OpenBSD, FreeBSD, and BSD Now
-
LWN ☛ OpenBSD system-call pinning
Return-oriented programming (ROP) attacks are hard to defend against. Partial mitigations such as address-space layout randomization, stack canaries, and other techniques are commonly deployed to try and frustrate ROP attacks. Now, OpenBSD is experimenting with a new mitigation that makes it harder for attackers to make system calls, although some security researchers have expressed doubt that it will prove effective at stopping real-world attacks. In his announcement message, Theo de Raadt said that this work ""makes some specific low-level attack methods unfeasable on OpenBSD, which will force the use of other methods.""
Return-oriented programming is one of a family of techniques that use indirect jumps to call bits of code that already exist in a process's address space in an attacker-controlled order. The original attack involved overwriting the stack with carefully chosen addresses so that a function would "return" to a new location. Since the original discovery, other related attacks that use jumps through function pointers, signals, and other indirect jumps have been developed.
-
FreeBSD ☛ FreeBSD Foundation Statement on the European Union Cyber Resiliency Act
The FreeBSD Foundation will continue contributing to the ongoing cybersecurity dialogue and collaborate with policymakers, developers, users, and industry to address emerging threats. We do so through active participation in the Open Policy Alliance, active and ongoing engagement with security researchers and entrepreneurs building with FreeBSD, and collaborating closely with other open source security professionals. We believe that through continued engagement and cooperation, we can collectively build a more secure and resilient digital ecosystem for all.
-
The BSD Now Podcast ☛ BSD Now 545: BSD Audio Enhancements
ZFS High Availability with Asynchronous Replication and zrep, Stop
Blogging and start documenting, 2023 in Review: Infrastructure, NovaCustom NV41
laptop review, OpenBSD Video Audio Screen Recording, HDMI Audio sound patches
into GhostBSD source code, DSA removal from OpenSSH, NetBSD/evbppc 10.99.10 on
the Nintendo Wii, NetBSD/amd64 current performance patch