openbsd
/
www
mirror of https://github.com/openbsd/www.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
www/innovations.html

678 lines
36 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang=en>
<meta charset=utf-8>
<title>OpenBSD: Innovations</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/innovations.html">
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
Innovations
</h2>
<hr>
<p>
This is a list of software and ideas developed or maintained by the OpenBSD
project, sorted in order of approximate introduction. Some of them are
explained in detail in our <a href="events.html">research papers</a>.
<hr>
<h3>Concepts</h3>
<ul>
<li><a href="https://man.openbsd.org/ipsec.4">ipsec(4)</a>:
Started by John Ioannidis, Angelos D. Keromytis, Niels Provos, and
Niklas Hallqvist, imported February 20, 1997. OpenBSD was the first
free operating system to provide an IPSec stack.
<li><a href="https://man.openbsd.org/inet6.4">inet6(4)</a>:
First complete integration and adoption of IPv6 led by
"Itojun" (Dr. Junichiro Hagino) [WIDE/KAME], Craig Metz [NRL], and
Angelos D. Keromytis starting Jan 6, 1999.
Almost fully operational Jun 6, 1999 during the
<a href="hackathons.html">first OpenBSD hackathon</a>.
OpenBSD 2.7.
<li><strong>Privilege separation</strong>:
First implemented by
<a href="http://www.citi.umich.edu/u/provos/ssh/privsep.html">Niels Provos</a>
and Markus Friedl in OpenSSH in March 2002, released with OpenBSD 3.2.
The concept is now used in many OpenBSD programs, for example
<a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
<a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>,
<a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>,
<a href="https://man.openbsd.org/dvmrpd.8">dvmrpd(8)</a>,
<a href="https://man.openbsd.org/eigrpd.8">eigrpd(8)</a>,
<a href="https://man.openbsd.org/file.1">file(1)</a>,
<a href="https://man.openbsd.org/httpd.8">httpd(8)</a>,
<a href="https://man.openbsd.org/iked.8">iked(8)</a>,
<a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
<a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>,
<a href="https://man.openbsd.org/mountd.8">mountd(8)</a>,
<a href="https://man.openbsd.org/npppd.8">npppd(8)</a>,
<a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>,
<a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>,
<a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>,
<a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>,
<a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>,
<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>,
<a href="https://man.openbsd.org/ripd.8">ripd(8)</a>,
<a href="https://man.openbsd.org/script.1">script(1)</a>,
<a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
<a href="https://man.openbsd.org/syslogd.8">syslogd(8)</a>,
<a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a>,
<a href="https://man.openbsd.org/tmux.1">tmux(1)</a>,
<a href="https://man.openbsd.org/xconsole.1">xconsole(1)</a>,
<a href="https://man.openbsd.org/xdm.1">xdm(1)</a>,
<a href="https://man.openbsd.org/Xserver.1">Xserver(1)</a>,
<a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>,
<a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>,
etc.
<li><strong>Privilege revocation</strong>:
Related to the work on privilege separation, some programs were refactored
to drop privileges while holding onto a tricky resource such as a raw socket,
reserved port, or modification-locked bpf(4) descriptor,
for example
<a href="https://man.openbsd.org/ping.8">ping(8)</a>,
<a href="https://man.openbsd.org/traceroute.8">traceroute(8)</a>,
etc.
<li><strong>Stack protector</strong>:
Developed since 2001 as "propolice" by Hiroaki Etoh. Integrated, and
implemented for additional hardware platforms, by Federico G. Schwindt,
Miod Vallat and Theo de Raadt. OpenBSD 3.3 was the first operating
system to enable it systemwide by default.
<li><strong>W^X</strong>:
First used for sparc, sparc64, alpha, and hppa in OpenBSD 3.3.
Strictly enforced by default since OpenBSD 6.0: a program can only
violate it if the executable is marked with <code>PT_OPENBSD_WXNEEDED</code>
and it is located on a filesystem mounted with the <code>wxallowed</code>
<a href="https://man.openbsd.org/mount.8">mount(8)</a> option.
<li><strong>GOT and PLT protection</strong> by ld.so:
first done as part of the W^X work in OpenBSD 3.3, by Dale Rahn and
Theo de Raadt. The GOT and PLT regions are read-only outside of ld.so
itself. Extended to the .init/.fini sections (constructors and
destructors) in OpenBSD 3.4.
<li><strong>ASLR</strong>:
OpenBSD 3.4 was the first widely used operating system to
provide it by default.
<li><a href="https://man.openbsd.org/gcc-local.1">gcc-local(1)</a>
__attribute__((__bounded__)) static analysis annotation
and checking mechanism:
Started by Anil Madhavapeddy on June 26, 2003
and ported to GCC 4 by Nicholas Marriott.
First released with OpenBSD 3.4.
<li><a href="https://man.openbsd.org/malloc.3">malloc(3)</a>
randomization implemented by Thierry Deval. Guard pages and randomized (delayed) free added by Ted Unangst.
Reimplemented by <a href="papers/eurobsdcon2009/otto-malloc.pdf">Otto Moerbeek</a>
for OpenBSD 4.4.
