OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
OpenBSD and the modern laptop
Contributed by pitrh on Mon Jul 10 22:28:33 2017 (GMT)
from the greybeards go modern dept.

Over at his blog, Undeadly co-editor Peter Hansteen describes the experience of installing OpenBSD-current on a new laptop.

The article, OpenBSD and the modern laptop, goes into some detail on the install procedure, and hits only minor snags even when using modern and recent additions such as UEFI boot.

The conclusion is that OpenBSD is well suited for laptop and desktop use, and things tend to just work.

On the other hand, we strongly suggest Peter posted the article before the contents of his home directory had actually been completely transferred. He's such a packrat.

[topicopenbsd]
[ 0 comments ] (flat) (expanded)

Request for testing: https://beta.undeadly.org/
Contributed by rueda on Tue Jul 04 12:20:17 2017 (GMT)
from the better-late-than-never or shut-up-and-code dept.

TL;DR - A modernised version of Undeadly is available for testing at <https://beta.undeadly.org/>. Broken features of the current site have been fixed, removed, or replaced. The new software supports - and, where appropriate, requires - HTTPS. Testing, contributions, and constructive feedback would be appreciated.


An effort to modernise the Undeadly software was initiated in response to the article Undeadly and HTTPS. This has resulted in substantially reworked software which is now available for public testing. Note that this is not the completely new system which is (arguably) needed.

Read more...
[topiceditorial]
[ 40 comments 14d18:09 ago ] (flat) (expanded)

Ted Unangst on notable recent changes in OpenBSD
Contributed by rueda on Fri Jul 21 04:11:08 2017 (GMT)
from the the-saga-continues dept.

The flak reports by Ted Unangst (tedu@) continue with part 624.

Update - part 625

[topicopenbsd]
[ 1 comment 3d10:35 ago ] (flat) (expanded)

Kernel relinking status from Theo de Raadt
Contributed by pitrh on Wed Jul 05 05:03:58 2017 (GMT)
from the all tomorrows random gaps dept.

As you may have heard (and as was mentioned in an earlier article), on recent OpenBSD snapshots we have KARL, which means that the kernel is relinked so each boot comes with a new kernel where all .o files are linked in random order and with random offsets. Theo de Raadt summarized the status in a message to the tech@ mailing list, subject kernel relinking as follows:

5 weeks ago at d2k17 I started work on randomized kernels. I've been having conversations with other developers for nearly 5 years on the topic... but never got off to a good start, probably because I was trying to pawn the work off on others.

Read more...
[topicopenbsd]
[ 10 comments 13d7:39 ago ] (flat) (expanded)

On the Insecurity of TIOCSTI
Contributed by brynet on Sat Jul 01 12:54:03 2017 (GMT)
from the de-fanging dept.

Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD:

[...] there's always been the risk that a program manages to retain tty association beyond it's intended lifetime, and then it can perform injections with TIOCSTI.

So I've always wanted to get rid of TIOCSTI. I consider it the most dangerous tty ioctl. [...]

This appears related to a discussion thread that came up on oss-security@, and how Linux has steadfast rejected proposals to remove it.
http://www.openwall.com/lists/oss-security/2017/06/03/9

Theo has already committed his change to disable TIOCSTI, which now returns EIO [input/output error].

Due to risks known for decades, TIOCSTI now performs no action, and simply returns EIO. The base system has been cleaned of TIOCSTI uses [...]

This was made possible by changes made to csh/mailx in base by Anton Lindqvist (anton@).
I (brynet@), also committed a change recently to ksh removing an unnecessary call.

[topicopenbsd]
[ 0 comments ] (flat) (expanded)

BSDCan 2017 - Trip report double-p
Contributed by pitrh on Thu Jun 29 16:39:59 2017 (GMT)
from the of goats and pufferfish dept.

The OpenBSD presence at the just concluded BSDCan was quite strong, and here is the first trip report, from Phillipp Buehler:

Prologue

Most overheard in Tokyo was "see you in Ottawaaaaah", so with additional "personal item" being Groff I returned home to plan the trip to BSDCan.

