On Fri, Sep 06, 2024 at 04:30:07PM UTC, Shawn Webb wrote:
> On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote:
> > On 9/5/24 22:10, Shawn Webb wrote:
> > > Hey Mark,
> > >
> > > This commit seems to force me to now pass "-o pci.enable_bars=true&q
On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote:
> On 9/5/24 22:10, Shawn Webb wrote:
> > Hey Mark,
> >
> > This commit seems to force me to now pass "-o pci.enable_bars=true" to
> > all my VMs on amd64. I wonder if that might be a POLA violation.
he default here really worth it for amd64? If so, I'm
thinking this should be in both RELNOTES and UPDATING. I now have to
propigate re-enabling this across my entire infrastructure.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn
. Only
IPv4 is impacted.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Tue, Aug 20, 2024 at 09:34
On Sun, Aug 11, 2024 at 02:38:16PM +, Bjoern A. Zeeb wrote:
> On Sun, 11 Aug 2024, Shawn Webb wrote:
>
> > Hey Bjoern,
> >
> > For some reason this commit breaks booting on two of my Dell laptops.
> > I'm unsure why. Reverting this particular commit m
Hey Bjoern,
For some reason this commit breaks booting on two of my Dell laptops.
I'm unsure why. Reverting this particular commit makes them happy
again.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
ecPerClust;
> else
> +#ifdef PAGE_SIZE
> alignto = PAGE_SIZE / bpb.bpbBytesPerSec;
> +#else
> + alignto = 1;
> +#endif
Imagine the following:
1. someone builds FreeBSD on Linux or macOS
2. that build is deployed
3. FreeBSD is rebuilt on that deployment
Co
hope this makes sense.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Sun, May 19, 2024 at 02:47:
he beginning of working on this in 2021)
> and it provides useful
>
> > What I would like to see working on FreeBSD is Safestack as a
> > replacement for the stack protector, which we were so very slow to adopt
> > even when it was originally developed in FreeBSD. I think othe
d
>
> Reviewed by:imp
> Approved by:imp
> Differential revision: https://reviews.freebsd.org/D42956
>
Hey Sumit,
What's the purpose of this commit? 0 files changed.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
ly implemented in functions
that recurse is to place a limit on how many times we recurse.
HardenedBSD now places an arbitrarily picked limit of 1000 recursions:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/148478d5743a8dd4362fd31dca4371618716d0a8
The limit can be changed at compile-time b
On Mon, Feb 26, 2024 at 06:14:34PM +, Shawn Webb wrote:
> On Mon, Feb 26, 2024 at 05:35:57PM +, Emmanuel Vadot wrote:
> > The branch main has been updated by manu:
> >
> > URL:
> > https://cgit.FreeBSD.org/src/commit/?id=6e69612d5df1c1d5bd86990ea4d9a
ut;
> + }
> + }
> +
> + /* Setup the environment variable */
> + asprintf(&runtime_dir, "XDG_RUNTIME_DIR=%s/%s", RUNTIME_DIR_PREFIX,
> user);
> + rv = pam_putenv(pamh, runtime_dir);
> + if (rv != PAM_SUCCESS) {
> +
On Thu, Feb 15, 2024 at 10:50:19PM +0800, Philip Paeps wrote:
> On 2024-02-15 22:40:19 (+0800), Shawn Webb wrote:
> > On Thu, Feb 15, 2024 at 10:28:53PM +0800, Philip Paeps wrote:
> > > On 2024-02-15 22:06:09 (+0800), Ronald Klop wrote:
> > > > Shouldn’t
tp.FreeBSD.org was less work.
I'm curious to learn why you chose http:// rather than https://.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
t; #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
> > +#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
>
> This still assumes the native ABI is in use, i.e. doesn’t account for
> libcompat. Can we please just drop the directory, or if it’s really
HardenedBSD prevents loading of netlink.ko by
default. The code is too new and too complex, with already a
not-so-nice security history, to be trusted.
A lot (all?) of the other netlink integration code respects the
potential unavailability of netlink (or netlink.ko). Would it be
possible to do the same in pf?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
d `git log --committer=benl` show that Ben
Laurie's last commit to FreeBSD was in 2011. Does this mean that
in-base OpenSSL effectively has no official maintainer?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/S
ipsec
> inet | ipsec inet6
> netipsec/xform_tcp.c optional ipsec inet tcp_signature | \
>ipsec inet6 tcp_signature | ipsec_support inet tcp_signature | \
>ipsec_support inet6 tcp_signature
> +netlink/netlink_generic_kpi.cstandard
> +netlink/netli
bells among security folks, and it isn't totally easy
> > to do, either.
> > * Change ifconfig(8) to do an existence check of its own. This would be
> > ugly.
