Read the source, KARL | BSD Now 199
BSDnow - June 22, 2017, 9:32 am UTC
FreeBSD 11.1-Beta1 is out, we discuss Kernel address randomized link (KARL), explore the benefits of daily OpenBSD source code reading & more!
0Comments Direct Link to Article
OpenBSD now has Trapsleds to make life harder for ROPers
Topix.net - June 22, 2017, 9:23 am UTC

Contributed by pitrh on Thu Jun 22 06:55:25 2017 from the just enough ROP to TRAP yourself dept. You heard it here first: Trapsleds are in, and it makes OpenBSD even safer.

0Comments Direct Link to Article
OpenBSD now has Trapsleds to make life harder for ROPers
Undeadly.org - June 22, 2017, 6:55 am UTC

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.



Todd's message to tech says,



I have attached a patch that converts NOP padding from the assembler
into INT3 padding on amd64. The idea is to remove potentially conveinent
NOP sleds from programs and libraries, which makes it harder for an
attacker to hit any ROP gadgets or other instructions after a NOP sled.


Read more...

0Comments Direct Link to Article
May 2017 financial reports
GhostBSD - June 20, 2017, 11:51 pm UTC

Many thanks to all donors and patrons who generously invested in GhostBSD this last May, a total of 557.82$ was raised, and like always you ensured that we could meet all the costs associated with running our web server and our packages builder servers for GhostBSD.

0Comments Direct Link to Article
That's random: OpenBSD adds more kernel security
Topix.net - June 20, 2017, 2:45 pm UTC

OpenBSD has a new security feature designed to harden it against kernel-level buffer overruns, the "KARL" .

0Comments Direct Link to Article
In Other BSDs for 2017/06/17
DragonFlyBSD Digest - June 17, 2017, 12:47 pm UTC
All found-this-week links, now. KARL – kernel address randomized link.  (via) g4u (Ghost for Unix) 2.6, a venerable imaging tool, released. Native Command Queuing – merging and testing. (NetBSD) New TrueNAS x10, a BSD-based storage product. secmodel sandbox : An application sandbox for NetBSD (draft). (via) FreeBSD 11.1-BETA is out. FreeNAS 11.0 is out.  (via) Running …
0Comments Direct Link to Article
FreeBSD 11.1-BETA2 Available
Freebsd.orgNews - June 17, 2017, 12:00 am UTC
The second BETA build for the FreeBSD 11.1 release cycle is now available. ISO images for the amd64, armv6, i386, aarch64, powerpc, powerpc64 and sparc64 architectures are available on most of our FreeBSD mirror sites.
0Comments Direct Link to Article
BSDNow 198: You can’t handle the libtruth
DragonFlyBSD Digest - June 15, 2017, 7:29 pm UTC
BSDNow 198 is now available, almost all about the just-finished BSDCan.
0Comments Direct Link to Article
You can’t handle the libtruth | BSD Now 198
BSDnow - June 15, 2017, 8:00 am UTC
This episode gives you the full dose of BSDCan 2017 recap as well as a blog post on conference speaking advice.
0Comments Direct Link to Article
OpenVPN and compression
DragonFlyBSD Digest - June 14, 2017, 2:42 am UTC
Matthew Dillon noted some OpenVPN problems, requiring him to disable compression.  I don’t think this is a DragonFly problem, or even necessarily a BSD problem, but it’s worth mentioning in case you run it.
0Comments Direct Link to Article
KARL - kernel address randomized link
Undeadly.org - June 13, 2017, 2:52 am UTC

In a
message to the tech@ mailing list,
Theo de Raadt (deraadt@) has announced a new randomization feature for
kernel protection:




Over the last three weeks I've been working on a new randomization
feature which will protect the kernel.
[...]
Recently I moved all our kernels to a new mapping model, with patrick
and visa taking care of two platforms.
[...]
As a result, every new kernel is unique. The relative offsets between
functions and data are unique.
[...]
However, snapshots of -current contain a futher change, which I
worked on with Robert Peichaer (rpe@):

That change is scaffolding to ensure you boot a newly-linked kernel
upon every reboot.[...]


Read the full message
for the juicy details.


Note that, because of the new mechanisms, unhibernate does not work on
-current (for now).


0Comments Direct Link to Article
In Other BSDs for 2017/06/10
DragonFlyBSD Digest - June 10, 2017, 12:53 pm UTC
I think I’ve finally caught up on my BSD link backlog. d2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection. d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress. NCIS: FreeBSD. UbuntuBSD is now DEAD! FreeBSD Core Team member: “[installer] might be the only part of OpenBSD that is friendly” Become …
0Comments Direct Link to Article