Dan was very helpful with getting all the preparations (immigration handling), thanks for that. Before I could start, I had to fix something: the handling of the goat. With a nicely created harness, I could just hang it along my backpack.

Read more...
[topicconf]
[ 4 comments 23d15:34 ago ] (flat) (expanded)

d2k17 hackathon report: Martin Pieuchot on moving the network stack out of the big lock
Contributed by pitrh on Thu Jun 29 09:39:23 2017 (GMT)
from the forward me unlocked dept.

Our next report from the d2k17 hackathon comes from Martin Pieuchot, who writes:

Hackathons are generally good to start or finish something, at Starnberg I managed to do both.
I came to unlock the forwarding path and thanks to the multiple reviews from bluhm@, sashan@ and claudio@ it happened! It started as a boring hackathon because I had to review and fix all the abuses of splnet() in pseudo drivers but then it went very smoothly. I still haven't seen a bug report about the unlock and Hrvoje Popovski even reported a 20% forwarding performance increase.

Then I started discussing and planning the next big step with claudio@ and bluhm@. How to unlock the socket layer? Well it's happening! During the hackathon Claudio sent some diffs to start unlocking pfkey and routing sockets and since then I started working on TCP receive side.

In the meantime I had to commit my futex(2) based mutex and condition variable implementations for our libpthread. This improves the performance of threaded applications a lot, which means most of ports.

I also did some cleanups to help towards having MI mutex and kernel lock implementations. This should allow all our archs to benefit from the lock instrumentations visa@ and jmatthew@ are working on.

Finally I committed some ddb(4) cleanups, mostly CTF related.

Thanks to mpf@ and genua for organizing this hackathon!

Thanks for the report, Martin!

It is worth noting that most, if not all, of the code mentioned here is already doing good work in recent snapshots.

[topicopenbsd]
[ 0 comments ] (flat) (expanded)

d2k17 Hackathon Report: Alexander Bluhm on Network Stack Improvements and more
Contributed by rueda on Wed Jun 28 07:49:16 2017 (GMT)
from the ref-ac-to-ring dept.

Alexander Bluhm (bluhm@) wrote in with a hackathon report:

As usual hackathons are a great time to get things commited. All the other developers are around, you can discuss ideas and get code reviewed quickly.

To move towards network input without big kernel lock, I have looked at the protocol functions and refactored them. Especially IP-in-IP input that is used for IPsec tunnel mode needed some love. I have fixed several bugs and have a diff ready that avoids one additional queuing of the packets. This work had to be coordinated with mpi@, who removed the kernel big lock from the forwarding path.

Read more...
[topicopenbsd]
[ 0 comments ] (flat) (expanded)

OpenBSD now has Trapsleds to make life harder for ROPers
Contributed by pitrh on Thu Jun 22 06:55:25 2017 (GMT)
from the just enough ROP to TRAP yourself dept.

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.

Todd's message to tech says,

I have attached a patch that converts NOP padding from the assembler into INT3 padding on amd64. The idea is to remove potentially conveinent NOP sleds from programs and libraries, which makes it harder for an attacker to hit any ROP gadgets or other instructions after a NOP sled.

Read more...
[topicopenbsd]
[ 1 comment 32d3:42 ago ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Tuesday, June 13
02:52 KARL - kernel address randomized link (18)
Friday, June 09
16:48 OpenBSD Daily, code review, and you (2)
11:21 Running OpenBSD on Azure (2)
01:34 d2k17 Hackathon Report: Florian Obser on slaacd(8) (1)
Thursday, June 08
06:33 d2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more (6)
Monday, June 05
01:21 d2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection (0)
Friday, June 02
01:39 d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress (0)
Tuesday, May 30
09:58 MWL's "Relayd and Httpd Mastery" Published (2)
23:32 Ted Unangst on notable recent changes in OpenBSD (1)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata
[xml]

OpenBSD Resources

XML/RSS/RDF
Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]


[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]