> > * Change ifconfig(8) so that it doesn't attempt to load modules when
> > just listing an interface. This might be incomplete, but is probably
> > worth doing anyway.
> I think another question is that if if should be done by ifconfig(8) at all.
> Kernel can take care of trying to load the required modules, checking the
> privileges.
> I’m considering adding such code for the netlink-based interface creation.
An interesting problem unique to HardenedBSD is that since the kld*
syscalls are hardened such that unprivileged users cannot use them at
all (so kldfind(2)/kldstat(8) are completely nonfunctional), this
breaks even read-only operations with ifconfig when specifying the
interface. Meaning, `ifconfig` works, but `ifconfig em0` does not,
when run as an unprivileged user.
I'm of the opinion that read-only operations (like `ifconfig em0`)
should be read-only in every sense. Kernel state should be preserved
unmodified.
The change I made in HardenedBSD is rather simple: force -n to be
enabled by default for all cases. Though, I don't think that's likely
the right solution for FreeBSD. It seems natural that FreeBSD would
want to take a more permissive route.
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/671eb92efc2c9eef485194e443f7fa8102b2fe97
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
^~~~
I'm getting tons of errors like these with `make -sj10 buildworld`.
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
pfil_member are set.
>
> Reviewed by:Zhenlei Huang
> MFC:never
> Differential Revision: https://reviews.freebsd.org/D37009
Hey Kristof,
Would this be a good candidate for RELNOTES?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBS
On Sat, Oct 01, 2022 at 09:51:40AM -0700, Cy Schubert wrote:
> In message <20221001164556.guh2gu6umjvehq3r@mutt-hbsd>, Shawn Webb writes:
> >
> > --iwomfqhvgfyzurjf
> > Content-Type: text/plain; charset=utf-8
> > Content-Disposition: inline
> > Cont
On Sat, Oct 01, 2022 at 05:40:05PM +0100, Alexander V. Chernikov wrote:
>
> > On 1 Oct 2022, at 17:35, Shawn Webb wrote:
> >
> > On Sat, Oct 01, 2022 at 02:19:03PM +, Alexander V. Chernikov wrote:
> >> The branch main has been updated by melifar
t-align -Wchar-subscripts -Wnested-externs -Wold-style-definition
-Wno-pointer-sign -Wmissing-variable-declarations -Wthread-safety
-Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable
-Wno-error=unused-but-set-variable -Qunused-arguments-c netlink_netlink.c
-o netlink_netlink.o
netlink_netlink.c:1:10: fatal error: 'netlink/netlink.h' file not found
#include
^~~
1 error generated.
*** Error code 1
Stop.
make[3]: stopped in /usr/src/tools/build/test-includes
*** Error code 1
Stop.
make[2]: stopped in /usr/src
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Wed, Sep 21, 2022 at 02:55:36PM -0700, Cy Schubert wrote:
> In message <20220921214546.426y6o4jpnsfsa2l@mutt-hbsd>, Shawn Webb writes:
> >
> >
> > On Wed, Sep 21, 2022 at 02:11:44PM -0700, Gleb Smirnoff wrote:
> > > Mike,
> > >=20
> > >
to hardlink telnet(1) to nc(1).
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Fri, May 27, 2022 at 02:18:54PM -0400, Alexander Motin wrote:
> On 20.05.2022 15:12, Bryan Drewery wrote:
> > On 5/20/2022 12:04 PM, Shawn Webb wrote:
> > > On Wed, May 18, 2022 at 11:05:54PM +, Martin Matuska wrote:
> > > > The branch main has been updated by
#16 0x80baf625 in fork_exit (
callout=0xffff822b0be0 , arg=0xf80121887000,
frame=0xfe03aa3a8f40) at /usr/src/sys/kern/kern_fork.c:1118
#17
(kgdb)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
items[2].value = strdup(items[2].init);
> + if (nitems > 3)
> + items[3].value = strdup(items[3].init);
> }
>
> /*
>
Hey Alfonso,
Would it be a good idea to check the return value of strdup
alt raltO
> + 094 fkey49 fkey49 fkey49 fkey49 fkey49 fkey49 fkey49 fkey49 O
> + 095 fkey50 fkey50 fkey50 fkey50 fkey50 fkey50 fkey50 fkey50 O
> + 096 fkey51 fkey51 fkey51 fkey51 fkey51 fkey51 fkey51 fkey51 O
> + 097 fkey53 fkey53 fkey53 fkey53 fkey53 fkey53 fkey53 fke
if this has an assigned CVE, should it go through
the normal FreeBSD security advisory process?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Fri, Mar 04, 2022 at 04:10:27PM -0500, Shawn Webb wrote:
> On Fri, Mar 04, 2022 at 01:31:10PM -0500, Mark Johnston wrote:
> > On Fri, Mar 04, 2022 at 01:15:29PM -0500, Shawn Webb wrote:
> > > On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> > > > On F
On Fri, Mar 04, 2022 at 01:31:10PM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 01:15:29PM -0500, Shawn Webb wrote:
