OpenBSD Journal

Tartalom átvétel OpenBSD Journal
The OpenBSD Community.
Frissült: 51 perc 45 másodperc

afl-fuzz - American Fuzzy Lop

sze, 2015-01-21 10:49
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

I wanted to test the afl fuzzer that sort of recently entered the ports collection, ever since this webpage talked about how they give a jpeg decoder the string "Hello" in a file which it twists and mutates until the jpeg decoder no longer croaks on it, and it ends up actually being a valid jpeg image (though not very pretty). Read more...

Kategóriák: *BSD

amd64 Kernel W^X

sze, 2015-01-14 15:39
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Theo de Raadt (deraadt@) announced that amd64 kernels now have W^X memory protection in the kernel: Mike Larkin has been slow at informing the world, despite my prodding. Probably started working on something else cool... Read more...

Kategóriák: *BSD

OpenNTPD 5.7p1 Released

p, 2015-01-09 09:48
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook (bcook@), still flush from success in creating the portable version of LibreSSL, has turned his hand to to OpenNTPD:

After a long hiatus, the latest version of OpenNTPD is available once again in a portable release.

  • Support for a new build infrastructure based on the LibreSSL framework. Source code is integrated directly from the OpenBSD tree with few manual changes, easing maintenance.
  • Removed support for several OSes pending test reports and updated portability code.
  • Supports the Simple Network Time Protocol version 4 as described in RFC 5905
  • Added route virtualization (rdomain) support.
  • Added ntpctl(8), which allows for querying ntpd(8) at runtime.
  • Finer-grained clock adjustment via adjfreq / ntp_adjtime where available.
  • Improved latency on heavily-loaded machines.

Hopefully those who've repackaged the previous releases for their OSes will update in due course.

Kategóriák: *BSD

Dissecting OpenBSD's divert(4) Part 1: Introduction

cs, 2015-01-08 10:41
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Lawrence Teo (lteo@) has published the first in a series of posts about OpenBSD's divert(4) functionality:

For more than four years I have been using and tinkering with OpenBSD’s divert(4). At one point after OpenBSD 4.9 was released, I ran into an annoying bug in divert(4) that totally prevented me from using it. At the time I had no idea how to fix it, so I did the next best thing by filing a detailed bug report.

Eventually I realized that the bug isn’t going to fix itself, so I decided it was time to roll up my sleeves and wade into the code. So after 2.5 years of on-and-off tinkering and staring at the code and head-scratching and facedesking I finally fixed it, thanks to a ton of help from Bret Lambert (blambert@). The problem turned out to be due to checksums, which is another interesting topic but that’s a story for another day.

Mr. Teo promises more on the subject soon, so read the whole thing, and keep slavering for more!

Kategóriák: *BSD

OpenBSD Moves to 5.7-beta

p, 2015-01-02 20:04
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Theo de Raadt (deraadt@) has moved OpenBSD to 5.7-beta: CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2015/01/01 08:50:27 Modified files: etc/root : root.mail share/mk : sys.mk sys/arch/macppc/stand/tbxidata: bsd.tbxi sys/conf : newvers.sh sys/sys : param.h Log message: move to 5.7-beta

As always, your testing is needed to ensure that any bugs are found and squashed early!

Kategóriák: *BSD

Heads Up: Snapshot Upgrades for Static PIE

sze, 2014-12-24 21:47
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

After much work by Pascal Stumpf (pascal@) and Mark Kettenis (kettenis@), Kurt Miller (kurt@), and no doubt others whose contributions were both significant and appreciated, static binaries can now be compiled as position-independent executables: New snapshots for a few architectures use static PIE binaries in /bin, /sbin (and a handful in /usr/bin and /usr/sbin as well). (amd64 and sparc64 leading the way, the rest will follow) This is yet another non-trivial conversion. Surely some will try to use the instructions in current.html to build through this hump manually. And surely some will fail, since it is a bit tricky. Please don't bother the lists in that case. If in doubt -- upgrade using a snapshot. Thanks.

As Theo says, snapshot upgrades to get over the hurdle; it would behoove us to do some testing to ensure no bugs were introduced.

As always, a great deal of thanks goes to those who work to improve OpenBSD!

Kategóriák: *BSD

BSDNow Episode 068: Just the Essentials

p, 2014-12-19 15:24

It's Michael W. Lucas week at Undeadly, as this week's episode of BSDNow features a lengthy interview with the man.

Additionally, they have more conference videos, a comparison of FreeBSD and OpenBSD security features, the OpenSMTPD folks (hi gilles@!) write about the work they've been doing, a review of httpd(8), and all the week's odds and ends in the world of BSD.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Kategóriák: *BSD

Michael W. Lucas' Sudo Talk Online

cs, 2014-12-18 20:09

Michael W. Lucas, author of Absolute OpenBSD, SSH Mastery, and Sudo Mastery (among others!) has given a talk, titled "Sudo: You're Doing it Wrong", now online:

It runs just over an hour, so make sure you bring a snack!

Kategóriák: *BSD

Dec 10th Errata

cs, 2014-12-11 20:45

Ted Unangst (tedu@) has announced the availability of patches for three separate issues.

The first errata addresses the recent DNS server issue

Three new errata to announce.

Malicious DNS servers could cause a denial of service with an endless series of delegations. This affects named (BIND) and unbound. There is a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have patches for BIND at this time.

Missing memory barriers (and other bugs) made virtio devices unreliable. Patches available for 5.5 and 5.6.

Lots and lots of security bugs in the X server have finally been fixed. http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ Patches are available for 5.5 and 5.6.

For 5.6: http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig

For 5.5: http://www.openbsd.org/errata55.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/018_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/019_xserver.patch.sig

Kategóriák: *BSD

Libressl 2.1.2 released.

k, 2014-12-09 09:48
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Brent Cook writes to tech@openbsd.org:
We have released LibreSSL 2.1.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. Read more...
Kategóriák: *BSD

BSDNow Episode 066: Conference Connoisseur

p, 2014-12-05 11:21

On this week's episode, It's nothing but BSDCons, with MeetBSD presentation videos, the upcoming ruBSD(Russian) and other BSDCons that are (or may be) upcoming in 2015, in addition to an interview with Paul Schenkeveld about running a BSDCon, and the usual roundup of the week's BSD-related news and rumors.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Kategóriák: *BSD

memcpy vs memmove

p, 2014-12-05 10:00
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Ted Unangst (tedu@) took the time to write up a short history of the trials and tribulations that have accompanied the recent attention being paid to the memcpy(3) and memmove(3) routines:

memcpy vs memmove

A few notes about memcpy vs memmove and some related items as well.

memcpy

The C standard specifies two functions for copying memory regions, memcpy and memmove. The important difference is that it is undefined behavior to call memcpy with overlapping regions. One must use memmove for that. As the names imply, memcpy copies data from one region to another, while memmove moves data within a region. (It’s also perfectly acceptable to memmove between different regions.)

This subtle but important distinction allows memcpy to be optimized more aggressively. In the case of memmove between overlapping regions, care must be taken not to destroy the contents of the source before they are done copying. This is easiest to see with a naive implementation of a copy loop.

Read the whole thing; it's an exciting journey into the world of bug-hunting!

Kategóriák: *BSD

Two New Kernel Errata

p, 2014-12-05 09:59
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } In an email to tech@, Ted Unangst (tedu@) lets us know about two new kernel bugs for which patches exist:

Patches are now available for 5.5 and 5.6 which fix two kernel errata.

5.5 errata 16 and 5.6 errata 10: Several bugs were fixed that allowed a crash from remote when an active pipex session exists.

5.5 errata 17 and 5.6 errata 11: An incorrect memcpy call would result in corrupted MAC addresses when using PPPOE.

Users who don't use don't use PPPOE or PIPEX are not affected, but can still apply the patches.

Links:

http://www.openbsd.org/errata55.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/016_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/017_pppoe.patch.sig

and

http://www.openbsd.org/errata56.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig

Kategóriák: *BSD

BSDCan 2015 Call for Papers

cs, 2014-12-04 08:47
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } BSDCan has announced their call for papers:

BSDCan is an enormously successful grass-roots style conference. It brings together a great mix of *BSD developers and users for a nice blend of both developer-centric and user-centric presentations, food, and activities.

Please follow the instructions for submitting a proposal to BSDCan 2015.

BSDCan 2015 will be held 12-13 June 2015 (Fri/Sat), in Ottawa. We are now requesting proposals for talks. We do not require academic or formal papers. If you wish to submit a formal paper, you are welcome to, but it is not required.

The talks should be written with a very strong technical content bias. Proposals of a business development or marketing nature are not appropriate for this venue.

If you have anything you think is worthwhile to share, write it up and send it in!

Kategóriák: *BSD

Call for Testing: openssl(1)

sze, 2014-12-03 17:04
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Theo de Raadt has just committed a conversion of the openssl(1) client and server implementations from select(2) to poll(2): CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2014/12/02 12:44:49 Modified files: usr.bin/openssl: s_client.c s_server.c Log message: convert select() to poll(). This is one of the most complicated conversions in the tree, because the original code is very rotten and fragile. Please test and report any failures. Assistance from millert, bcook, and jsing.

Users of this functionality are encouraged to put these changes through the wringer to shake out any bugs that may have been introduced or uncovered.

Kategóriák: *BSD

LibreSSL Windows Port Status Update

k, 2014-12-02 09:22
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Brent Cook (bcook@) wrote in to let us know that he's completed the initial work to get LibreSSL working on Win32 platforms:

I got a Windows 8.1 box running this weekend and spent some quality time making poll(2) emulation more robust, so that it can deal with more of the select->poll conversions in openssl(1) coming in the future. I also got the upstream poll conversion patches themselves in better working order. This Windows port is now achieved without any #ifdefs or odd workarounds. So, it should be possible to maintain support without having too many new warts in the LibreSSL tree.

So, what can it do now? Well, you can run this command in a powershell window:

.\apps\openssl.exe s_server -cert tests\server.pem

and this in another:

.\apps\openssl.exe s_client

and type on the console back and forth interactively. You can also run this from powershell and still get the expected result:

cat .\README | apps\openssl.exe s_client -connect 127.0.0.1:4433

No big deal for those fancy 'everything works like a file' operating systems, but Windows very special in its handling of sockets vs. console IO vs pipes. Performance-wise, it's currently about 50x slower than Cygwin's native openssl.exe, but I have not begun to optimize anything yet.

https://github.com/busterb/portable/commits/win32-minimal

https://github.com/busterb/openbsd/commits/win32-minimal

- Brent

A big thanks to him for his work in making this happen!

Kategóriák: *BSD

BSDNow Episode 064: Rump Kernels Revisited

p, 2014-11-21 12:38

On this week's episode, the intrepid hosts talk about the import of SipHash to the OpenBSD kernel, Theo de Raadt (deraadt@)'s talk (slides) about arc4random, an interview with Justin Cormack of NetBSD, and videos from MeetBSD coming online.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Kategóriák: *BSD

Call for Testing: 64-bit PCI Bridge Support

cs, 2014-11-20 10:53
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; }

Mark Kettenis (kettenis@) wrote a message to tech@ asking for volunteers to test a patch to squash a few bugs in the PCI code: Hi All, dlg@ managed to get access to a machine that actually uses 64-bit PCI addresses behind a bridge. This triggered some bugs in the so far untested code. Quelle suprprise! I'd appreciate it if some people can verify that this doesn't break other systems. In particular I'm looking for testers on server-type machines, both i386 and amd64. Thanks, Mark

If you have such a machine, you should make sure that this doesn't introduce any issues for you. As always, quality releases depend on widespread testing!

Kategóriák: *BSD

Perl Updated to 5.20.1

k, 2014-11-18 17:54
td>p,td>ul,td>blockquote,td>font {margin-left:0.5ex;} a:visited {color:#303030!important;} p {margin-top:1ex;margin-bottom:0;} blockquote>p:first-child {margin-top:0;} blockquote>p:last-child {margin-bottom:0;} blockquote { background-color:#e0e0e0; padding:0.5ex 0.5ex 0.5ex 0.5ex; margin:0 0 0 3ex !important; } p+ul,p>ul {margin:0.5ex 0 0 0;} pre {margin:0;} tt {background-color:#f0f0f0; padding:0px; font-weight:500;} .bqcode { background-color: #ffffff; border:1px solid #999; padding: 0px; padding-left: 1em; } Andrew Fresh (afresh1@) has updated Perl in base to 5.20.1: CVSROOT: /cvs Module name: src Changes by: afresh1@cvs.openbsd.org 2014/11/17 13:53:21 Log message: Import perl-5.20.1

Additionally, he wrote in to give us a quick intro to what he thinks are some of the more interesting changes to be found: Read more...

Kategóriák: *BSD

BSDNow Episode 063: A Man's man(1)

p, 2014-11-14 09:43

This week, on BSDNow, the hosts talk about the recent MeetBSD, mention chatter on the Tor mailing lists about adding more OpenBSD nodes, interview with Kristaps Džonsons, the original author of mandoc(1), and all the odds and ends in the BSD universe.

[ Video | HD Video | MP3 Audio | OGG Audio | Torrent ]

Kategóriák: *BSD