×
Operating Systems

OpenBSD 6.4 Released (openbsd.org) 121

The 45th version of the OpenBSD project has been released, bringing more hardware support (Radeon driver updates, Intel microcode integration, and more), a virtualization tool that supports the disk format qcow2, and a network interface where you can quickly join and switch between different Wi-Fi networks.

Root.cz also notes that audio recording is now disabled by default. If you need to record audio, it can be enabled with the new sysctl variable. An anonymous Slashdot reader first shared the announcement. You can download it from any of the mirrors here.
Security

OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug 'TLBleed' (itwire.com) 123

Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says. iTWire reports: The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)." But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."

He said that Williams was lacking all the details and not thinking it through. "They actually have sufficient detail to think it through: the article says the TLB is shared between hyperthreading CPUs, and it is unsafe to share between two different contexts. Basically you can measure evictions against your own mappings, which indicates the other process is touching memory (you can determine the aliasing factors)."
De Raadt said he was still not prepared to say more, saying: "Please wait for the paper [which is due in August]."
Intel

OpenBSD Disables Intel CPU Hyper-Threading Due To Security Concerns (bleepingcomputer.com) 234

The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs." Bleeping Computer reports: Hyper-threading (HT) is Intel's proprietary implementation of Simultaneous Multithreading (SMT), a technology that allows processors to run parallel operations on different cores of the same multi-core CPU. The feature has been added to all Intel CPUs released since 2002 and has come enabled by default, with Intel citing its performance boost as the main reason for its inclusion.

But today, Mark Kettenis of the OpenBSD project, said the OpenBSD team was removing support for Intel HT because, by design, this technology just opens the door for more timing attacks. Timing attacks are a class of cryptographic attacks through which a third-party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms. The OpenBSD team is now stepping in to provide a new setting to disable HT support because "many modern machines no longer provide the ability to disable hyper-threading in the BIOS setup."

GNOME

GNOME 3.28 'Chongqing' Linux Is Here (betanews.com) 132

BrianFagioli writes: GNOME 3.28 is the latest version of GNOME 3, and is the result of 6 months' hard work by the GNOME community. It contains several major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 24105 changes, made by approximately 778 contributors.

The Project explains, "GNOME 3.28 comes with more beautiful things! First, and most significantly, GNOME's default interface font (called Cantarell) has undergone a significant update. Character forms and spacing have been evolved, so that text is more readable and attractive. Several new weights have also been added -- light and extra bold -- which are being used to produce interfaces that are both modern and beautiful. Other beautiful things include GNOME's collection of background wallpapers, which has been updated to include a lovely set of photographs, and the selection of profile pictures, which has been completely updated with attractive new images to pick from."

Unfortunately, you can't just click on a button and upgrade to GNOME 3.28 today. Actually, for the most part, you will need to wait for it to become available for your operating system. Sadly, this can take a while. Fedora users, for instance, will have to wait for a major OS upgrade for it to become available.

Open Source

Are the BSDs Dying? Some Security Researchers Think So (csoonline.com) 196

itwbennett writes: The BSDs have lost the battle for mindshare to Linux, and that may well bode ill for the future sustainability of the BSDs as viable, secure operating systems, writes CSO's JM Porup. The reason why is a familiar refrain: more eyeballs mean more secure code. Porup cites the work of Ilja von Sprundel, director of penetration testing at IOActive, who, noting the "small number of reported BSD kernel vulnerabilities compared to Linux," dug into BSD source code. His search 'easily' turned up about 115 kernel bugs. Porup looks at the relative security of OpenBSD, FreeBSD and NetBSD, the effect on Mac OS, and why, despite FreeBSD's relative popularity, OpenBSD may be the most likely to survive.
Google

OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug (itwire.com) 366

troublemaker_23 quotes ITWire: Disclosure of the Meltdown and Spectre vulnerabilities, which affect mainly Intel CPUs, was handled "in an incredibly bad way" by both Intel and Google, the leader of the OpenBSD project Theo de Raadt claims. "Only Tier-1 companies received advance information, and that is not responsible disclosure -- it is selective disclosure," De Raadt told iTWire in response to queries. "Everyone below Tier-1 has just gotten screwed."
In the interview de Raadt also faults intel for moving too fast in an attempt to beat their competition. "There are papers about the risky side-effects of speculative loads -- people knew... Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies -- so it is hard to believe they ignored the risky aspects. I bet they were instructed to ignore the risk."

