█ SecBSD
Open source volunteer project to develop security
focused UNIX-like operating system based upon OpenBSD for security
researchers, pentesters, bug hunters, cybersecurity folks,
hacktivists and paranoid dudes. Inside, the development process
follows the same philosophy as OpenBSD, we believes in strong
security, privacy and cryptography by default.
█ Advantage
- A new kernel is generated with randomized addresses at every
boot, install and upgrade.
- No telemetry. No tracking.
- No mic recording sound by default. No webcam access by default.
- Memory can be written to or executed, but no both, that prevents malicious
code from producing buffer overflows.
- Anti-ROP, the order of symbols in libc.so are randomized at boot time to
prevent "return oriented programming".
- Memory allocation randomization. This make attacks harder
because each runs has a different memory layout.
- Position independent executable. An executable and its
dependencies are loaded into random memory locations within virtual
memory. This make it hard for an attacker to predict a binary behaviour.
- Disabled simultaneous multi-threading by default. Holds separate
page tables for the kernel and userland to mitigate hardware
vulnerabilities as meltdown and spectre.
- The file utility is sandboxed and runs as the "_file" user by default.
- Unveil and Pledge.
- Privilege separation.
2023