<li><strong>Position-independent executables (PIE)</strong>:
OpenBSD 5.3 was the first widely used operating system to enable it
globally by default, on seven hardware platforms.
Implemented in November 2008 by
<a href="https://www.openbsd.org/papers/nycbsdcon08-pie/">Kurt Miller</a>
and enabled by default by
<a href="https://www.openbsd.org/papers/asiabsdcon2015-pie-slides.pdf">Pascal Stumpf</a>
in August 2012.
<li><strong>Random-data memory</strong>:
the ability to specify that a variable should be initialized
at load time with random byte values (placed into a new ELF
<b>.openbsd.randomdata</b> section) was implemented in
OpenBSD 5.3 by Matthew Dempsky.
<li><strong>Stack protector per shared object</strong>:
using the random-data memory feature, each shared object was given its
own stack protector cookie in OpenBSD 5.3 by Matthew Dempsky.
<li><strong>Static-PIE</strong>:
Position-independent static binaries for /bin, /sbin and ramdisks.
Implemented for OpenBSD 5.7 by Kurt Miller and Mark Kettenis.
<li><strong>SROP</strong>
(<a href="https://man.openbsd.org/sigreturn.2">sigreturn(2)</a>
oriented programming) mitigation: attacks researched by
<a href="https://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf">Eric Bosman</a>
and Herbert Bos in 2014, solution implemented by Theo de Raadt in May 2016,
enabled by default since OpenBSD 6.0.
<li><strong>Library order randomization</strong>:
In <a href="https://man.openbsd.org/rc.8">rc(8)</a>, re-link
<code>libc.so</code>, <code>libcrypto</code>, and <code>ld.so</code>
on startup, placing the objects in a random order.
Theo de Raadt and Robert Peichaer, May 2016,
enabled by default since OpenBSD 6.0 and 6.2.
<li>Kernel-assisted lazy-binding for W^X safety in multi-threaded programs.
A new syscall <a href="https://man.openbsd.org/kbind.2">kbind(2)</a>
permits lazy-binding to be W^X safe in multi-threaded programs.
Implemented for OpenBSD 5.9 by Philip Guenther in July 2015.
<li>Process layouts in memory tightened to remove execute permission from
all segmented, non-instruction data and to remove write permission from
data that is only modified during loading and relocation.
By combining the RELRO (Read-Only after Relocation) design from the
GNU project with the original ASLR work from OpenBSD 3.3 and
strict lazy-binding work from OpenBSD 5.9, this is applied to not
just a subset of programs and libraries but rather to all programs
and libraries.
Implemented for OpenBSD 6.1 by Philip Guenther in August 2016.
<li>Use of <strong>fork+exec in privilege separated programs</strong>. The
strategy is to give each process a fresh &amp; unique address space for
ASLR, stack protector -- as protection against address space discovery attacks.
Implemented first by
Damien Miller (<a href="https://man.openbsd.org/sshd.8">sshd(8)</a> 2004),
Claudio Jeker (<a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>, 2015),
Eric Faurot (<a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>, 2016),
Rafael Zalamena (various, 2016), and others.
<li><strong>trapsleds</strong>:
Reduction of incidental NOP instructions/sequences in the instruction
stream which could be useful potentially for ROP attack methods to
innaccurately target gadgets. These NOP sequences are converted into
trap sequences where possible. Todd Mortimer and Theo de Raadt, June
2017.
<li><strong>Kernel relinking at boot</strong>:
the .o files of the kernel are relinked in random order from a
link-kit, before every reboot. This provides substantial interior
randomization in the kernel's text and data segments for layout and
relative branches/calls. Basically a unique address space for each
kernel boot, similar to the userland fork+exec model described above
but for the kernel. Theo de Raadt, June 2017.
<li>Rearranged i386/amd64 register allocator order in
<a href="https://man.openbsd.org/clang.1">clang(1)</a>
to reduce polymorphic RET instructions:
Todd Mortimer, November 20, 2017.
<li>Reencoding of i386/amd64 instruction sequences to avoid
embedded polymorphic RET instructions. Enhancements to
<a href="https://man.openbsd.org/clang.1">clang(1)</a>
Todd Mortimer, April 28, 2018 and onwards.
<li><b>MAP_STACK</b> addition to
<a href="https://man.openbsd.org/mmap.2">mmap(2)</a>
allows opportunistic verification that the stack-register
points at stack memory, therefore catching pivots to non-stack
memory (sometimes used in ROP attacks).
Theo de Raadt, April 12, 2018.
<li><b>RETGUARD</b> is a replacement for the <b>stack-protector</b>
which uses a per-function random cookie (located in the read-only ELF
<b>.openbsd.randomdata</b> section) to consistency-check the
return address on the stack. Implemented for amd64 and arm64
by Todd Mortimer in OpenBSD 6.4, for mips64 in OpenBSD 6.7, and
powerpc/powerpc64 in OpenBSD 6.9. amd64 system call stubs also
protected in OpenBSD 7.3.
