main destinations: home | the web & the world | out of here

news headlines

News headlines collected from 498 newsfeeds.


Stack-register Checking

Recently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@):

How about we add another new permission!  This is not a hardware
permission, but a software permission.  It is opportunistically
enforced by the kernel.
the permission is MAP_STACK.  If you want to use memory as a stack,
you must mmap it with that flag bit.  The kernel does so automatically
for the stack region of a process's stack.  Two other types of stack
occur: thread stacks, and alternate signal stacks.  Those are handled
in clever ways.

When a system call happens, we check if the stack-pointer register
points to such a page.  If it doesn't, the program is killed.  We
have tightened the ABI.  You may no longer point your stack register
at non-stack memory.  You'll be killed.  This checking code is MI, so
it works for all platforms.

For more detail, see Theo's original message.

Read more…

Mike Larkin at bhyvecon 2018: OpenBSD vmm(4) update

Mike Larkin (mlarkin@) has just given a presentation at bhyvecon Tokyo 2018.

The slides are now available (as PDF).

In addition to the excellent summary of the state-of-play for vmm and friends, the presentation offers a tantalizing glimpse at possible future directions.

syspatches will be provided for both supported releases

Good news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself:

Subject:    CVS: www
From:       T.J. Townsend <tj () openbsd ! org>
Date:       2018-03-06 22:09:12

Module name:	www
Changes by:	2018/03/06 15:09:12

Modified files:
	.              : errata61.html stable.html 
	faq            : faq10.html 

Log message:
syspatches will now be provided for both supported releases.

Thanks to all the developers involved in providing these!

Update: An official announcement has been released:

Read more…

a2k18 Hackathon Report: Ken Westerback on dhclient and more

Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:

YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ.


Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.

Read more…

Meltdown-mitigation syspatch/errata now available

The recent changes in -current mitigating the Meltdown vulnerability have been backported to the 6.1 and 6.2 (amd64) releases, and the syspatch update (for 6.2) is now available.

Happy syspatching, and don't forget to show your appreciation by donating to the project.

Meltdown fix committed by guenther@

Meltdown mitigation is coming to OpenBSD. Philip Guenther (guenther@) has just committed a diff that implements a new mitigation technique to OpenBSD: Separation of page tables for kernel and userland. This fixes the Meltdown problems that affect most CPUs from Intel. Both Philip and Mike Larkin (mlarkin@) spent a lot of time implementing this solution, talking to various people from other projects on best approaches.

In the commit message, Philip briefly describes the implementation:

Read more…

a2k18 Hackathon preview: Syncookies coming to PF

As you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.

One eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:

Read more…

Remi Locherer's EuroBSDcon 2017 Talk

Remi Locherer wrote in:

Last September I gave a talk at EuroBSDcon in Paris. It was about the VPN setup for connecting the branch offices of my employer.

It was not my first EuroBSDcon but the first time I delivered a talk! I feared that only few people will show up at to my talk since Michael W. Lucas had his talk at the same time and also covered an OpenBSD topic. But the room was full and my talk was well received.

After the talk I received a nice gift from the EuroBSDcon organizers: a cartoonist made drawings from the presenters during the talks!

Read more…

The OpenBSD Foundation 2018 Fundraising Campaign

Details of the 2018 campaign have been added to the Foundation's website. The goal for the year is for $300,000. The total for "smaller" donations has already taken the OpenBSD community to bronze level sponsorship!

Please show your support by contributing.