Dave Voutila (dv@)has addedanother feature to virtualisation on OpenBSD.Thanks to the followingcommit,it is now possible for the owners of virtual machinesto override the boot kernel:Read more...
Dave Voutila (dv@)has addedanother feature to virtualisation on OpenBSD.Thanks to the followingcommit,it is now possible for the owners of virtual machinesto override the boot kernel:Read more…
Joshua Stein (jcs@) hascommittedviogpu(4),which provides support for thevirtio(4)GPUinterface(provided byQEMU and other virtual machines)to create a wscons(4)console.
OpenBSD -current just grew a new tool for developers working on OpenBSD to detect unsafe behaviors in their code. OpenBSD lets you more easily track memory allocations and whether allocations are properly freed after use.In a message to tech@, Otto Moerbeek (otto@) announced the new functionality:
Calgary and elsewhere, 2023-04-10:The OpenBSD project today announced the release and general availability of its latest stable version, OpenBSD 7.3.Eagerly anticipated by users, engineers, enthusiasts and industry pundits all over the world, this release contains a number of improvements over earlier versions, including but not limited to
We recentlyreportedthat Theo de Raadt (deraadt@)was scheduled to present atCanSecWest.That's now happened, andslidesof Theo's presentation,Synthetic Memory Protections,can be found in theusual place.Video isavailableon the bird site.
In a late-stage addition prior to the release ofOpenBSD 7.3,Mark Kettenis (kettenis@) hascommitted[more] aggressive randomisation of the stack locationfor all 64-bit architectures except alpha:Read more…
One small but significant step for routing security on the Internet happened Sunday 19th of March 2023 with the release of version 8.3 of rpki-client.The announcement reads,
With a message to openbsd-announce and other lists, Brent Cook (bcook@) announced the release of LibreSSL 3.7.1, with numerous improvements.It is worth noting that this is the final version to be released before the upcoming OpenBSD 7.3 release.The announcement reads,
Crystal Kolipe has written up more of her work on the console.This time, it regards bugs in the handling ofUTF-8:ExoticSilicon.com - fixing cringeworthy bugs in the OpenBSD console code.As Crystal pointed out in her email to Undeadly,Miod Vallat (miod@) hascommittedfixes.
Wladimir Palanthas written anarticleon use ofOpenSMTPDfilters, andprovided codeunder an MIT license for those who may wish to utilizethe techniques described therein.
The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shellfrom the installer.Initial support, likely to be expanded upon, wascommittedby Klemens Nanni (kn@) onMarch 7, 2023.The commit reads,
Another piece from Florian Obser (florian@) just came out, titledDynamic host configuration, please.In the article, Florian details the steps to modern OpenBSDdynamic host configuration, including interface configuration, name resolution, routing and more.We also get an explanation of the various userland programs (most of them portable, some OpenBSD-specific) that make a modern OpenBSD laptop shine.You can read the full piece here, Dynamic host configuration, please.
It's that time of the year again. With this commit,Theo de Raadt (deraadt@) changed the version string for the development branch of OpenBSD to 7.3-beta.The commit reads,
We all know the OpenBSD is lead from Canada, but what is the status in that country by and large? Bringing up the subject, Katie McMillan wrote in, saying
Theo de Raadt (deraadt@)posted totech@a message entitledpinsyscall, execve, and rop pivots, etc.It explainspinsyscall(2),OpenBSD's latest securityinnovation.We reproduce the posting below with added links:Read more…
Florian Obser wrote an extensive piece with great attention to detail titled: Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD.
Following a wide-ranging thread onmisc@with the subjectSafely remove USB drive,Crystal Kolipe wrote anarticleabout howOpenBSDhandles removable media, centered around theeject(1) command,also known as mt(1).The article leads in,
At the recently-concludedFOSDEM 2023conference,Stefan Sperling (stsp@)presented a talk onGame of Trees.Videoandslidesof Stefan's presentation are now available.
As part of her efforts in developing patches for the console(many of which have been committed recently),Crystal Kolipe created some patches for taking screenshots of theOpenBSD console.She wrote an in depth article,Coding new ioctls to produce screendumps from the console, about her work.We will look forward to further development and refinement on this.
Support for execute-only (xonly) code(on which wereported earlier)has been committed to -current by Theo de Raadt (deraadt@).The commitswere:Read more…
As with library order randomisation(libc.so/libcrypto/ld.so)at bootand kernel relinking at boot,boot time relinking ofsshd(8)is now implemented in -current.Theo de Raadt committed thechanges:Read more…
On thetech@ mailing list,Theo de Raadt (deraadt@)has issued arequest for testingof patch(es) for execute-only (xonly)binaries on amd64.The message is quite long, but well worth reading in its entiretyfor those interested.Selected highlights include:
A rewritten version of vmd(8)'s BIOS memory map handling could soon be appearing in -current. In a recent post to tech@ and supplemented by an accompanying post to ports@ since the changes touch on SeaBIOS, Dave Voutila (dv@) describes the changes and the motiviation for changing them, ie
Following the recent discovery of asecurity issue in FreeBSD's ping(8),OpenBSD developer Florian Obser(florian@) wanted to know if something similar lurkedin the OpenBSD code as well.The result of his investigation can be found in the article calledFuzzing ping(8) … and finding a 24 year old bug., which leads in,