Open BSD 3.4
Das sichere Multi-Plattform-BSD
Andere Artikel dieses Herstellers
Andere Artikel dieser Kategorie
OpenBSD 3.4 ist ein BSDlite 4.4-basierendes Betriebssystem (ähnlich wie FreeBSD und NetBSD). Die 3 CDs von OpenBSD 3.4 enthalten installierbare Vollversionen für die folgenden Architekturen: i386, Sparc, Sparc64, PowerPC (Mac), Vax (nicht bootfähig) sowie die vollständigen Sourcecodes und eine Fülle an zusätzlichen Softwarepaketen für alle Architekturen (Ports).
OpenBSD wird allgemein als das sicherste BSD-System eingeschätzt, nach eigenen Angaben kam es seit 6 Jahren nicht mehr zu einem erfolgreichen Angriff von außen.
CPU-Architektur: x86,sparc, sparc64, macppc
Lieferumfang: 3 CDROM
Lieferzeit: ab Lager
Preisempfehlung des Herstellers: 45,00
Sie sparen bei ixsoft: 55,78%
Unser Preis: € 19,90 (incl. 19% MWSt, netto € 16,72)
ab € 59,50 versandkostenfrei
- Three CDROMs in a jewel case.
- The complete install components for FIVE architectures:
- The following architectures only available via FTP download:
- The CDs are bootable on i386, macppc, sparc, and sparc64.
- A funky and surprisingly artistic CD insert sheet which contains
The information on this piece of paper makes OpenBSD somewhat
easier to install than if you do an FTP install.
- A full source tree (ready for AnonCVS use).
- The latest reliable XFree86 binaries for all architectures
- The latest XFree86 source code with small modifications
by us to make it prettier and more secure.
- Our own ports tree which has improved an
insane amount since OpenBSD 3.3. Almost all packages work on almost
- Several pre-built binary packages for the most common
architectures, which are very easy to install directly off the CDROM.
- As always, stickers included!
- And many other things...
This is a partial list of new features and systems included in OpenBSD 3.4.
For a comprehensive list, see the changelog leading
- The i386 architecture has been switched to the
- Further W^X improvements, including support for the i386 architecture.
Native i386 binaries have their executable segments rearranged to support
isolating code from data, and the cpu CS limit is used to impose a best
effort limit on code execution.
on ELF platforms now loads libraries in a random order for
greater resistance to attacks. The i386 architecture also maps libraries
into somewhat randomized addresses. Together with W^X and
these changes increase the difficulty of successfully exploiting an
application error, such as a buffer overflow.
- A static bounds checker has been added to the compiler to perform basic
checks on functions which accept buffers and sizes. The checker aims to
find common mistakes in the use of library functions such as
without emitting any false positives. Running it over the source and ports
trees revealed over a hundred real bugs, which were fixed and submitted back
to the original authors where possible.
- Privilege separation has been implemented for the
daemon, making it much more robust against future errors. The child which
listens to network traffic now runs as a normal user and chroots itself,
while the parent process tracks the state of the child and performs
privileged operations on its behalf.
- Many unsafe string functions have been removed from the kernel and userland
utilities. This audit is one of the most comprehensive OpenBSD has ever
done, with thousands of occurrences of
being replaced with safer, bounded alternatives such as
- Many improvements to and bugs fixed in the
ProPolice stack protector. Several other code generation bugs
for RISC architectures fixed.
ProPolice stack protection has been enabled in the kernel as well.
- Privilege separation has been implemented in the X server. The privileged
child process is responsible for the operations that can't be done after the
main process has switched to a non-privileged user. This greatly reduces the
potential damage that could be caused by malicious X clients, in case of
bugs in the X server.
- Emulation support for binary compatibility is now controlled via
Emulation is now disabled by default to limit exposure to malicious
binaries, and can be enabled in
- Manual pages have been greatly cleaned up and improved.
- The ports tree now supports building programs under
systrace(1), preventing the possibility of applications harming the
system at compile-time via trojaned configuration scripts or otherwise.
- Symbol caching in
reduces the startup time of large applications.
- More license fixes, including the removal of the advertising clause
for large parts of the source tree.
- Replacement of GNU
commands with BSD licensed equivalents.
- Addition of read-only support for
- Reliability improvements to layered file systems, enabling
to work again.
- Import of
utility, allowing expansion of existing file systems.
- Improvements to
enabling more applications to run.
- Significant improvements to the
- Replace many static fd_set uses, to instead use
or dynamic allocation.
- ANSIfication and stricter prototypes for a large portion of the source tree.
- Legacy KerberosIV support has been removed, and the remaining KerberosV
codebase has been restructured for easier management.
- Over 2400 ports, 2200 pre-built packages.
- A large number of bug fixes, changes, and optimizations to our packet filter
- packet tagging (e.g. filter on tags added by bridge based on MAC address)
- stateful TCP normalization (prevent uptime calculation and NAT detection)
- passive OS detection (filter or redirect connections based on source OS)
- SYN proxy (protect servers against SYN flood attacks)
- adaptive state timeouts (prevent state table overflows under attack)
- Improved hardware support, including:
- Kauai ATA controllers (Apple ATA100 wdc)
kauaiata(4) enabling support for Powerbook 12" and 17" models.
- Support for controlling LongRun registers on Transmeta CPUs.
- Many fixes to
hardware monitor drivers.
driver for SafeNet crypto accelerators.
driver for Myson Technologies network cards.
- More ethernet cards supported by
- Massive overhaul and sync with NetBSD of the entire
- New and better support for various controllers in
including experimental support for Serial ATA.
- New drivers to support
pninek(4) SPARC framebuffers. The
vigra(4) driver also supports more models.
support for Tadpole SPARCBooks and SPARCs with pcmcia-sbus bridges.
- Watchdog support for
as used on Soekris boards.
- The system includes the following major components from outside suppliers:
- XFree86 4.3.0 (+ patches, and i386 contains 3.3.X servers also, thus
providing support for all chipsets)
- Gcc 2.95.3 (+ patches)
- Perl 5.8.0 (+ patches)
- Apache 1.3.28, mod_ssl 2.8.15, DSO support (+ patches)
- OpenSSL 0.9.7b (+ patches)
- Groff 1.15
- Sendmail 8.12.9 (+ parse8.359.2.8 security patch)
- Bind 9.2.2 (+ patches)
- Lynx 2.8.4rel.1 with HTTPS and IPv6 support (+ patches)
- Sudo 1.6.7p5
- Ncurses 5.2
- Latest KAME IPv6
- Heimdal 0.6rc1 (+ patches)
- OpenSSH 3.7.1 (now with GSSAPI support)
- Many improvements for security and reliability (look for the red
print in the complete changelog).
- and much more.
How to install
Following this are the instructions which you would have on a piece of
paper if you had purchased a CDROM set instead of doing an alternate
form of install. The instructions for doing an ftp (or other style
of) install are very similar; the CDROM instructions are left intact
so that you can see how much easier it would have been if you had
purchased a CDROM instead.
Please refer to the following files on the three CDROMs or ftp mirror for
extensive details on how to install OpenBSD 3.4 on your machine: