×
Security

Virtualization Decreases Security 340

ParaFan writes "In a fascinating story on KernelTrap, Theo de Raadt asserts that while virtualization can increase hardware utilization, it does not in any way improve security. In fact, he contends the exact opposite is true: 'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.' de Raadt argues that the lack of support for process isolation on x86 hardware combined with numerous bugs in the architecture are a formula for virtualization decreasing overall security, not increasing it."
Programming

GCC Compiler Finally Supplanted by PCC? 546

Sunnz writes "The leaner, lighter, faster, and most importantly, BSD Licensed, Compiler PCC has been imported into OpenBSD's CVS and NetBSD's pkgsrc. The compiler is based on the original Portable C Compiler by S. C. Johnson, written in the late 70's. Even though much of the compiler has been rewritten, some of the basics still remain. It is currently not bug-free, but it compiles on x86 platform, and work is being done on it to take on GCC's job."
Programming

Software Freedom Law Center vs Theo de Raadt 464

An anonymous reader writes "In a recent public posting to the Linux Kernel mailing list the founder of the Software Freedom Law Center, Eben Moglen, lashed back at OpenBSD creator Theo de Raadt without actually mentioning his name. 'What has happened is that people who do not have full possession of the facts and have no legal expertise — people whom from the very beginning we have been trying to help — have made irresponsible charges and threatened lawsuits, thus slowing down our efforts to help them.' Moglen pointed out that they have and continue to help all open source projects, including OpenBSD, but the process takes time. 'The required work has been made more arduous because some people have chosen not to cooperate in good faith. But we will complete the work as soon as we can, and we will follow the community's practice of complete publication, so everyone can see all the evidence.'"
Programming

Theo de Raadt On Relicensing BSD Code 613

iBSD writes "KernelTrap has an interesting article in which Theo de Raadt discusses the legal implications of the recent relicensing of OpenBSD's BSD-licensed Atheros driver under the GPL. De Raadt says, 'it has been like pulling teeth since (most) Linux wireless guys and the SFLC do not wish to admit fault. I think that the Linux wireless guys should really think hard about this problem, how they look, and the legal risks they place upon the future of their source code bodies.' He stressed that the theory that BSD code can simply be relicensed to the GPL without making significant changes to the code is false, adding, 'in their zeal to get the code under their own license, some of these Linux wireless developers have broken copyright law repeatedly. But to even get to the point where they broke copyright law, they had to bypass a whole series of ethical considerations too.'"
BSD

Will GPLv3 Drive Users from Linux to FreeBSD? 374

An anonymous reader writes "Last week ZDNet put up an article asking a simple question: will GPL3 drive Linux users to FreeBSD? It's based on issues raised in the August FreeBSD Foundation Newsletter. That publication features a letter by the vice president of the FreeBSD Foundation, Justin Gibbs, arguing that the GPLv3 restricts the rights of commercial users of open source software, and is just the FSF's first step in changing the GPL in ways that authors of GPL software may not have intended. He suggests that commercial users should seriously consider BSD-licensed software as an alternative if they want to be able to safely ship products in the future. This is especially in light of requirements from the FCC that software running on devices (such as software-defined radios) be end-user replaceable. Gibbs states that the FreeBSD Foundation will provide an alternative to GPLv3'd software, especially in light of Stallman's statement that further GPL revisions are due in the near future. Is this likely to cause discontent among Linux users, or will they mostly ignore it?"
GNU is Not Unix

GPL Hindering Two-Way Code Sharing? 456

An anonymous reader writes "KernelTrap has some fascinating coverage of the recent rift between the OpenBSD developers and the Linux kernel developers. Proponents of the GPL defend their license for enforcing that their code can always be shared. However in the current debate the GPL is being added to BSD-licensed code, thereby preventing it from being shared back with the original authors of the code. Thus, a share-and-share-alike license is effectively preventing two-way sharing." We discussed an instance of this one-way effect a few days back.
Security

Cambridge Researcher Breaks OpenBSD Systrace 194

An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."
BSD

OpenBSD Foundation Announced 151

OpenBDSfan writes "KernelTrap is reporting on the creation of the OpenBSD Foundation, a Canadian not-for-profit corporation intended to support OpenBSD and related projects, including OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. The announcement explains, "the OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms.""
Data Storage

Building a Fully Encrypted NAS On OpenBSD 196

mistermark writes "Two years ago this community discussed my encrypted file server. That machine has kept running and running up until a failing drive and a power outage this last week. So, it's time to revise everything and add RAID to it as well. Now you can have an on-the-fly encrypting/decrypting NAS with the data security of RAID, all in one. Here is the how-to."
Operating Systems