<li><b>MAP_CONCEAL</b> addition to
<a href="https://man.openbsd.org/mmap.2">mmap(2)</a>
disallows memory pages to be written to core dumps, preventing
accidental exposure of private information.
Theo de Raadt, Mark Kettenis and Scott Soule Cheloha,
February 2, 2019.
<li>Similar to the opportunistic verification in <b>MAP_STACK</b>,
system-calls can no longer be performed from PROT_WRITE memory.
Theo de Raadt, June 2, 2019.
<li>System calls may only be performed from selected code regions
(main program, ld.so, libc.so, and sigtramp).
Theo de Raadt, November 28, 2019.
<li>Permissions (RWX, MAP_STACK, etc) on address space regions can be
made immutable, so that <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>,
<a href="https://man.openbsd.org/mprotect.2">mprotect(2)</a> or
<a href="https://man.openbsd.org/munmap.2">munmap(2)</a> fail with
EPERM. Most of the program static address space is now automatically
immutable (main program, ld.so, main stack, load-time shared libraries,
and dlopen()'d libraries mapped without RTLD_NODELETE). Programmers
can request non-immutable static data using the "openbsd.mutable" section,
or manually bring immutability to (page aligned heap objects) using
<a href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a>.
Theo de Raadt, Dec 4, 2022.
<li>sshd random relinking at boot. Theo de Raadt. Jan 18, 2023.
<li>Some architectures now have non-readable code ("xonly"), both from
the perspective of userland reading its own memory, or the kernel
trying to read memory in a system call. Many sloppy practices in
userland code had to be repaired to allow this. The linker option
<b>--execute-only</b> is enabled by default. In order of
development: arm64, riscv64, hppa, amd64,
powerpc64, powerpc (G5 only), octeon.
sparc64 (sun4u only, unfinished).
Mark Kettenis, Theo de Raadt, Visa Hankala, Miod Vallat,
Dave Voutila, George Koehler in kernel and base, and
Theo Buehler, Robert Nagy, Christian Weisgerber in ports.
Dec 2022 - Feb 2023, still ongoing.
<li>On all architectures which lack hardware-enforcement of xonly,
system calls are now prevented from reading (via copyin/copyinst)
inside the program's main text, ld.so text, sigtramp text, or
libc.so text.
Theo de Raadt, Jan 2023.
<li>Architectures which lack xonly mmu-enforcement can still benefit
from switching to --execute-only binaries if the cpu generates
different traps for instruction-fetch versus data-fetch. The
VM system will not allow memory to be read before it was
executed which is valuable together with library relinking.
Architectures switched over include loongson.
Theo de Raadt, Feb 2023.
<li>ld.so and crt0 register the location of the execve(2) stub with
the kernel using pinsyscall(2), after which the kernel only accepts
an execve call from that specific location. Theo de Raadt, Feb 2023.
<li>Mandatory enforcement of indirect branch targets (BTI on arm64,
IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests
no enforcement.
</ul>
<h3>Functions</h3>
<ul>
<li><a href="https://man.openbsd.org/issetugid.2">issetugid(2)</a>:
Theo de Raadt, August 25, 1996, OpenBSD 2.0
<li><a href="https://man.openbsd.org/arc4random.3">arc4random(3)</a>:
David Mazieres, December 28, 1996, OpenBSD 2.1
<li><a href="https://man.openbsd.org/bcrypt.3">bcrypt(3)</a>:
Implemented by <a href="https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html">Niels Provos and David Mazieres</a>
Imported February 13, 1997 and first released with OpenBSD 2.1.
<li><a href="https://man.openbsd.org/strlcpy.3">strlcpy(3)</a>,
<a href="https://man.openbsd.org/strlcat.3">strlcat(3)</a>:
Todd Miller and Theo de Raadt, July 1, 1998, OpenBSD 2.4
<li><a href="https://man.openbsd.org/strtonum.3">strtonum(3)</a>:
Ted Unangst, Todd Miller, and Theo de Raadt, May 3, 2004, OpenBSD 3.6
<li><a href="https://man.openbsd.org/imsg_init.3">imsg</a>:
Message passing API, written by Henning Brauer.
In libutil since May 26, 2010, OpenBSD 4.8;
used by various daemons before that.
<li><a href="https://man.openbsd.org/timingsafe_bcmp.3">timingsafe_bcmp(3)</a>:
Damien Miller, July 13, 2010, OpenBSD 4.9
<li><a href="https://man.openbsd.org/explicit_bzero.3">explicit_bzero(3)</a>:
Ted Unangst and Matthew Dempsky, January 22, 2014, OpenBSD 5.5
<li><a href="https://man.openbsd.org/ohash_init.3">ohash</a>:
Written and maintained by Marc Espie.
In libutil since May 12, 2014, OpenBSD 5.6;
used by make(1) and m4(1) before that.
<li><a href="https://man.openbsd.org/asr_run.3">asr</a>:
Replacement resolver written and maintained by Eric Faurot.
Imported April 14, 2012; activated on March 26, 2014, OpenBSD 5.6.
