OpenBSD Journal

Tartalom átvétel OpenBSD Journal
The OpenBSD Community.
Frissült: 52 perc 29 másodperc

OpenBSD now has Trapsleds to make life harder for ROPers

cs, 2017-06-22 08:55
You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.

Todd's message to tech says,

I have attached a patch that converts NOP padding from the assembler into INT3 padding on amd64. The idea is to remove potentially conveinent NOP sleds from programs and libraries, which makes it harder for an attacker to hit any ROP gadgets or other instructions after a NOP sled.

Read more...

Kategóriák: *BSD

KARL - kernel address randomized link

k, 2017-06-13 04:52

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) has announced a new randomization feature for kernel protection:

Over the last three weeks I've been working on a new randomization feature which will protect the kernel. [...] Recently I moved all our kernels to a new mapping model, with patrick and visa taking care of two platforms. [...] As a result, every new kernel is unique. The relative offsets between functions and data are unique. [...] However, snapshots of -current contain a futher change, which I worked on with Robert Peichaer (rpe@): That change is scaffolding to ensure you boot a newly-linked kernel upon every reboot.[...]

Read the full message for the juicy details.

Note that, because of the new mechanisms, unhibernate does not work on -current (for now).

Kategóriák: *BSD

OpenBSD Daily, code review, and you

p, 2017-06-09 18:48
OpenBSD developer Adam Wolk (awolk@) talks about a community effort to read at least one C source file from OpenBSD every day at https://blog.tintagel.pl/2017/06/09/openbsd-daily.html.

I made a new years resolution to read at least one C source file from OpenBSD daily. The goal was to both get better at C and to contribute more to the base system and userland development.

Kategóriák: *BSD

Running OpenBSD on Azure

p, 2017-06-09 13:21

A new Microsoft Azure blog entry, Running OpenBSD on Azure, describes OpenBSD support:

Today we are happy to share you that Azure supports OpenBSD 6.1 with the collaboration effort from Esdenera and Microsoft. Meanwhile Esdenera brings their firewall product based on OpenBSD on board Azure Marketplace now.

[Esdenera is Reyk (reyk@) Flöter's company.]

The Register covers this development in Microsoft Azure adds OpenBSD support. Repeat. Azure adds OpenBSD support.

This results from the efforts of mikeb@, reyk@, jsg@, and others.

Kategóriák: *BSD

d2k17 Hackathon Report: Florian Obser on slaacd(8)

p, 2017-06-09 03:34

Florian Obser (florian@) kindly supplied a report on his d2k17 activities:

I wanted to take an overnight train from Amsterdam to Munich but that service had been cancelled sometime last year. So I had to fly to not lose too much time.

Read more...
Kategóriák: *BSD

d2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more

cs, 2017-06-08 08:33

Our next d2k17 report comes from Antoine Jacoutot (ajacoutot@), who writes:

My name is Antoine Jacoutot. After five hours on a hellish train ride, I have come to Starnberg with only one goal: to fix rc.d. But to do that, I can't be the OpenBSD developer I once was. To honor systemd's memory, I must be someone else. I must be something else.

Read more...
Kategóriák: *BSD

d2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection

h, 2017-06-05 03:21

Our second d2k17 report is from Ken Westerback (krw@), who writes:

I arrived at Starnberg with a clear and overriding focus -- to finally expunge the obsolete XS_NO_CCB construct from our SCSI code. In fact I was so focused on this issue I walked right past my pre-d2k17 hotel and wandered the streets of Starnberg for 30 minutes until I found it sitting right across the street from the BahnHof I started at.

Read more...
Kategóriák: *BSD

d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress

p, 2017-06-02 03:39
The first report from the recently completed d2k17 hackathon comes from Stefan Sperling, who writes:

This hackathon I took time to kick off a project I have been wanting to try for some time but never got around to: Adding sound support for my laptop which uses an internal USB audio device wired to xhci(4). Our xhci(4) driver lacks support for data transfers with guaranteed bandwidth and timing constraints (aka isochronous transfers). The first step is to add support for such transfers (mpi@ tells me the rabbit hole ends up in uaudio(4) but I'll worry about that later). To get started, I spent some time reading parts of the USB 2.0 and USB 3.1 specs, as well Intel's data sheet for the xHC interface (linked from https://en.wikipedia.org/wiki/XHCI). Equipped with this new knowledge, I started brushing up an old work-in-progress diff that mpi@ shared with me. I did not make much progress and eventually got side-tracked into the wireless stack. But having finally explored this problem space feels good! I will try to keep exploring.

Read more...

Kategóriák: *BSD

Ted Unangst on notable recent changes in OpenBSD

cs, 2017-06-01 01:32

The flak reports by Ted Unangst (tedu@) continue with parts 620, 621, and 622.

As always, there are plenty of interesting developments.

Update: part 623

Kategóriák: *BSD

MWL's "Relayd and Httpd Mastery" Published

k, 2017-05-30 11:58

Relayd and Httpd Mastery, the latest book in the "Mastery" series by Michael W Lucas, is now available.

From the author's page for the book:

The httpd web server provides a fast, stable, secure environment for your web applications. The relayd load balancer lets you distribute Internet application load across multiple hosts. Between the two, you can slash hundreds of thousands of dollars off the cost of building, deploying, and managing applications.

(Those who purchased the book very early should check "Relayd and Httpd Mastery," both the good and the bad.)

MWL's site lists the ways to purchase the book in ebook and printed formats.

Kategóriák: *BSD

OpenBSD Community Goes Gold

sze, 2017-05-10 01:39

Kenneth R Westerback of The OpenBSD Foundation (aka krw@, when wearing his dev hat) writes:

Monthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2017!

These monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2016 achievement of Iridium status.

To achieve that the donation rate needs to increase! Sign up now for a small monthly donation!

http://www.openbsdfoundation.org/donations.html

Kategóriák: *BSD

Official OpenBSD 6.1 CD - There's only One!

p, 2017-05-05 09:11
OpenBSD 6.1 was announced as the first release with no CD available for purchase.

Now it turns out that in fact, exactly one CD set was made, and it can be yours if you are the successful bidder in the auction that ends on May 13, 2017.

Bob Beck (beck@) writes in to tell us

An "Artisanally Made" collector's edition has been constructed for OpenBSD 6.1 - Featuring artwork actually drawn by Theo, (He took *lessons* to do this!) a short Haiku on the cover, and the 3 CD release set. It's up for auction on ebay to the highest bidder.

The CD set is hand made and signed by Theo de Raadt.


More pictures after the fold:

Read more...

Kategóriák: *BSD

Errata and (First) Binary Patches Announced

cs, 2017-05-04 06:10

Errata for OpenBSD 6.1 and 6.0 have been announced. The message to announce@openbsd.org [from T.J. Townsend (tj@)] reads:

Errata patches for dhcpd, vmm, LibreSSL and softraid have been released for OpenBSD 6.1 today. Details can be found on this page: https://www.openbsd.org/errata61.html Binary updates for the amd64 and i386 platforms are also available via the syspatch utility. Note that syspatch uses the mirror configured in /etc/installurl, so all mirrors may not have the files yet. OpenBSD 6.0 is only affected by the softraid issue. A patch for it can be found here: https://www.openbsd.org/errata60.html

It's time to get (sys)patching!

Update

In a follow-up email, Antoine Jacoutot (ajacoutot@) wrote:

Due to a mistake in creating the syspatch archives, a multi-processor machine would not default to the MP kernel. New syspatches have been re-rolled and you're advised to revert and re-apply them (even on non-MP machines). Make sure your mirror (/etc/installurl) has the new syspatches first (dated May 3rd). As root: while true; do syspatch -r || break; done syspatch If you're running on a multi-processor machine, you may also remove the extra /bsd.mp kernel. Sorry about that and thank you all for your report and feedback.
Kategóriák: *BSD

OpenSSH Removes SSHv1 Support

h, 2017-05-01 12:25
In a series of commits starting here and ending with this one, Damien Miller completed the removal of all support for the now-historic SSHv1 protocol from OpenSSH.

The final commit message, for the commit that removes the SSHv1 related regression tests, reads:

Eliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now.

Read more...

