · Score: 4, Funny

    And you think the discussion on the OpenBSD side was less biased? Well, I'll just show you some of the comments from misc@openbsd.org about the article:

    "Because as Lars pointed out before, benchmarks are seldom little more than a great way to use numbers to prove your point. Especially coming from this overtly pro-linux, anti-openbsd in the flesh little devil Felix. The benchmarks he provides serve little more than to feed his
    pro-linux ego and no real interest in improving OpenBSD, and neither do your (collectively) rantings as to this being proof that OpenBSD is broken. [...] The intuitive way to meet this attitude is to benchmark now the security advantages of OpenBSD where it outperforms Linux."

    "Leitner is a linux bigot, he's very anti-openbsd (obvious to anyone who's ever read his rantings), the tests shows OpenBSD in a bad light, draw your own conclusions."

    "I have better things to do than testing networking performance of operating systems. I'm very busy already. I've chosen OpenBSD as my server OS, because security is my main concern. I like it a lot. So far, nothing I've read has convinced me to install something else. I took time however to discredit (rightfully I think) this guy's test, because it struck me as being very unjust."

    "Theo could easily rewrite OpenBSD to thrash these other OSes, real things like multiprocessor support are a real drag for them, so OpenBSD could be heaps faster. But who cares how many binds/second can be done, this isn't real "work", so what does it prove?"

    I especially like the last one. :-) It shows the real attitude of most OpenBSD fanboys. Later, in the newsgroup de.alt.sysadmin.recovery, Felix summarized what kind of emails he got from the different projects. Some of the Linux people found it interesting, FreeBSD seems to have been quite friendly too (a few asked about benchmarking 4.8), the NetBSD people immediately explained why the mmap benchmark measured a worst case situation in NetBSD, and immediately started improving NetBSD performance-wise. But about OpenBSD he wrote that he only got only two emails that were not insulting. Some people even explained to him that the 1024 cylinder limit he mentioned in the article doesn't exist (it does! I know one person that tried to fix it, but his patches were not taken because he used intel syntax instead of AT&T syntax in some assembler files), and some people said that OpenBSD doesn't crash as he described. So far, the crash could be reproduced and is in the OpenBSD bugtracking system.

    --
    A monkey is doing the real work for me.
  10. Don't worry about the ghosts and goblins... by awarnack · · Score: 4, Funny

    It's the DAEMONS you have to worry about... (it had to be said, right? RIGHT???)

  11. TCP/IP by ndavidg · · Score: 4, Interesting

    From a University of Texas CS instructor's web site:

    The Transmission Control Protocol was first formally specified in December of 1974 by Vint Cerf, Yogen Dalal and Carl Sunshine.

    The link can be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/index.shtml

    And supporting documentation will be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/Annotated_Bibliography/index.shtml

  12. Re:Just a thought ... Go buy the official CD's by Anonymous Coward · · Score: 4, Insightful

    Because OpenBSD does not offer any iso images for download. The official iso images are copyrighted by Theo and can only be gotten by buying the CD's or by pirating them. Or course you could make your own homebrew iso images, that's perfectly legal, and then distribute them as torrent files. But the OpenBSD project depends on CD sales to fund the continued development of the OS. Go buy the official CD's.

  13. Re:Via C3 support by Homology · · Score: 5, Informative

    1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

    This is before optimization is done, and according to Theo, this is what they are doing right now. The chip is capable of 12.5 Gbit.

  14. Re:OpenBSD performance facts by Caligari · · Score: 4, Informative
    Instead of judging the entire OpenBSD community by a couple of random emails on misc@ (which is the mailing list specifically for stupid questions and answers), why don't you report what the tech@ people were saying?

    If you did, you would how the ACTUAL OpenBSD developers responded to fefe's benchmarks.

    For example, here is what Ted Unangst (a very major committer to OpenBSD) replied to requests for help improving performance:

    "apply the patch below to your mmap benchmark. a real application is unlikely to use pread and mmap. openbsd uses a separate cache for read and mmap calls. while it seems you are attempting to time only a page fault with cached data, that is not happening on openbsd.

    the results for all other OS should remain the same, but OpenBSD improves dramatically. the adjusted benchmark is a much closer match to application behavior in reality."
    Which was followed by above-mentioned patch.

    I don't think it's fair for you to judge an entire operating system community based on the contents of a few selected emails. By doing so, you are being just as biased as you say the others are.

    --
    The moving cursor writes, and having written, blinks on.
  15. Re:A message from Theo by mirabilos · · Score: 4, Informative

    The two bugs you mention, weren't actually bugs
    in OpenBSD.

    * one was a bug in PAM and most GNU vendors
    * one is a bug, but can't be exploited due to
    W^X, propolice, NXSTACK, NXHEAP and friends.

    Heck, I've tried the gobbles exploit again
    against OpenBSD-2.9-OpenSSH where it worked
    back then. It failed to run due to these four.

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)