<li><a href="https://man.openbsd.org/reallocarray.3">reallocarray(3)</a>:
Theo de Raadt and Ted Unangst, April 22, 2014, OpenBSD 5.6
<li><a href="https://man.openbsd.org/getentropy.2">getentropy(2)</a>:
Matthew Dempsky and Theo de Raadt, June 13, 2014, OpenBSD 5.6
<li><a href="https://man.openbsd.org/sendsyslog.2">sendsyslog(2)</a>:
Theo de Raadt, July 10, 2014, OpenBSD 5.6
<li><a href="https://man.openbsd.org/timingsafe_memcmp.3">timingsafe_memcmp(3)</a>:
Matthew Dempsky, July 13, 2014, OpenBSD 5.6
<li><a href="https://man.openbsd.org/pledge.2">pledge(2)</a>:
Theo de Raadt, July 19, 2015, OpenBSD 5.9
<li><a href="https://man.openbsd.org/getpwnam_shadow.3">getpwnam_shadow(3)</a>,
<a href="https://man.openbsd.org/getpwuid_shadow.3">getpwuid_shadow(3)</a>:
Ted Unangst and Theo de Raadt, November 18, 2015, OpenBSD 5.9
<li><a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a>:
Otto Moerbeek, Joel Sing and Theo de Raadt, March 6, 2017, OpenBSD 6.1
<li><a href="https://man.openbsd.org/freezero.3">freezero(3)</a>:
Otto Moerbeek, April 10, 2017, OpenBSD 6.2
<li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a>:
Theo de Raadt and Bob Beck, July 13, 2018, OpenBSD 6.4
<li><a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a>
and
<a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>:
Otto Moerbeek, May 10, 2019, OpenBSD 6.5
<li><a href=https://man.openbsd.org/ober_read_elements.3>ober</a>:
ASN.1 basic encoding rules API, written by Claudio Jeker and
Reyk Fl&ouml;ter, maintained by Rob Pierce and Martijn van Duren;
started in 2006/07, moved to libutil on May 11, 2019, OpenBSD 6.6
</ul>
<h3>Programs and subsystems</h3>
<ul>
<li><a href="https://man.openbsd.org/ypbind.8">ypbind(8)</a>,
<a href="https://man.openbsd.org/ypset.8">ypset(8)</a>,
<a href="https://man.openbsd.org/ypcat.1">ypcat(1)</a>,
<a href="https://man.openbsd.org/ypmatch.1">ypmatch(1)</a>,
<a href="https://man.openbsd.org/ypwhich.1">ypwhich(1)</a>,
and libc support: Started by Theo de Raadt.
Imported April 26, 1993 and first released with NetBSD 0.9.
<li><a href="https://man.openbsd.org/ypserv.8">ypserv(8)</a>:
Started by Mats O. Jansson in 1994.
Imported October 23, 1995 and first released with OpenBSD 2.0.
<li><a href="https://man.openbsd.org/mopd.8">mopd(8)</a>:
Started by Mats O. Jansson in 1993.
Imported September 21, 1996 and first released with OpenBSD 2.0.
<li><a href="anoncvs.html">AnonCVS</a>:
Designed and implemented by Chuck Cranor and Theo de Raadt in 1995
(<a href="papers/anoncvs-paper.pdf">paper</a>,
<a href="papers/anoncvs-slides.pdf">slides</a>)
<li><a href="https://man.openbsd.org/aucat.1">aucat(1)</a>:
Started by Kenneth Stailey.
Imported January 2, 1997 and first released with OpenBSD 2.1.
Now maintained by Alexandre Ratchov.
<li><a href="https://www.openssh.com/">OpenSSH</a>
including <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>,
<a href="https://man.openbsd.org/scp.1">scp(1)</a>,
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a>,
<a href="https://man.openbsd.org/ssh-add.1">ssh-add(1)</a>,
<a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>,
<a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>,
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>,
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>:
Started by Aaron Campbell, Bob Beck, Dug Song, Markus Friedl,
Niels Provos, and Theo de Raadt
as a fork of SSH 1.2.12 by Tatu Ylonen.
Imported September 26, 1999 and first released with OpenBSD 2.6.
Now maintained by Markus Friedl, Damien Miller, Darren Tucker, and
Theo de Raadt.
<li><a href="https://man.openbsd.org/mg.1">mg(1)</a>:
Started by Dave Conroy in November 1986.
Imported February 25, 2000 and first released with OpenBSD 2.7.
Now maintained by Mark Lumsden.
<li><a href="https://man.openbsd.org/m4.1">m4(1)</a>:
Originally implemented by Ozan Yigit and Richard A. O'Keefe for 4.3BSD-Reno.
Considerably extended and maintained by Marc Espie since 1999.
<li><a href="https://man.openbsd.org/pf.4">pf(4)</a>,
<a href="https://man.openbsd.org/pfctl.8">pfctl(8)</a>,
<a href="https://man.openbsd.org/pflogd.8">pflogd(8)</a>,
<a href="https://man.openbsd.org/authpf.8">authpf(8)</a>,
<a href="https://man.openbsd.org/ftp-proxy.8">ftp-proxy(8)</a>:
Started by Daniel Hartmeier as a replacement for the non-free ipf by
Darren Reed. Imported June 24, 2001 and first released with OpenBSD
3.0. Now maintained by Henning Brauer.
<li><a href="https://man.openbsd.org/OpenBSD-5.9/systrace.4">systrace(4)</a>,
<a href="https://man.openbsd.org/OpenBSD-5.9/systrace.1">systrace(1)</a>:
Started by Niels Provos.
