OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
BSDNow Episode 036: Let's Get RAID
Contributed by tbert on Fri May 9 18:36:09 2014 (GMT)
from the still-not-a-backup-solution dept.

BSDNow Episode 36 is out, with the titular segment featuring RAID setups on both FreeBSD and OpenBSD.

In OpenBSD content, the episode covers the release of 5.5, the recent work to unhitch OpenSSH from OpenSSL, and incestuously links back to jasper@'s m2k14 report.

It also features an overview of the April issue of BSDMag, an interview with FreeBSD developer David Chisnall, using FreeBSD in the cloud, a new episode of BSDTalk, and a weekly update from PCBSD.

[ 5 comments 265d9:59 ago ] (flat) (expanded)

LibreSSL Will be Portable
Contributed by tbert on Fri May 9 09:22:42 2014 (GMT)
from the ssl-on-DOS-we-hardly-knew-ye dept.

Although much internet hand wringing has been performed in the service of "Won't someone think of the child^H^H^H^H^Hportability!", the OpenBSD devs are making changes in OpenBSD itself which will make the upcoming release of LibreSSL more easily portable to other operating systems:

Module name:	src
Changes by:	2014/05/08 15:43:49

Modified files:
	lib/libc/stdlib: malloc.c 
Added files:
	lib/libc/stdlib: reallocarray.c 

Log message:
move reallocarray() to a seperate file so that -portable applications
can avoid reinventing the wheel
ok guenther schwarze

reallocarray(3) was added to address issues found in the OpenSSL source, and now exists as a single, freely-licensed, easily-included file for any and all who require it to make LibreSSL work on their system, as long as that system isn't Irix running Visual C 1.5.2.

[ 7 comments 9d13:46 ago ] (flat) (expanded)

Dead Code Walking: What Companies Can Do to Mitigate Old, Bad Code (beck@ interview)
Contributed by pitrh on Thu May 8 19:55:46 2014 (GMT)
from the take-it-out-back-and-set-it-on-fire dept.

Over at, Bob Beck (beck@) was interviewed for a piece called Dead Code Walking: What Companies Can Do to Mitigate Old, Bad Code about the Heartbleed bug and the subsequent LibreSSL fork. A favorite quote:

ServiceVirtualization: What can organizations do to ensure they are building applications using high-quality, open-source components?

Beck: This is not an open source problem. Itís a problem with any codebase you incorporate or reuse. Examine where they come from, have competent developers look at what they are bringing in, and know what the motivations of the organization is that is developing them. OpenBSD can stand well on its own track record. We are security-focused developers.

[ 5 comments 890d19:52 ago ] (flat) (expanded)

New Compiler Capabilities: -fstack-shuffle and Return Value Guards
Contributed by tbert on Wed May 7 10:03:25 2014 (GMT)
from the doing the fstack shuffle dept.

Martynas Venckus (martynas@) has committed a pair of security-related enhancements to OpenBSD's gcc(1), improving the bug- and exploit-resistance of the entire system.

The first, a new -fstack-shuffle option, hopes to find bugs that were slipping through due to the ordering of variables on the stack.

CVSROOT:        /cvs
Module name:    src
Changes by:        2014/05/06 17:22:33

Modified files:
        gnu/gcc/gcc    : cfgexpand.c common.opt

Log message:
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.

Discussed with Theo at m2k14 hackathon.  "oh god yes" tedu@, "oh nice" djm@

[ 49 comments 2d7:29 ago ] (flat) (expanded)

Privsep Debugging Support: /var/crash/$programname, sysctl-Managed, Added
Contributed by tbert on Wed May 7 19:31:47 2014 (GMT)
from the crash-test-puffy dept.

Debugging privsep code on OpenBSD-current just became a little easier. In this commit, Theo de Raadt (deraadt@) added a new kern.nosuidcoredump value, 3, which makes core dumps go to /var/crash/$programname (assuming the directory exists), and dumps cores named after the crashing program's PID.

Changes by:	2014/05/03 21:53:38

Modified files:
	sys/kern       : kern_sig.c 
	lib/libc/gen   : sysctl.3 
	sbin/sysctl    : sysctl.8 
	share/man/man5 : core.5 

Log message:
When kern.nosuidcoredump=3, act like =2 but try to dump cores into
the /var/crash/programname/ directory, as root. For instance,
# mkdir /var/crash/bgpd/
# chmod 700 /var/crash/bgpd/    # If you skip this step, you are a moron
# sysctl kern.nosuidcoredump=3
# bgpd
# pkill -ABRT bgpd
# ls /var/crash/bgpd/
14764.core   23207.core   6423.core
Of course, in real life the idea is that you don't kill the daemon but it
crashes and you collect parallel cores.  Careful you don't fill your /var.
Further tuneables are being considered.