He points out this will make it more difficult to develop kernel software, since "Suddenly the trickiest parts of a kernel need to do backflips to cope with problems deep in the micro-architecture." And he also complains that Intel "has been exceedingly clever to mix Meltdown (speculative loads) with a separate issue (Spectre). This is pulling the wool over the public's eyes..."

"It is a scandal, and I want repaired processors for free."
Security

Security Upgraded For NetBSD-amd64 with Kernel ASLR Support (netbsd.org) 49

24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized.
NetBSD says they're the first BSD system to support ASLR.
Open Source

OpenBSD 6.2 Released (openbsd.org) 114

basscomm writes: OpenBSD 6.2 has now been released. Check out the release notes if you're into that kind of thing. Some of the new features and systems include improved hardware support, vmm(4)/ vmd(8) improvements, IEEE 802.11 wireless stack improvements, generic network stack improvements, installer improvements, routing daemons and other userland network improvements, security improvements and more. Here is the full list of changes.
Open Source

FreeBSD 11.1 Released (freebsd.org) 219

Billly Gates writes: Linux is not the only free open-source operating system. FreeBSD, which is based off of the historical BSD Unix in which TCP/IP was developed on from the University of California at Berkeley, has been updated. It does not include systemd nor PulseAudio and is popular in many web server installations and networking devices. FreeBSD 11.1 is out with improvements in UEFI and Amazon cloud support in addition to updated userland programs. EFI improvements including a new utility efivar(8) to manage UEFI variables, EFI boot from TFTP or NFS, as well as Microsoft Hyper-V UEFI and Secure Boot for generation 2 virtual machines for both Windows Server and Windows 10 Professional hosts. FreeBSD 11.1 also has extended support Amazon Cloud features. A new networking stack for Amazon has been added with the ena(4) driver, which adds support for Amazon EC2 platform. This also adds support for using Amazon EC2 NFS shares and support for the Amazon Elastic Filesystem for NFS. For application updates, FreeBSD 11.1 Clang, LLVM, LLD, LLDB, and libc++ to version 4.0.0. ZFS has been updated too with a new zfsbootcfg with minor performance improvements. Downloads are here which include Sparc, PowerPC, and even custom SD card images for Raspberry Pi, Beagle-bone and other devices.
Open Source

'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com) 126

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors made patches available Monday, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.

Operating Systems

NetBSD 7.1 Released (netbsd.org) 45

New submitter fisted writes: The NetBSD Project is pleased to announce NetBSD 7.1, the first feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Some highlights of the 7.1 release are:

-Support for Raspberry Pi Zero.
-Initial DRM/KMS support for NVIDIA graphics cards via nouveau (Disabled by default. Uncomment nouveau and nouveaufb in your kernel config to test).
The addition of vioscsi, a driver for the Google Compute Engine disk.
-Linux compatibility improvements, allowing, e.g., the use of Adobe Flash Player 24.
-wm(4): C2000 KX and 2.5G support; Wake On Lan support; 82575 and newer SERDES based systems now work.
-ODROID-C1 Ethernet now works.
-Numerous bug fixes and stability improvements.

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from http://www.NetBSD.org.
You can download NetBSD 7.1 from one of these mirror sites.
Open Source

NetBSD Project Releases NetBSD 7.0.2 (softpedia.com) 22

An anonymous reader writes: "After spending six months in development, the NetBSD 7.0.2 release is now available for those running NetBSD 7.0 or NetBSD 7.0.1," reports Softpedia, "but also for those who are still using an older version of the BSD-based operating system and haven't managed to upgrade their systems, bringing them a collection of security patches and recent software updates." Release engineer Soren Jacobsen wrote that "It represents a selected subset of fixes deemed important for security or stability reasons. If you are running an earlier release of NetBSD, we strongly suggest updating to 7.0.2."

The security fixes eliminate a race condition in mail.local(8), and also update OpenSSL, ntp and BIND. In addition, "there are various MIPS pmap improvements, a patch for an NFS (Network File System) crash, as well as a crash that occurred when attempting to mount an FSS snapshot as read and write. NetBSD 7.0.2 also fixes an issue with the UFS1 file system when it was created outside the operating system."
Download NetBSD 7.0.2 at one of these mirror sites.
Open Source

FreeBSD 11.0 Released (freebsdfoundation.org) 121

Long-time Slashdot reader basscomm writes, "After a couple of delays, FreeBSD 11 has been released. Check out the release notes here." The FreeBSD Foundation writes: The latest release continues to pioneer the field of copyfree-licensed, open source operating systems by including new architecture support, performance improvements, toolchain enhancements and support for contemporary wireless chipsets. The new features and improvements bring about an even more robust operating system that both companies and end users alike benefit greatly from using.
FreeBSD 11 supports both the ARMv8 and RISC-V architectures, and also supports the 802.11n wireless networking standard. In addition, OpenSSH has been updated to 7.2p2, and OpenSSH DSA key generation has been disabled by default, so "It is important to update OpenSSH keys prior to upgrading."
Open Source

After 22 Years, 386BSD Gets An Update (386bsd.org) 83

386BSD was last released back in 1994 with a series of articles in Dr. Dobb's Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github.

