One of the most common intrusion paths is to attack what’s in the computer’s memory. If intruders can access memory that they shouldn’t be able to access, or if they can make a program access memory it shouldn’t, they have any number of ways to get into the system.
OpenBSD includes a whole bunch of security features for system memory that the sysadmin never actually sees. You don’t need to turn on the nonexecutable stack; it’s just there.
Some of these features appear only in OpenBSD. Some appeared first in OpenBSD, and then spread elsewhere. Some came from research papers. Others build on hardware features.
The OpenBSD team takes a more proactive attitude about security features than many other projects. As an example, ...