Security

Cambridge Researcher Breaks OpenBSD Systrace 194

An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."
Security

Submission + - OpenBSD's Systrace broken by Cambridge researcher (lightbluetouchpaper.org)

An anonymous reader writes: University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology (WOOT07) in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG, and that the technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release.
BSD

OpenBSD Foundation Announced 151

OpenBDSfan writes "KernelTrap is reporting on the creation of the OpenBSD Foundation, a Canadian not-for-profit corporation intended to support OpenBSD and related projects, including OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. The announcement explains, "the OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms.""
Data Storage

Building a Fully Encrypted NAS On OpenBSD 196

mistermark writes "Two years ago this community discussed my encrypted file server. That machine has kept running and running up until a failing drive and a power outage this last week. So, it's time to revise everything and add RAID to it as well. Now you can have an on-the-fly encrypting/decrypting NAS with the data security of RAID, all in one. Here is the how-to."
Data Storage

Submission + - How to build a fully encrypted NAS on OpenBSD (geektechnique.org)

mistermark writes: "Two years ago my encrypted fileserver was already covered here. Now that machine keeps running and running and the only thing that kept it from going in between has been a failing drive and a power-outage this last week.

So, it's about time to revise everything and add RAID to it as well. Now you can have a on-the-fly encrypting/decrypting NAS with the data-security of RAID, all in one:

How to build a fully encrypted NAS on OpenBSD

and the actual how to:
OpenBSD encrypted NAS HOWTO"

Operating Systems

24-hour Test Drive of PC-BSD 285

An anonymous reader writes "Ars Technica has a concise introduction to PC-BSD, a FreeBSD derivative that emphasizes ease of use and aims to convert Windows users. The review describes the installation process, articulates the advantages of PC-BSD,and reveal some of the challenges that the reviewer faced along the way. From the article: 'In the end, I would suggest this distribution to new users provided they had someone to call in case of a driver malfunction during installation. I would also recommend PC-BSD to seasoned Unix users that have never tried using FreeBSD before and would prefer a shallower learning curve before getting down to business.'"
BSD

Closed Source On Linux and BSD? 526

An anonymous reader writes "I want to start (very small) software/hardware business. The code in question will be closed source. I won't modify or use any GPL code or any 3rd-party sources. It will be my own handwritten C/C++ code from start to finish. I am planning to sell embedded-like boxes with an OS (Linux or BSD) and this code. I am more familiar with Linux but I am scared a little bit of Linux licensing, and also of Linux fanboy-ism: I personally got a 'go to hell with your @#$ closed code' slur on Slashdot. I am not a GPL guru and not a software freedom fighter. I just want to do my job and make a living." Read on for this reader's five particular questions.
Security

A Look at BSD Rootkits 98

blackbearnh writes "Windows has a reputation for being easily exploited by rootkits, but just because you're using Linux or BSD doesn't mean you're safe from infection. In an interview on O'Reilly's ONLamp site, Joseph Kong (author of Designing BSD Rootkits ), talks about how to build and defend against Rootkits under BSD. 'I know a lot of people who refer to rootkits and rootkit-detectors as being in a big game of cat and mouse. However, it's really more like follow the leader — with rootkit authors always being the leader. Kind of grim, but that's really how it is. Until someone reveals how a specific (or certain class of) rootkit works, nobody thinks about protecting that part of the system. And when they do, the rootkit authors just find a way around it. This is what I meant earlier when I said rootkit hunting is hard — as you really have to validate the integrity of the entire system.'"
Operating Systems

OpenBSD 4.1 Released 218

adstro writes to quote from the BSD mailing list: "We are pleased to announce the official release of OpenBSD 4.1. This is our 21st release on CD-ROM (and 22nd via FTP). We remain proud of OpenBSD's record of ten years with only two remote holes in the default install. As in our previous releases, 4.1 provides significant improvements, including new features, in nearly all areas of the system."
Wireless Networking

GPL Code Found In OpenBSD Wireless Driver 671

NormalVisual writes "The mailing lists were buzzing recently when Michael Buesch, one of the maintainers for the GPL'd bc43xx Broadcom wireless chip driver project, called the OpenBSD folks to task for apparently including code without permission from his project in the OpenBSD bcw project, which aims to provide functionality with Broadcom wireless chips under that OS. It seems that the problem has been resolved for now with the BSD driver author totally giving up on the project and Theo De Raadt taking the position that Buesch's posts on the subject were 'inhuman.'" More commentary from the BSD community is over at undeadly.org.
Operating Systems

Submission + - GPL Code Found In OpenBSD Wireless Driver

NormalVisual writes: The mailing lists were buzzing recently when Michael Buesch, one of the maintainers for the GPL'd bc43xx Broadcom wireless chip driver project, called the OpenBSD folks to task for apparently including code without permission from his project in the OpenBSD bcw project, which aims to provide functionality with Broadcom wireless chips under that OS. It seems that the problem has been resolved for now with the BSD driver author totally giving up on the project and Theo De Raadt taking the position that Buesch's posts on the subject were "inhuman".
Upgrades

Making OpenBSD Binary Patches With Chroot 66

Lawrence Teo writes "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well documented, it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."
Upgrades

Submission + - Making OpenBSD Binary Patches with Chroot

Lawrence Teo writes: "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well-documented, it is not always suitable for certain systems that do not have the OpenBSD compiler set installed for various reasons such as disk space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article from Calyptix Security proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."

Slashdot Top Deals