Re: security bug in x86 hardware (thanks to X WIndows)
It seems XFree people disagree... Marc Aurele La France: Contrary to what too many security pundits think, limiting root's power doesn't solve anything. Like bugs, security issues will forever be uncovered, whether they be in setuid applications like an X server or in a kernel itself. The trick, it seems, is to understand where to properly fix them, instead of sowing workarounds all over the place... ( http://marc.theaimsgroup.com/?t=11473584346r=1w=2 ) ...and some Linux developers too... Alan Cox: What it essentially says is if you can hack the machine enough to get the ability to issue raw i/o accesses you can get any other power you want. Thats always been true. Using SMM to do this seems awfully hard work. ( http://marc.theaimsgroup.com/?t=11473584324r=1w=2 )
security bug in x86 hardware (thanks to X WIndows)
A researcher of the french NSA discovered a scary vulnerability in modern x86 cpus and chipsets that expose the kernel to direct tampering. http://www.securityfocus.com/print/columnists/402 The problem is that a feature called System Management Mode could be used to bypass the kernel and execute code at the highest level possible: ring zero. The big problem is that the attack is possible thanks to the way X Windows is designed, and so the only way to eradicate it is to redesign it, moving video card driver into the kernel, but it seems that this cannot be done also for missing drivers and documentation! This is another example of insecurity that cannot be fixed because of unresponsible vendors...
Re: OpenBSD 3.9: Blob-Busters Interviewed by Federico Biancuzzi
Dave, I guess the interviewer is talking about this email by Theo: http://marc.theaimsgroup.com/?l=openbsd-miscm=112475373731469w=2 where he states: - When you free an object that is = 1 page in size, it is actually returned to the system. Attempting to read or write to it after you free is no longer acceptable. That memory is unmapped. You get a SIGSEGV. - For a decade and a bit, we have been fixing software for buffer overflows. Now we are finding a lot of software that reads before the start of the buffer, or reads too far off the end of the buffer. You get a SIGSEGV. But it seems that this feature was disabled just before shipping 3.8 because too many ports were instable. 3.9 should come with it.
Re: OpenBSD 3.9: Blob-Busters Interviewed by Federico Biancuzzi
On Tuesday 02 May 2006 16:22, Ted Unangst wrote: But it seems that this feature was disabled just before shipping 3.8 because too many ports were instable. 3.9 should come with it. how does it seem this feature was disabled? look at cvs log. nothing was disabled. Disabled = Not enabled by default. Obviously the code is there.
crypto disk
Quoting from: http://www.onlamp.com/lpt/a/6384 The biggest drawback of svnd is its lack of security in the general use case. It is vulnerable to an offline dictionary attack. That is, you can generate a database mapping known ciphertext blocks on the disk back into pass phrases that can be accessed in O(1) without even being in possession of the disk. What's even worse is that the same database will work on any svnd disk. It is possible--and perhaps even likely--that large agencies such as the NSA have constructed such a database and can crack a majority of the svnds in the world in less than a second. The way that one prevents an offline dictionary attack is to use a salt in conjunction with the pass phrase, and this is what I did when I wrote CGD by using PKCS#5 PBKDF2. Offline dictionary attacks have been well-known since at least the '70s, and salting the pass phrase has been standard practice for over 30 years. OpenBSD's solution only supports Blowfish, whereas I wanted to ensure that CGD had the flexibility to support a small range of ciphers. This is important for a number of reasons, but mainly we want to provide our users with the ability to make cost-versus-risk decisions. Blowfish is fast, but probably less secure than AES. In some situations, users will decide that speed is more important than security, and in others the reverse will be true. Also, if security issues are discovered in one cipher that we support, then users can change their CGDs to use one of the other ciphers without needing to upgrade to a new version of the operating system. Blowfish also has a cipherblock size of 64 bits, which for sufficiently large disks might be small enough to allow some level of structural analysis. Is there any chance to see Ted Unangst's port imported?
Reverse Engineered Driver for Broadcom 802.11g Chipset (Airport Extreme)
http://www.osnews.com/comment.php?news_id=12886 for those developers who know how to write drivers...
Re: OpenCON 2005
I'm surprised that noone have posted any reports on the OpenCON held in Venice, Italy this weekend. I would like to thank everyone, and especially the staff and developers for a great and well-arranged conference. It was well worth the long journey from Norway! Something was posted on Undeadly http://undeadly.org/cgi?action=articlesid=20051116145737
Re: raid kernel
do you think the archives are poo too, or do you plan to read them? I have already read the archives. You keep saying, there is no plan to import it. However you did created a patch for OpenBSD 3.2, so maybe you or someone else could write (for the archives) *why* there isn't any plan to import it. Is there anyone who thinks cgd is poo? Just say that, for the archives, obviously...
Re: raid kernel
I want a raid model that acts as if it is a regular scsi drive, ie. sdN. Like our hardware raid controllers work. Right now what we have in the tree is poo, and vinum is just as much poo too. Is there any hope to see the live network backup that NetBSD's developer der Mouse presented at BSDCan 2005? ( http://www.bsdcan.org/2005/activity.php?id=54 ) And by the way, do you think that NetBSD's cgd is poo too, or do you plan to import it?
x86 rings?
Is there any plan to use x86 cpus rings (0..3) to improve OpenBSD security?
Re: x86 rings?
Can you enlighten me how that would improve security? I'm not saying that rings improve security. In fact I'm asking *if* there is any plan to use them to improve security. I think that OpenBSD (and Linux and Windows) uses ring 0 for kernel and ring 3 for userland. I was asking if they planned to do some trick with ring 1 or 2, like the segment hack for W^X on i386. Also ring -1 from new cpu (as explained by Dave) could be interesting. However, I think that the uneducated answer by Theo means no.
Turion : amd64 for notebooks
Hi, did anyone played with a notebook powered by an AMD Turion ?
Summer of Code ?
http://code.google.com/summerofcode.html Where is OpenBSD ?