386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: "If 386BSD had been available when I started on Linux, Linux would probably never had happened."

Though it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu.
Virtualization

Boot Linux (or OpenBSD Or Oberon Or FreeDOS) In Your Browser (copy.sh) 92

Long-time Slashdot reader DeQueue writes: Back in 2011 Fabrice Bellard, the initiator of the QEMU emulator, wrote a PC emulator in JavaScript that let you boot Linux in your browser. But he didn't stop there.

On his website he now has images that let you boot Oberon, Arch Linux, FreeDOS, OpenBSD, Solar OS and more recent versions of Linux such as 2.6 or 3.18 (the 3.18 image includes internet access). You can also boot to a CD image, or a floppy image, or a hard drive disk image on your local machine. And, if you don't need yet another operating system on your computer, you can even boot to Bootchess and play chess

Operating Systems

PC-BSD Follows a Rolling Release Model, Gets Renamed To TrueOS 132

prisoninmate quotes a report from Softpedia: By following a rolling release model, TrueOS promises to be a cutting-edge and modern FreeBSD-based operating system for your personal computer, designed with security and simplicity in mind -- all while being stable enough to be deployed on servers. TrueOS will also make use of the security technologies from the OpenBSD project, and you can get your hands on the first Beta ISO images right now. The development team promises to offer you weekly ISO images of TrueOS, but you won't have to download anything anymore due to constant updates thanks to the rolling release model. TrueOS will use LibreSSL instead of OpenSSL, offer Linux DRM 4.7 compatibility for supporting for Intel Skylake, Haswell, and Broadwell graphics, and uses the pkg package manage system by default. "TrueOS combines the convenience of a rolling release distribution with the failsafe technology of boot environments, resulting in a system that is both current and reliable. TrueOS now tracks FreeBSD's 'Current' brand and merges features from select FreeBSD developer branches to enhance support for newer hardware and technologies," reads today's announcement.
Operating Systems

OpenBSD 6.0 Released (sdtimes.com) 94

LichtSpektren writes: Version 6.0 of the free operating system OpenBSD has just been released. This release features much improved hardware and armv7 support, a new tool called proot for building software ports in an isolated chroot environment, W^X that is now strictly enforced by default, and removal of official support for Linux emulation, usermount, and systrace. The release announcement can be read here. The release is OpenBSD's 40th release on CD-ROM and 41st release via FTP/HTTP.
Bug

Juniper OS Flaw Allowed Forged Certificates (arstechnica.com) 26

Slashdot reader disccomp shares an article from Ars Technica: In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder...

"It seems that Junos was accepting specially crafted, invalid certificates as trusted," said Stephen Checkoway, a computer scientist at the University of Illinois at Chicago who recently focused on security in Juniper products. "This would enable anyone to create a VPN connection and gain access to the private network, e.g., a private, corporate network."

Operating Systems

Severe Flaws Found In Libarchive Open Source Library (talosintel.com) 82

Reader itwbennett writes: Researchers from Cisco Systems' Talos group have found three memory corruption errors in the widely used open-source library libarchive that can result in arbitrary code execution and can be exploited by passing specially crafted files to applications that contain the vulnerable code. "The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS," writes Lucian Constantin. "Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it." (Original blog post) So, while the libarchive maintainers have released patches for the flaws, it will likely take a long time for them to trickle down through all the affected projects.
Open Source

Torvalds' Secret Sauce For Linux: Willing To Be Wrong (ieee.org) 273

An anonymous reader writes: Linux turns 25 this year(!!). To mark the event, IEEE Spectrum has a piece on the history of Linux and why it succeeded where others failed. In an accompanying question and answer with Linus Torvalds, Torvalds explains the combination of youthful chutzpah, openness to other's ideas, and a willingness to unwind technical decisions that he thinks were critical to the OS's development: "I credit the fact that I didn't know what the hell I was setting myself up for for a lot of the success of Linux. [...] The thing about bad technical decisions is that you can always undo them. [...] I'd rather make a decision that turns out to be wrong later than waffle about possible alternatives for too long."

Slashdot Top Deals