Imported June 4, 2002 and first released with OpenBSD 3.2.
Deleted after OpenBSD 5.9 because
<a href="https://man.openbsd.org/pledge.2">pledge(2)</a> is even better.
<li><a href="https://man.openbsd.org/spamd.8">spamd(8)</a>:
Written by Bob Beck. Imported December 21, 2002 and first released with
OpenBSD 3.3.
<li><a href="https://man.openbsd.org/dc.1">dc(1)</a>:
Written and maintained by Otto Moerbeek.
Imported September 19, 2003 and first released with OpenBSD 3.5.
<li><a href="https://man.openbsd.org/bc.1">bc(1)</a>:
Written and maintained by Otto Moerbeek.
Imported September 25, 2003 and first released with OpenBSD 3.5.
<li><a href="https://man.openbsd.org/sensorsd.8">sensorsd(8)</a>:
Started by Henning Brauer.
Imported September 24, 2003 and first released with OpenBSD 3.5.
Reworked by Constantine A. Murenin.
<li><a href="https://man.openbsd.org/pkg_add.1">pkg_add(1)</a>:
Written and maintained by Marc Espie.
Imported October 16, 2003 and first released with OpenBSD 3.5.
<li><a href="https://man.openbsd.org/carp.4">carp(4)</a>:
Written by Mickey Shalayeff, Markus Friedl, Marco Pfatschbacher,
and Ryan McBride.
Imported October 17, 2003 and first released with OpenBSD 3.5.
<li><a href="https://www.openbgpd.org/">OpenBGPD</a>
including <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>
and <a href="https://man.openbsd.org/bgpctl.8">bgpctl(8)</a>:
Written and maintained by Henning Brauer and Claudio Jeker,
and also maintained by Peter Hessler.
Imported December 17, 2003 and first released with OpenBSD 3.5.
<li><a href="https://man.openbsd.org/dhclient.8">dhclient(8)</a>:
Started by Ted Lemon and Elliot Poger in 1996.
Imported January 18, 2004 and first released with OpenBSD 3.5.
Reworked by Henning Brauer.
Now maintained by Kenneth Westerback.
<li><a href="https://man.openbsd.org/dhcpd.8">dhcpd(8)</a>:
Started by Ted Lemon in 1995.
Imported April 13, 2004 and first released with OpenBSD 3.6.
Reworked by Henning Brauer.
Now maintained by Kenneth Westerback.
<li><a href="https://man.openbsd.org/hotplugd.8">hotplugd(8)</a>:
Started by Alexander Yurchenko.
Imported May 30, 2004 and first released with OpenBSD 3.6.
<li><a href="https://www.openntpd.org/">OpenNTPD</a>
including <a href="https://man.openbsd.org/ntpd.8">ntpd(8)</a>
and <a href="https://man.openbsd.org/ntpctl.8">ntpctl(8)</a>:
Written and maintained by Henning Brauer.
Imported May 31, 2004 and first released with OpenBSD 3.6.
Portable version maintained by Brent Cook.
<li><a href="https://man.openbsd.org/dpb.1">dpb(1)</a>:
Started by Nikolay Sturm on August 10, 2004; first available for OpenBSD 3.6.
Rewritten and maintained by Marc Espie since August 20, 2010.
<li><a href="https://man.openbsd.org/ospfd.8">ospfd(8)</a>,
<a href="https://man.openbsd.org/ospfctl.8">ospfctl(8)</a>:
Started by Esben Norby and Claudio Jeker.
Imported January 28, 2005 and first released with OpenBSD 3.7.
<li><a href="https://man.openbsd.org/ifstated.8">ifstated(8)</a>:
Started by Marco Pfatschbacher and Ryan McBride.
Imported January 23, 2004 and first released with OpenBSD 3.8.
<li><a href="https://man.openbsd.org/bioctl.8">bioctl(8)</a>:
Started by Marco Peereboom.
Imported March 29, 2005 and first released with OpenBSD 3.8.
<li><a href="https://man.openbsd.org/hostapd.8">hostapd(8)</a>:
Written by Reyk Fl&ouml;ter.
Imported May 26, 2005 and first released with OpenBSD 3.8.
<li><a href="https://man.openbsd.org/watchdogd.8">watchdogd(8)</a>:
Started by Marc Balmer.
Imported August 8, 2005 and first released with OpenBSD 3.8.
<li><a href="https://man.openbsd.org/sdiff.1">sdiff(1)</a>:
Written by Ray Lai.
Imported December 27, 2005 and first released with OpenBSD 3.9.
<li><a href="https://man.openbsd.org/dvmrpd.8">dvmrpd(8)</a>,
<a href="https://man.openbsd.org/dvmrpctl.8">dvmrpctl(8)</a>:
Started by Esben Norby.