24-hour Test Drive of PC-BSD 285

An anonymous reader writes "Ars Technica has a concise introduction to PC-BSD, a FreeBSD derivative that emphasizes ease of use and aims to convert Windows users. The review describes the installation process, articulates the advantages of PC-BSD,and reveal some of the challenges that the reviewer faced along the way. From the article: 'In the end, I would suggest this distribution to new users provided they had someone to call in case of a driver malfunction during installation. I would also recommend PC-BSD to seasoned Unix users that have never tried using FreeBSD before and would prefer a shallower learning curve before getting down to business.'"
BSD

Closed Source On Linux and BSD? 526

An anonymous reader writes "I want to start (very small) software/hardware business. The code in question will be closed source. I won't modify or use any GPL code or any 3rd-party sources. It will be my own handwritten C/C++ code from start to finish. I am planning to sell embedded-like boxes with an OS (Linux or BSD) and this code. I am more familiar with Linux but I am scared a little bit of Linux licensing, and also of Linux fanboy-ism: I personally got a 'go to hell with your @#$ closed code' slur on Slashdot. I am not a GPL guru and not a software freedom fighter. I just want to do my job and make a living." Read on for this reader's five particular questions.
Security

A Look at BSD Rootkits 98

blackbearnh writes "Windows has a reputation for being easily exploited by rootkits, but just because you're using Linux or BSD doesn't mean you're safe from infection. In an interview on O'Reilly's ONLamp site, Joseph Kong (author of Designing BSD Rootkits ), talks about how to build and defend against Rootkits under BSD. 'I know a lot of people who refer to rootkits and rootkit-detectors as being in a big game of cat and mouse. However, it's really more like follow the leader — with rootkit authors always being the leader. Kind of grim, but that's really how it is. Until someone reveals how a specific (or certain class of) rootkit works, nobody thinks about protecting that part of the system. And when they do, the rootkit authors just find a way around it. This is what I meant earlier when I said rootkit hunting is hard — as you really have to validate the integrity of the entire system.'"
Operating Systems

OpenBSD 4.1 Released 218

adstro writes to quote from the BSD mailing list: "We are pleased to announce the official release of OpenBSD 4.1. This is our 21st release on CD-ROM (and 22nd via FTP). We remain proud of OpenBSD's record of ten years with only two remote holes in the default install. As in our previous releases, 4.1 provides significant improvements, including new features, in nearly all areas of the system."
Wireless Networking

GPL Code Found In OpenBSD Wireless Driver 671

NormalVisual writes "The mailing lists were buzzing recently when Michael Buesch, one of the maintainers for the GPL'd bc43xx Broadcom wireless chip driver project, called the OpenBSD folks to task for apparently including code without permission from his project in the OpenBSD bcw project, which aims to provide functionality with Broadcom wireless chips under that OS. It seems that the problem has been resolved for now with the BSD driver author totally giving up on the project and Theo De Raadt taking the position that Buesch's posts on the subject were 'inhuman.'" More commentary from the BSD community is over at undeadly.org.
Upgrades

Making OpenBSD Binary Patches With Chroot 66

Lawrence Teo writes "Unlike other operating systems, patches for the OpenBSD base system are distributed as source code patches. These patches are usually applied by compiling and installing them onto the target system. While that upgrade procedure is well documented, it is not suitable for systems that don't have the OpenBSD compiler set installed for whatever reason, such as disk-space constraints. To fill this gap, open source projects like binpatch were started to allow administrators to create binary patches using the BSD make system. This article proposes an alternative method to build binary patches using a chroot environment in an attempt to more closely mirror the instructions given in the OpenBSD patch files."
Security

Remote Exploit Discovered for OpenBSD 338

An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."
BSD

Debugging the FreeBSD Kernel Transparently 55

An anonymous reader writes "To debug the FreeBSD kernel core dump efficiently, it is best to set up a remote debugging session between a development machine and the target machine, and remotely debug the kernel using serial communication. This article shows you how you can debug as many kernel images as you want; it becomes transparent to users once debugging starts, and your system's performance is not affected at all."
The Courts

Dispelling BSD License Misconceptions 202

AlanS2002 writes "Groklaw is hosting an article by Brendan Scott which looks at the misconceptions surrounding the BSD license. From the article: 'We observe that there exists a broad misconception that the BSD permits the licensing of BSD code and modifications of BSD code under closed source licenses. In this paper we put forward an argument to the effect that the terms of the BSD require BSD code and modifications to BSD code to be licensed under the terms of the BSD license. We look at some possible consequences and observe that this licensing requirement could have serious impacts on the unwary.'"

Slashdot Top Deals