OpenBSD releases version 3.3
The latest version of the popular OpenBSD operating system was released today, despite the US Defense Advanced Research Projects Agency (DARPA) pulling its funding to the group last month.
The latest release of the open source Unix-style operating system includes many tweaks, from security enhancements to improved hardware support.
In a message posted to an OpenBSD list, the developers of the software were keen to point out that under a default configuration the distribution has an impressive security record.
"We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install," it said.
The statement described new security features of the software, which have resulted from a $2.3m (about £1.4m) grant from DARPA to the OpenBSD Project; a grant which has since been revoked, according to a statement posted on the OpenBSD Web site.
"DARPA suddenly and unexpectedly cancelled funding for OpenBSD R&D through the University of Pennsylvania's POSSE programme and the hotel for the upcoming hackathon," it said.
The OpenBSD team also posted a communication allegedly received from DARPA themselves.
"As a result of the DARPA review of the project, and due to world events and the evolving threat posed by increasingly capable nation-states, the Government on April 21 advised the University to suspend work on the 'security fest' portion of the project," it said.
Nevertheless, the new software was released and the enhancements made possible through the grant have filtered through into the current release.
"Integration of the ProPolice stack protection technology, by Hiroaki Etoh, into the system compiler. This protection is enabled by default," Thursday's statement read.
The OpenBSD project leader, Theo de Raadt, announced the planned inclusion of the stack protection technology aimed at mitigating buffer overflow vulnerabilities -- the most ubiquitous type of security glitch -- at the RSA security conference in San Francisco last month.
He told the conference the OpenBSD group's latest improvements will make causing a buffer overflow extremely difficult, if not impossible.
The memory bugs have resisted extermination for almost 30 years, and de Raadt said that any claims that an open-source group has done so would need to be tested, but some attendees at the conference were sceptical.
"It's just adding another layer" to the security, said Nicolas Fischbach, senior manager for security at Colt Telecom, a Swiss communications provider. "It won't make a huge difference because there are always bugs that are found in software."
Other improvements include upgraded load balancing and traffic shaping capabilities as well as other goodies such as "spamd", a daemon used to detect and repel spam.
As for the DARPA grant, de Raadt said the research conducted by OpenBSD went further than its original scope.
"This really wasn't part of the DARPA grant," he said. "But it happened because the DARPA grant happened, because when you throw a bunch of...guys into a room and get them drunk, this is what you get." De Raadt was careful to point out that the group paid for its own beer.
The operating system is available for download here.
Let the editors know what you think in the Mailroom.