> > On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> > > On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> > > >
On Fri, Mar 04, 2022 at 01:31:10PM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 01:15:29PM -0500, Shawn Webb wrote:
> > On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> > > On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> > > >
On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> > On Fri, Mar 04, 2022 at 09:24:47AM -0500, Shawn Webb wrote:
> > > On Tue, Mar 01, 2022 at 02:39:55PM +, Mark Johnston wrote:
> > > > Th
On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 09:24:47AM -0500, Shawn Webb wrote:
> > On Tue, Mar 01, 2022 at 02:39:55PM +, Mark Johnston wrote:
> > > The branch main has been updated by markj:
> > >
> > > URL:
On Fri, Mar 04, 2022 at 09:45:28AM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 09:24:47AM -0500, Shawn Webb wrote:
> > On Tue, Mar 01, 2022 at 02:39:55PM +, Mark Johnston wrote:
> > > The branch main has been updated by markj:
> > >
> > > URL:
, 94 insertions(+), 61 deletions(-)
Hey Mark,
Something about this commit breaks booting in Hyper-V. Reverting this
particular commit makes Hyper-V happy again.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
ATH_MAX];
> - char keym[64], lng[64], desc[256];
> + char keym[65], lng[65], desc[257];
> char dialect[64], lang_abk[64];
> struct keymap *km;
> struct keymap **km_sorted;
>
Hey Dimitry,
Would commits like this and d310bf3867b4168e57365196c3a31797c0538097
nor
/reviews.freebsd.org/D33611
Hey Jason,
Thanks for working on unionfs! I'm wondering if MFC'ing all the recent
unionfs work to 13-stable is planned (or possible).
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Sh
ality -Wno
-error=unused-function -Wno-error=pointer-sign -Wno-error=shift-negative-value
-Wno-address-of-packed-member -Wno-error=unused-but-set-variable -Wno-format-zer
o-length -std=iso9899:1999 -c /usr/src/sys/dev/hid/hidraw.c -o hidraw.o
/usr/src/sys/dev/hid/h
On Mon, Nov 22, 2021 at 11:58:19AM -0600, Kyle Evans wrote:
> On Mon, Nov 22, 2021 at 11:25 AM Shawn Webb
> wrote:
> >
> > On Mon, Nov 22, 2021 at 04:34:50PM +, Mark Johnston wrote:
> > > The branch releng/12.3 has been updated by markj:
> > >
> >
vious scheme, membcmp() would perform
> a linear scan of the desination type's members to perform a lookup by
> name. The new routine steps through the members of both types in a
> single loop.
Hey Mark,
Out of curiosity, would commits to releng branches necessitate an EN?
for PIE binaries"
>
> What is the actual/correct behaviour of the control?
It also doesn't make much sense to toggle AS{L}R for the different
parts of an executable image. AS{L}R is an "all or nothing" thing.
Really, there should be only a single toggle with four modes:
1. AS{L}R force disable
2. AS{L}R opt out
3. AS{L}R opt in
4. AS{L}R force enable
HardenedBSD has found that users get confused or are unsure of having
too many toggles. "What happens when I do ?" In this case, you'd
probably have to have deeper knowledge of how FreeBSD's AS{L}R is
implemented. Having a single sysctl knob makes life easier for users
and reduces implementation complexity.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
h Macek
> AuthorDate: 2021-11-06 16:45:50 +
> Commit: Wojciech Macek
> CommitDate: 2021-11-06 16:45:50 +
>
> Revert "ossl: Add support for ETA mode"
>
> This reverts commit 048a71b46e816de8fb95b553a8ad0e98c0d51e12.
Why?
--
Shawn W
h
> is
> A5 (the second A above middle C). Please see
> https://reviews.freebsd.org/D32594
> for a fix for the bug I found here.
Tangentially related for curious minds:
Tom Scott did a video in 2014 about how the types of trucks that beep
when reversing are changing from
27;re working with a local machine that have a loud buzzer.
> Switch the default to have it disable.
I have no objection to the change (or any opinion on the matter), but
I wonder if changes like this carry an accessibility impact. I wonder
if any hard-of-sight folks relied on the original be
s.
>
> PR: 259183
> Submitted by: Kajetan Staszkiewicz
> Sponsored by: InnoGames GmbH
Hey Kristof,
Any plans to MFC?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/0
mat/MsgPackDocumentYAML.cpp
> +SRCS_MIN+= BinaryFormat/MsgPackReader.cpp
Hey Alex,
You'll also want to add BinaryFormat/MsgPackWriter.cpp. Adding that
file fixes the build for HardenedBSD, since we use LTO, CFI, and
SafeStack in base.