Sorry to be picking on bgpd for this example.  I've watched the "too
difficult to debug privsep code" angst for far too long.
ok guenther

[ 2 comments 897d15:38 ago ] (flat) (expanded)

Android's C Library Has 173 Files of Unchanged OpenBSD Code
Contributed by tbert on Mon May 5 14:19:30 2014 (GMT)
from the good-diffs-make-good-neighbors dept.

On may 2, 2014, a message with the somewhat arcane subject libc: #define to remove support for %n from printf(3)? from the main Android libc maintainer turned up on tech@, where part of the lead in was,

i maintain Android's C library which, as you may know, contains a lot of OpenBSD code. i've been working to clean up our mess and get us back in sync with upstream, and currently have 173 files that are exactly the same as current upstream OpenBSD. (more than we have from the other two BSDs put together.)

There's more after the fold:

[ 3 comments 898d19:33 ago ] (flat) (expanded)

Doing some interesting OpenBSD work? EuroBSDCon 2014 wants to hear from you!
Contributed by pitrh on Mon May 5 20:36:16 2014 (GMT)
from the Talk? Talk! Puffy talk! dept.

EuroBSDCon, The European BSD Conference, is continuing its slow motion tour of European cities with EuroBSDCon 2014 taking place in Sofia, Bulgaria September 25-28 2014.

For this year's edition, there is no program yet, but you can help fix that: If you're doing something interesting with OpenBSD (or really any BSD, but this is an OpenBSD publication), that you could turn into a talk or tutorial, the program committee wants to hear from you.

Send your proposal (100 words or so will do) to submission at eurobsdcon dot org by May 19th, 2014. See the Call for papers for further details.

[ 0 comments ] (flat) (expanded)

Call for testing: USB HID descriptor parser diff
Contributed by weerd on Mon May 5 20:38:59 2014 (GMT)
from the ueber-sympathetic-developers dept.

This weekend, Martin Pieuchot (mpi@) posted to tech with a diff to improve the HID descriptor parser:

In December 2012 a user reported on misc@ that the Noppoo Mini Choc
84 USB keyboard does not work on OpenBSD [0].  More recently, mcbride@
and yasuoka@ contacted me because they have a mouse that is not properly
recognized.  Both issues are related to our HID descriptor parser.

[ 0 comments ] (flat) (expanded)

Unknown Impact of OpenSSL Bug
Contributed by tbert on Mon May 5 18:03:44 2014 (GMT)
from the quickly-becoming-an-openssl-exploit-database dept.

Ted Unangst (tedu@) posted an email to tech@, entitled "not quite another erratum," concerning a bug fixed in LibreSSL:

A little background. Before we issue errata, we have to decide whether we should. That's usually pretty simple, but sometimes a bug looks exploitable when it isn't, or is exploitable when it looks benign. Clearly issuing zero errata isn't a workable solution, so we could issue errata for everything, but that leads to "patch fatigue". Instead, we pick and choose as best we are able. Sometimes that's hard.

[ 0 comments ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Monday, May 05
06:19 When Porting LibreSSL, Don't Assume Your OS Is As Sane As OpenBSD (1)
Friday, May 02
10:30 OpenBSD is Now Distributing Signed Patches (3)
08:44 m2k14 report: jasper@ on puppet, misc ports and Octeon (0)
06:18 BSDNow Episode 035: Puffy Firewall (1)
Thursday, May 01
17:37 m2k14: Antoine Jacoutot on GNOME, Heimdal, and Further Heartbleed Fallout (0)
15:32 OpenBSD 5.5 Released (7)
Wednesday, April 30
16:31 Privilege Separated Key Handling added to relayd(8) and smtpd(8) (3)
18:38 Compiling OpenSSH No Longer Requires Linking in OpenSSL (11)
Tuesday, April 29
04:53 m2k14: Ken Westerback on Installation, Disklabel Bugs, and Experiments in Sleep Deprivation (0)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata

OpenBSD Resources

Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]