OpenBSD 3.6 tackles multi-processing

The next version of the secure BSD-based operating system supports multiple processors for both AMD64 and i386-compatible hardware.

The next version of the secure BSD-based operating system supports multiple processors for both AMD64 and i386-compatible hardware.

The developers behind OpenBSD, the secure Unix-like operating system, are due to release version 3.6 on 1 November, which for the first time includes symmetric multiprocessing (SMP) support.

Theo de Raadt, the founder and lead developer of OpenBSD, told ZDNet UK that the main features in OpenBSD 3.6 are SMP support for Intel's i386 architecture and AMD's 64-bit processor, as well as new exploit mitigation features, and additional device drivers.

SMP support improves system performance by making multiple CPUs available to complete individual processes simultaneously. Raadt said developers had been working on more pressing priorities before moving on to SMP support.

"It just wasn't the focus for us as we were concentrating on security features," said Raadt. "It was very easy to add - the work was done by one developer in one month, although it took an extra eight months of testing."

FreeBSD, another BSD-based operating system, already has SMP support.

In OpenBSD 3.6, developers have completed work on rewriting all system daemons--background processes that carry out functions such as print spooling--which will make the operating system more resilient against attack, according to Raadt.

"A lot of daemons run on root even though they only need root to start up," said Raadt. "If there's a bug in the system the attacker will be able to exploit root. If a daemon is moved off root or split into two processes, one of which continues as root, it makes the system more resilient against attack."

Raadt said OpenBSD is a popular operating system, particularly among system administrators running firewalls, due to its exploit mitigation techniques, its superior packet filter, and their auditing methodology.

"We are the software auditing kings--we go through code a lot to make sure there are not many bugs," said Raadt.

According to Raadt the release life cycle at OpenBSD also helps to ensure that the software's quality remains high--any major changes are spread across three of the six-monthly releases.

The next release of the operating system, due on 19 May 2004, may contain various features including support for 802.11-compliant wireless devices such as WaveLAN, optimization of SMP, support for new hardware and an improved package upgrade facility, according to Raadt.

OpenBSD developers are also responsible for developing OpenSSH, a secure network connectivity tool which is used by many operating systems including IBM AIX, Linux, Mac OS X 10 and Solaris 9, to encrypt Internet traffic.

A scan carried out on five million random Internet addresses in September found that 88 percent of secure shell (SSH) servers are running OpenSSH rather than proprietary alternatives from vendors that include SSH Communications Security, Cisco and Sun. This is a dramatic increase since September 2000, when only five percent ran OpenSSH.

Raadt said that knowing that SSH servers arerunning OpenSSH makes him feel that the Internet is safer.

"We don't trust anyone else to write it. My security on the Internet depends on everyone else's security," said Raadt. "If someone breaks into a bunch of computers on the Internet they can use that to take me down."