Kategóriák: *BSD

The many ways of running firefox on OpenBSD

cs, 2017-04-27 06:12
Landry Breuil, OpenBSD's firefox (and other Mozilla ports) maintainer, writes:

Maybe i haven't talked about it enough on the lists, but since i've been maintaining the various mozillas in the portstree (cvs log says i started around firefox 3.6.something... 7 years ago. *sigh*) a lot of things changed, so i wanted take the 6.1 release as an occasion to sum up the various ways one could run which version of which firefox on which version of OpenBSD.

Read more...
Kategóriák: *BSD

OpenBSD 6.1 Song Released

sze, 2017-04-26 22:57
Every OpenBSD release since 3.0 (back in 2001) has had at least one relase song, and OpenBSD 6.1 is no different. Today, Theo de Raadt released the OpenBSD 6.1. The Songs page has download links, lyrics and a background story, which reads:

OpenBSD was only a few months old when we realized that read-only repository access for everyone was a critical concept.

Previously, open source projects would make occasional releases accompanied by tarballs of final source files and Changelogs files, but would not expose the step-by-step changes of the development process. Unwittingly all open source projects were operating with a walled garden approach.

Read more...

Kategóriák: *BSD

clang(1) added to base on amd64 and i386

p, 2017-04-21 02:19

A series of commits, culminating in this one, have seen clang(1) added to the base system (as a non-default compiler) on the amd64 and i386 platforms:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2017/04/18 08:03:08 Modified files: share/mk : bsd.own.mk Log message: ship clang with i386 and amd64. It does not become the main compiler YET. ok kettenis

Those playing along at home (or elsewhere!) should be sure to check the Following -current FAQ.

Kategóriák: *BSD

OpenBSD 6.1 Released

k, 2017-04-11 16:51
April 11, 2017: The OpenBSD project has announced the availability of the newest release, OpenBSD 6.1:

We are pleased to announce the official release of OpenBSD 6.1. This is our 42nd release. We remain proud of OpenBSD's record of more than twenty years with only two remote holes in the default install.

This release has several notable changes. The most visible are:

  • New syspatch(8) utility for binary base system updates to supported -stable amd64 and i386 releases
  • Running updates of packages for supported -stable releases - makes pkg_add -u useful for stable, too

    -->

  • The acme-client, a privilege separated ACME client for easy maintenance of Let's encrypt TLS certificates

We expect these items will make the day to day running of OpenBSD systems significantly easier.

Other notable improvements include:

  • Several enhancements to vmm(4), including support for third-party BIOSes and Linux guests
  • New arm64 platform targeting Pine64, Raspberry Pi 3 and Opteron A1100
  • Continuing SMP improvements, particularly in the network stack
  • New xenodm(1) X display manager
  • Improved capabilites in a number of IEEE 802.11 wireless network drivers
  • Updates to the package system tools as well as the package collection itself, with increased number of prebuilt packages for the more popular (and faster) architectures

This release also has updated versions of OpenSMTPD, OpenSSH, LibreSSL, mandoc as well as incremental improvements to all other named subprojects.

The release page contains a fuller list of changes while the upgrade page gives recommendations on how to upgrade to the new release.

Kategóriák: *BSD

Getting OpenBSD running on Raspberry Pi 3

v, 2017-04-09 13:51
Ian Darwin writes in about his work deploying the arm64 platform and the Raspberry Pi 3:

So I have this empty white birdhouse-like thing in the yard, open at the front. It was intended to house the wireless remote temperature sensor from a low-cost weather station, which had previously been mounted on a dark-colored wall of the house (reading were really high when the sun reached that side of the house!). But when I put the sensor into the birdhouse, the signal is too weak for the weather station to receive it (the mounting post was put in place by a previous owner of our property, and is set deeply in concrete). So the next plan was to pop in a tiny OpenBSD computer with a uthum(4) temperature sensor and stream the temperature over WiFi.

Read more...

Kategóriák: *BSD

e2k17 Nano hackathon report from Bob Beck

sze, 2017-04-05 13:00
While the world largely wasn't looking, there was a nano hackathon last month, Hackathon report - e2k17 Hackathon, Edmonton Alberta. Bob Beck (beck@) writes,

So this was a small "nano" hackathon held a bit under the radar. Unlike the big ones this was not Foundation supported or anything really beyond my Visa card and my Darling Wife's patience ;)

Read more...
Kategóriák: *BSD