Imported June 1, 2006 and first released with OpenBSD 4.0.
<li><a href="https://man.openbsd.org/ripd.8">ripd(8)</a>,
<a href="https://man.openbsd.org/ripctl.8">ripctl(8)</a>:
Started by Michele Marchetto.
Imported October 18, 2006 and first released with OpenBSD 4.1.
<li><a href="https://man.openbsd.org/pkg-config.1">pkg-config(1)</a>:
Started by Chris Kuethe and Marc Espie.
Imported November 27, 2006 and first released with OpenBSD 4.1.
Now maintained by Jasper Lievisse Adriaanse.
<li><a href="https://man.openbsd.org/relayd.8">relayd(8)</a>
with <a href="https://man.openbsd.org/relayctl.8">relayctl(8)</a>:
Started by Pierre-Yves Ritschard and Reyk Fl&ouml;ter.
Imported December 16, 2006 and first released with OpenBSD 4.1.
Now maintained by Sebastian Benoit.<br/>
<li><a href="https://man.openbsd.org/cwm.1">cwm(1)</a>:
Started by <a href="https://monkey.org/~marius/cwm/README">Marius
Aamodt Eriksen</A> in 2004.
Imported April 27, 2007 and first released with OpenBSD 4.2.
Now maintained by Okan Demirmen.
<a href="https://github.com/chneukirchen/cwm">Portable version</a>
maintained by Leah Neukirchen.
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a>,
<a href="https://man.openbsd.org/ospf6ctl.8">ospf6ctl(8)</a>:
Started by Esben Norby and Claudio Jeker.
Imported October 8, 2007 and first released with OpenBSD 4.2.
<li><a href="https://man.openbsd.org/libtool.1">libtool(1)</a>:
Written by Steven Mestdagh and Marc Espie.
Imported October 28, 2007 and first available for OpenBSD 4.3.
Now maintained by Marc Espie, Jasper Lievisse Adriaanse,
and Antoine Jacoutot.
<li><a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>:
Started by Reyk Fl&ouml;ter.
Imported December 5, 2007 and first released with OpenBSD 4.3.
Now maintained by Martijn van Duren.
<li><a href="https://man.openbsd.org/sysmerge.8">sysmerge(8)</a>:
Written and maintained by Antoine Jacoutot,
originally forked from mergemaster by Douglas Barton.
Imported April 22, 2008, first released with OpenBSD 4.4.
<li><a href="https://man.openbsd.org/ypldap.8">ypldap(8)</a>:
Started by Pierre-Yves Ritschard.
Imported June 26, 2008 and first released with OpenBSD 4.4.
<li><a href="https://www.opensmtpd.org/">OpenSMTPD</a>
including <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,
<a href="https://man.openbsd.org/smtpctl.8">smtpctl(8)</a>,
<a href="https://man.openbsd.org/makemap.8">makemap(8)</a>:
Started by Gilles Chehade.
Imported November 1, 2008 and first released with OpenBSD 4.6.
Now maintained by Gilles Chehade and Eric Faurot.
<li><a href="https://tmux.github.io/">tmux</a>,
<a href="https://man.openbsd.org/tmux.1">tmux(1)</a>:
Started in 2007 and maintained by Nicholas Marriott.
Imported June 1, 2009, first released with OpenBSD 4.6.
<li><a href="https://man.openbsd.org/ldpd.8">ldpd(8)</a>,
<a href="https://man.openbsd.org/ldpctl.8">ldpctl(8)</a>:
Started by Michele Marchetto.
Imported June 1, 2009 and first released with OpenBSD 4.6.
Now maintained by Claudio Jeker.
<li><a href="https://mdocml.bsd.lv/">mandoc</a>
including <a href="https://man.openbsd.org/mandoc.1">mandoc(1)</a>,
<a href="https://man.openbsd.org/man.1">man(1)</a>,
<a href="https://man.openbsd.org/apropos.1">apropos(1)</a>,
<a href="https://man.openbsd.org/makewhatis.8">makewhatis(8)</a>,
<a href="https://man.openbsd.org/man.cgi.8">man.cgi(8)</a>:
Started by Kristaps Dzonsons in November 2008.
Imported April 6, 2009, first released with OpenBSD 4.8.
Now maintained by Ingo Schwarze.
<li><a href="https://man.openbsd.org/ldapd.8">ldapd(8)</a>,
<a href="https://man.openbsd.org/ldapctl.8">ldapctl(8)</a>:
Written by Martin Hedenfalk.
Imported May 31, 2010 and first released with OpenBSD 4.8.
<li><a href="https://www.openiked.org/">OpenIKED</a>
including <a href="https://man.openbsd.org/iked.8">iked(8)</a>
and <a href="https://man.openbsd.org/ikectl.8">ikectl(8)</a>:
Started by Reyk Fl&ouml;ter.
Imported June 3, 2010 and first released with OpenBSD 4.8.
Now maintained by Tobias Heider.
