OpenBSD 6.4

 OpenBSD logo (75 pix) A few days ago the new semi-annual release of OpenBSD was released. On this page you can find an extensive list of FTP and HTTP download locations. OpenBSD is derived from the original Berkeley Software Distribution and has the feature that the developers only want to use open source software. Furthermore, the operating system is known for its excellent documentation and safety. Extensive release notes can be found on this page ; Below is an overview of the most important improvements:

BSD Release: OpenBSD 6.4
The project has released OpenBSD 6.4 which includes many driver improvements, a feature that allows OpenSSH’s configuration files to use service names instead of port numbers, and the Clang compiler will replace some risky ROP instructions with safe alternatives.

Perhaps the most interesting feature is the unveil () system call that allows applications to block themselves, blocking their own access to the file system. This is especially useful for programs that can not be used in the application: “New unveil (2) system is the most powerful when “Good combined with privilege separation and pledge (2).”

Other security improvements include: “Implemented MAP_STACK option for mmap (2); new RETGUARD security mechanism on amd64 and arm64 – use per-function random cookies to protect access to function return instructions, making them harder to use in ROP gadgets …. “