CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD

On April 27, 2019, I gave a talk on how to use OpenBSD to write better software at CarolinaCon 15 in Charlotte.

Abstract

OpenBSD is renowned for its security innovations and code quality. With its emphasis on code correctness, exploit mitigation techniques, and a rigorous development process, OpenBSD provides a rich platform and environment for developers to create robust software.

This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.

Slides

You can download my slides here.

Video

You can see a video of the talk here.

Huge thanks to Stuart McMurray who kindly recorded my talk with Periscope! Stuart also gave an excellent talk on DNS tunneling at the same conference; be sure to check it out (slides, video)!

References

These are the resources that I used to prepare my talk. They are listed according to the sections used in the talk. Thanks to all the authors, without whom this talk would not have been possible!

Exploit Mitigation Techniques in OpenBSD

• Theo de Raadt, Mitigations and other real security features, BSDTW 2017.
• Theo de Raadt, arc4random: randomization for all occasions, Hackfest 2014.
• Theo de Raadt, Exploit Mitigation Techniques, OpenCON 2005.

Setting up your OpenBSD environment

• Ted Unangst, Developing Software in a Hostile Environment, EuroBSDCon 2014.
• malloc man page - shows malloc options and how you can use them
• Mike Larkin, Kernel W^X Improvements In OpenBSD, Hackfest 2015. (Video)
• OpenBSD platforms
• Peter Valchev, Using OpenBSD Security Features to Find Software Bugs

Auditing your code

• OpenBSD style(9) coding style
• OpenBSD snprintf(3) man page
• Henning Brauer and Sven Dehmlow, Puffy at Work: Code Right and Secure, the OpenBSD Way, BSDCan 2010.

Secure API alternatives

• strlcpy(3)
• strtonum(3)
• explicit_bzero(3)
• The malloc(3) man page also describes the freezero(3) and reallocarray(3) functions.
• arc4random(3)

libtls

• libtls man page
• Bob Beck’s libtls tutorial

tedu your code

• Ted Unangst, Pruning and Polishing: Keeping OpenBSD Modern, AsiaBSDCon 2015.

pledge(2)

• pledge(2)
• Theo de Raadt, Pledge and Privsep, EuroBSDCOn 2017. (Video)
• Theo de Raadt, Privilege Separation and Pledge, dotSecurity 2016.
• Bob Beck, Pledge, and Unveil, in OpenBSD, BSDCan 2018. (Video)
• Theo de Raadt, pledge(): a new mitigation mechanism, Hackfest 2015. (Video)
• Giovanni Bechis, Linux seccomp(2) vs OpenBSD pledge(2), Open Source Summit 2017.
• pledge(2) bindings
  • Node pledge
  • Perl pledge
  • Ruby pledge
  • Rust pledge
  • Others

unveil(2)

• unveil(2)
• Bob Beck, Pledge, and Unveil, in OpenBSD, BSDCan 2018. (Video)
• Bob Beck, Unveil in OpenBSD, EuroBSDCon 2018.
• unveil(2) bindings
  • Ruby unveil
  • Rust unveil

Privilege Dropping and Privilege Separation

• chroot
  • tzset(3)
  • getpwnam(2)
  • setpgid(2)
  • chroot(2)
  • setgroups(2)
  • setresuid(2)
• Theo de Raadt, Privilege Separation and Pledge, dotSecurity 2016.
• Reyk Floeter, relayd commit: Introduce privsep for private keys
• Reyk Floeter, smtpd commit: Implement RSA privilege separation
• Henning Brauer, OpenBGPD and OpenNTPD, 21C3 - Chaos Communication Congress 2004.
• ntpd source
• Ken Westerback, Skeletal OpenBSD daemon - three processes, priv separated

Related Resources

• OpenBSD events and papers
• OpenBSD Journal
• OpenBSD innovations
• Bryan Steele’s Twitter feed on new OpenBSD features
• Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazieres, and Dan Boneh, Hacking Blind, 2014 IEEE Symposium on Security and Privacy.
• Chris Anley, John Heasman, Felix Lindner, and Gerardo Richarte, The Shellcoder’s Handbook: Discovering and Exploiting Security Holes (2nd Edition).

I hope you find my talk and this content useful. Happy hacking!