 |
OpenBSD now has Trapsleds to make life harder for ROPers
|
Contributed by pitrh on Thu Jun 22 06:55:25 2017 (GMT)
from the just enough ROP to TRAP yourself dept.
You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.
Todd's message to tech says,
I have attached a patch that converts NOP padding from the assembler
into INT3 padding on amd64. The idea is to remove potentially conveinent
NOP sleds from programs and libraries, which makes it harder for an
attacker to hit any ROP gadgets or other instructions after a NOP sled.
Read more...
|
![[topicopenbsd]](images/topicopenbsd.gif)
|
[ 1 comment 2d16:46 ago ] (flat) (expanded)
|
|
KARL - kernel address randomized link
|
Contributed by rueda on Tue Jun 13 02:52:37 2017 (GMT)
from the Charlemagne dept.
In a
message to the tech@ mailing list,
Theo de Raadt (deraadt@) has announced a new randomization feature for
kernel protection:
Over the last three weeks I've been working on a new randomization
feature which will protect the kernel.
[...]
Recently I moved all our kernels to a new mapping model, with patrick
and visa taking care of two platforms.
[...]
As a result, every new kernel is unique. The relative offsets between
functions and data are unique.
[...]
However, snapshots of -current contain a futher change, which I
worked on with Robert Peichaer (rpe@):
That change is scaffolding to ensure you boot a newly-linked kernel
upon every reboot.[...]
Read the full message
for the juicy details.
Note that, because of the new mechanisms, unhibernate does not work on
-current (for now).
|
![[topicsecurity]](images/topicsecurity.jpg)
|
[ 17 comments 1d3:15 ago ] (flat) (expanded)
|
|
OpenBSD Daily, code review, and you
|
Contributed by pitrh on Fri Jun 9 16:48:32 2017 (GMT)
from the a-source-a-day-keeps-the-bugs-away dept.
OpenBSD developer Adam Wolk (awolk@) talks about a community effort to read at least one C source file from OpenBSD every day at https://blog.tintagel.pl/2017/06/09/openbsd-daily.html.
I made a new years resolution to read at least one C source file from OpenBSD daily. The goal was to both get better at C and to contribute more to the base system and userland development.
|
![[topicblog]](images/topicblog.gif)
|
[ 2 comments 6d21:13 ago ] (flat) (expanded)
|
|
Running OpenBSD on Azure
|
[ 2 comments 12d18:55 ago ] (flat) (expanded)
|
|
d2k17 Hackathon Report: Florian Obser on slaacd(8)
|
Contributed by rueda on Fri Jun 09 01:34:09 2017 (GMT)
from the in this case, keep slaacing dept.
Florian Obser (florian@) kindly supplied a report on his d2k17 activities:
I wanted to take an overnight train from Amsterdam to Munich
but that service had been cancelled sometime last year. So I had
to fly to not lose too much time.
Read more...
|
|
[ 1 comment 15d9:50 ago ] (flat) (expanded)
|
|
d2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more
|
Contributed by rueda on Thu Jun 08 06:33:25 2017 (GMT)
from the shell be right, mate dept.
Our next d2k17 report comes from Antoine Jacoutot (ajacoutot@), who writes:
My name is Antoine Jacoutot. After five hours on a hellish train ride, I have
come to Starnberg with only one goal: to fix rc.d. But to do that, I can't be
the OpenBSD developer I once was. To honor systemd's memory, I must be someone else. I must be something else.
Read more...
|
|
[ 6 comments 15d13:32 ago ] (flat) (expanded)
|
|
d2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection
|
Contributed by rueda on Mon Jun 05 01:21:08 2017 (GMT)
from the sequential improvement dept.
Our second d2k17 report is from Ken Westerback (krw@), who writes:
I arrived at Starnberg with a clear and overriding focus -- to
finally expunge the obsolete XS_NO_CCB construct from our SCSI
code. In fact I was so focused on this issue I walked right past my
pre-d2k17 hotel and wandered the streets of Starnberg for 30 minutes
until I found it sitting right across the street from the BahnHof I
started at.
Read more...
|
|
[ 0 comments ] (flat) (expanded)
|
|
d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress
|
Contributed by pitrh on Fri Jun 02 01:39:40 2017 (GMT)
from the sunshine and krautwerk dept.
The first report from the recently completed d2k17 hackathon comes from Stefan Sperling, who writes:
This hackathon I took time to kick off a project I have been wanting
to try for some time but never got around to: Adding sound support for
my laptop which uses an internal USB audio device wired to xhci(4).
Our xhci(4) driver lacks support for data transfers with guaranteed bandwidth
and timing constraints (aka isochronous transfers). The first step is to
add support for such transfers (mpi@ tells me the rabbit hole ends up in
uaudio(4) but I'll worry about that later). To get started, I spent some
time reading parts of the USB 2.0 and USB 3.1 specs, as well Intel's data
sheet for the xHC interface (linked from https://en.wikipedia.org/wiki/XHCI).
Equipped with this new knowledge, I started brushing up an old work-in-progress
diff that mpi@ shared with me. I did not make much progress and eventually
got side-tracked into the wireless stack. But having finally explored this
problem space feels good! I will try to keep exploring.
Read more...
|
|
[ 0 comments ] (flat) (expanded)
|
|
MWL's "Relayd and Httpd Mastery" Published
|
[ 2 comments 24d6:52 ago ] (flat) (expanded)
|
|
|
|
|
|
|
|
Features
|
|
We are constantly on the lookout for stories of how you put OpenBSD to work.
Please submit any informative articles on how OpenBSD is helping your company.
|
|
|
XML/RSS/RDF
|
Users wishing RSS/RDF summary files of OpenBSD Journal,
can retrieve: ![[xml]](images/xml.gif)
|
|
|
|
|
