On April 27, 2019, I gave a talk on how to use OpenBSD to write better software at CarolinaCon 15 in Charlotte.

Abstract

OpenBSD is renowned for its security innovations and code quality. With its emphasis on code correctness, exploit mitigation techniques, and a rigorous development process, OpenBSD provides a rich platform and environment for developers to create robust software.

This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.

Slides

You can download my slides here.

Video

You can see a video of the talk here.

Huge thanks to Stuart McMurray who kindly recorded my talk with Periscope! Stuart also gave an excellent talk on DNS tunneling at the same conference; be sure to check it out (slides, video)!

References

These are the resources that I used to prepare my talk. They are listed according to the sections used in the talk. Thanks to all the authors, without whom this talk would not have been possible!

Exploit Mitigation Techniques in OpenBSD

Setting up your OpenBSD environment

Auditing your code

Secure API alternatives

strlcpy(3)

strtonum(3)

explicit_bzero(3)

The malloc(3) man page also describes the freezero(3) and reallocarray(3) functions.

arc4random(3)

libtls

tedu your code

Ted Unangst, Pruning and Polishing: Keeping OpenBSD Modern, AsiaBSDCon 2015.

pledge(2)

unveil(2)

Privilege Dropping and Privilege Separation

Related Resources

I hope you find my talk and this content useful. Happy hacking!