<li><a href="https://man.openbsd.org/iscsid.8">iscsid(8)</a>,
<a href="https://man.openbsd.org/iscsictl.8">iscsictl(8)</a>:
Written and maintained by Claudio Jeker.
Imported September 24, 2010 and first released with OpenBSD 4.9.
<li><a href="https://man.openbsd.org/rc.d.8">rc.d(8)</a>,
<a href="https://man.openbsd.org/rc.subr.8">rc.subr(8)</a>:
Written and maintained by Robert Nagy and Antoine Jacoutot.
Imported October 26, 2010 and first released with OpenBSD 4.9.
<li><a href="https://man.openbsd.org/tftpd.8">tftpd(8)</a>:
Written and maintained by David Gwynne.
Imported March 2, 2012 and first released with OpenBSD 5.2.
<li><a href="https://man.openbsd.org/npppd.8">npppd(8)</a>,
<a href="https://man.openbsd.org/npppctl.8">npppctl(8)</a>:
Started by Internet Initiative Japan Inc.
Imported January 11, 2010, first released with OpenBSD 5.3.
Maintained by YASUOKA Masahiko.
<li><a href="https://man.openbsd.org/ldomd.8">ldomd(8)</a>,
<a href="https://man.openbsd.org/ldomctl.8">ldomctl(8)</a>:
Written and maintained by Mark Kettenis.
Imported October 26, 2012 and first released with OpenBSD 5.3.
<li><a href="https://man.openbsd.org/sndiod.8">sndiod(8)</a>:
Written and maintained by Alexandre Ratchov.
Imported November 23, 2012 and first released with OpenBSD 5.3.
<li><a href="https://man.openbsd.org/cu.1">cu(1)</a>:
Written and maintained by Nicholas Marriott.
Imported July 10, 2012 and first released with OpenBSD 5.4.
<li><a href="https://man.openbsd.org/identd.8">identd(8)</a>:
Written and maintained by David Gwynne.
Imported March 18, 2013 and first released with OpenBSD 5.4.
<li><a href="https://man.openbsd.org/slowcgi.8">slowcgi(8)</a>:
Written and maintained by Florian Obser.
Imported May 23, 2013 and first released with OpenBSD 5.4.
<li><a href="https://man.openbsd.org/signify.1">signify(1)</a>:
Written and maintained by <a href="https://www.tedunangst.com/flak/post/signify">Ted Unangst</a>.
Imported December 31, 2013 and first released with OpenBSD 5.5.
<li><a href="https://man.openbsd.org/htpasswd.1">htpasswd(1)</a>:
Written and maintained by Florian Obser.
Imported March 17, 2014 and first released with OpenBSD 5.6.
<li><a href="https://www.libressl.org/">LibreSSL</a>:
Started by Ted Unangst, Bob Beck, Joel Sing, Miod Vallat, Philip Guenther,
and Theo de Raadt on April 13, 2014, as a fork of OpenSSL 1.0.1g.
First released with OpenBSD 5.6.
Portable version maintained by Brent Cook.
<li><a href="https://man.openbsd.org/httpd.8">httpd(8)</a>:
Started by Reyk Fl&ouml;ter.
Imported July 12, 2014 and first released with OpenBSD 5.6.
<li><a href="https://man.openbsd.org/rcctl.8">rcctl(8)</a>:
Written and maintained by Antoine Jacoutot.
Imported August 19, 2014 and first released with OpenBSD 5.7.
<li><a href="https://man.openbsd.org/file.1">file(1)</a>:
Rewritten from scratch and maintained by Nicholas Marriott.
Imported April 24, 2015 and first released with OpenBSD 5.8.
<li><a href="https://man.openbsd.org/doas.1">doas(1)</a>:
Written and maintained by Ted Unangst.
Imported July 16, 2015 and first released with OpenBSD 5.8.
<li><a href="https://man.openbsd.org/radiusd.8">radiusd(8)</a>:
Written and maintained by YASUOKA Masahiko.
Imported July 21, 2015 and first released with OpenBSD 5.8.
<li><a href="https://man.openbsd.org/eigrpd.8">eigrpd(8)</a>,
<a href="https://man.openbsd.org/eigrpctl.8">eigrpctl(8)</a>:
Written and maintained by Renato Westphal.
Imported October 2, 2015 and first released with OpenBSD 5.9.
<li><a href="https://man.openbsd.org/vmm.4">vmm(4)</a>,
<a href="https://man.openbsd.org/vmd.8">vmd(8)</a>,
<a href="https://man.openbsd.org/vmctl.8">vmctl(8)</a>:
Written by Mike Larkin and Reyk Fl&ouml;ter.
Imported November 13, 2015 and first released with OpenBSD 5.9.
<li><a href="https://man.openbsd.org/pdisk.8">pdisk(8)</a>:
Originally written by Eryk Vershen in 1996-1998,
rewritten and maintained by Kenneth Westerback since January 11, 2016
and first released with OpenBSD 5.9.
<li><a href="https://man.openbsd.org/mknod.8">mknod(8)</a>:
Original version from Version 6 AT&amp;T UNIX (1975),
last rewritten by Marc Espie on March 5, 2016
and first released with OpenBSD 6.0.
<li><a href="https://man.openbsd.org/audioctl.1">audioctl(1)</a>:
Originally written by Lennart Augustsson in 1997,
rewritten and maintained by Alexandre Ratchov since June 21, 2016
and first released with OpenBSD 6.0.
<li><a href="https://man.openbsd.org/acme-client.1">acme-client(1)</a>:
Written by Kristaps Dzonsons, imported August 31, 2016; released
with OpenBSD 6.1.
<li><a href="https://man.openbsd.org/syspatch.8">syspatch(8)</a>:
Written and maintained by Antoine Jacoutot.
Imported September 5, 2016; released with OpenBSD 6.1.
<li><a href="https://man.openbsd.org/ping.8">ping(8)</a>:
Restructured to include IPv6 functionality and maintained by Florian Obser.
The separate
<a href="https://man.openbsd.org/OpenBSD-6.0/ping6.8">ping6(8)</a>
was superseded on September 17, 2016,
and the new, combined version was released with OpenBSD 6.1.
<li><a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>:
Cleaned-up fork of
<a href="https://man.openbsd.org/OpenBSD-6.0/xdm.1">xdm(1)</a>
maintained by Matthieu Herrb.
Imported October 23, 2016; released with OpenBSD 6.1.
<li><a href="https://man.openbsd.org/ocspcheck.8">ocspcheck(8)</a>:
Written and maintained by Bob Beck.
Imported January 24, 2017; released with OpenBSD 6.1.
<li><a href="https://man.openbsd.org/slaacd.8">slaacd(8)</a>:
Written and maintained by Florian Obser.
Imported March 18, 2017; released with OpenBSD 6.2.
<li><a href="https://man.openbsd.org/rad.8">rad(8)</a>:
Written and maintained by Florian Obser.
Imported July 10, 2018; released with OpenBSD 6.4.
<li><a href="https://man.openbsd.org/unwind.8">unwind(8)</a>:
Written and maintained by Florian Obser.
Imported January 23, 2019; released with OpenBSD 6.5.
<li><a href="https://man.openbsd.org/openrsync.1">openrsync(1)</a>:
Written by Kristaps Dzonsons.
Imported February 10, 2019; released with OpenBSD 6.5.
<li><a href="https://man.openbsd.org/sysupgrade.8">sysupgrade(8)</a>:
Written by Christian Weisgerber, Florian Obser, and Theo de Raadt.
Imported April 25, 2019; released with OpenBSD 6.6.
<li><a href="https://man.openbsd.org/snmp.1">snmp(1)</a>:
Written and maintained by Martijn van Duren.
Imported August 9, 2019; released with OpenBSD 6.6.
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a>:
Written by Kristaps Dzonsons, maintained by Claudio Jeker.
Imported June 17, 2019; released with OpenBSD 6.7.
<li><a href="https://man.openbsd.org/resolvd.8">resolvd(8)</a>:
Written and maintained by Florian Obser and Theo de Raadt.
Imported February 24, 2021; released with OpenBSD 6.9.
<li><a href="https://man.openbsd.org/dhcpleased.8">dhcpleased(8)</a>:
Written and maintained by Florian Obser.
Imported February 26, 2021; released with OpenBSD 6.9.
</ul>
<h3>Projects maintained by OpenBSD developers outside OpenBSD</h3>
<ul>
<li><a href="https://www.sudo.ws/">sudo</a>:
Started by Bob Coggeshall and Cliff Spencer around 1980.
Imported November 18, 1999, first released with OpenBSD 2.7.
Now maintained by Todd Miller.
<li><a href="http://bulabula.org/femail/">femail</a>:
Written and maintained by Henning Brauer.
Started in 2005, port available since September 22, 2005.
<li><a href="https://www.midish.org/">midish</a>:
Written and maintained by Alexandre Ratchov.
Started in 2003, port available since November 4, 2005.
<li><a href="https://github.com/nicm/fdm">fdm</a>:
Written and maintained by Nicholas Marriott.
Started in 2006, port available since January 18, 2007.
<li><a href="https://github.com/ajacoutot/toad/">toad</a>:
Written and maintained by Antoine Jacoutot.
Started in 2013, port available since October 8, 2013.
<li><a href="https://mandoc.bsd.lv/docbook2mdoc/">docbook2mdoc</a>:
Started by Kristaps Dzonsons in 2014, maintained by Ingo Schwarze.
Port available since April 3, 2014.
<li><a href="https://jasperla.github.io/portroach/">portroach</a>:
Written and maintained by Jasper Lievisse Adriaanse,
originally forked from FreeBSD's portscout.
Started in 2014, port available since September 5, 2014.
<li><a href="https://github.com/yasuoka/cvs2gitdump">cvs2gitdump</a>:
Written and maintained by YASUOKA Masahiko.
Started in 2012, port available since August 1, 2016.
<li><a href="https://gameoftrees.org">Game of Trees</a>:
Written and maintained by Stefan Sperling.
Started in 2017, port available since August 9, 2019.
</ul>
Reference in New Issue View Git Blame Copy Permalink