Thanks,
a quick example, but please don’t call
> anything “new,” because it isn’t new for long. ;)
My bikeshed is now painted with a color called "Freshmixer". What's
your bikeshed called? ;-)
(This is meant in jest.)
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://g
On Sat, Sep 25, 2021 at 10:55:28AM -0500, Kyle Evans wrote:
> On Sat, Sep 25, 2021 at 8:18 AM Shawn Webb wrote:
> >
> > On Sat, Sep 25, 2021 at 01:11:31PM +, Konstantin Belousov wrote:
> > > The branch main has been updated by kib:
> > >
> > > URL:
dation
> MFC after: 1 week
> Differential revision: https://reviews.freebsd.org/D32127
Wrong Differential revision URL? The patch in the URL doesn't match
what was committed here.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBS
On Sat, Sep 11, 2021 at 03:54:59PM +0100, Jessica Clarke wrote:
> On 11 Sep 2021, at 15:43, Shawn Webb wrote:
> >
> > On Mon, Sep 06, 2021 at 09:24:02AM +, Alex Richardson wrote:
> >> The branch main has been updated by arichardson:
> >>
> >> URL:
ng packages since even ports-mgmt/pkg relies on strip.
I'm working on a candidate patch to fix this right now. But if you
beat me to the punch, all the better. ;-)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master
> sys/sys/socket.h | 1 +
> sys/sys/socketvar.h| 6 -
> 21 files changed, 100 insertions(+), 35 deletions(-)
Hey Kevin,
Would this commit be a good candidate for bumping __
On Fri, Jul 09, 2021 at 02:34:12PM -0600, Warner Losh wrote:
> On Fri, Jul 9, 2021 at 1:54 PM Shawn Webb
> wrote:
>
> > On Fri, Jul 09, 2021 at 05:26:57PM +, Warner Losh wrote:
> > > The branch main has been updated by imp:
> > >
> > > URL:
&
gh, even as I type this email, I just realized that a different
function, Malloc, is being called. What's the difference between
malloc and Malloc?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CB
for aout binaries. This was added on 64-bit Linuxulator import by mistake.
Are there even any FreeBSD users running Linux aout binaries on
FreeBSD? I'm wondering if Linux aout support can be ripped out
entirely.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedb
spl (obj,all,install)
make[4]: don't know how to make atomic.S. Stop
make[4]: stopped in /usr/src/cddl/lib/libspl
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA
On Thu, Jun 03, 2021 at 09:38:07AM -0400, Ed Maste wrote:
> On Thu, 3 Jun 2021 at 09:10, Shawn Webb wrote:
> >
> > There's something about this change that breaks buildkernel:
> >
> > make[4]: make[4]: don't know how to make
> > /usr/src/sys/dev/hptr
rr_lib.o' was not built (being made, type
OP_DEPS_FOUND|OP_MARK, flags REMAKE|DONE_WAIT|DONE_ALLSRC|DONECYCLE)!
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
for it to set its limit to that. The
> fact that FreeBSD decides to count an arbitrary, non-deterministic amount of
> additional unusable virtual address space towards that limit is not its fault,
> but a bug in FreeBSD that needs to be fixed as it’s entirely unreasonable for
> appli
mization for a while, but if memory serves correctly, we made
that change.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
ead_loop() at taskqueue_thread_loop+0x9c
fork_exit() at fork_exit+0x74
fork_trampoline() at fork_trampoline+0x14
KDB: enter: panic
[ thread pid 0 tid 100023 ]
Stopped at kdb_enter+0x44: undefined f904411f
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
net/tcp_ratelimit.h |4 +-
> sys/netinet/tcp_sack.c | 11 +
> sys/netinet/tcp_stacks/bbr.c | 92 +-
> sys/netinet/tcp_stacks/rack.c| 9876
> ++
Hey Randall,
Out of curiosity, did anyone take the time
s
> Sponsored by: Orange Business Services
> Differential Revision: https://reviews.freebsd.org/D27758
Key Kristof,
This commit breaks the security/expiretable port. Specifically, the
guarding of the pf_state struct, which expiretable uses directly.
Thanks,
--
Shawn Webb
Cofounder / Secu
0931e30)
Hey Neel,
Don't commits usually spend some soak time in main before being
cherry-picked to stable branches? I'm curious why the lack of soak
time here.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardene
Ah. I think I misinterpreted your email. Sorry about that!
On Thu, Apr 15, 2021 at 03:22:41PM -0500, Kyle Evans wrote:
> Yes, sorry, this is precisely what I meant.
>
> On Thu, Apr 15, 2021 at 3:20 PM Shawn Webb wrote:
> >
> > Could ether_gen_addr be updated to take in
ddr[0] &= 0xFE;
> > > > > + addr[0] |= 0x02;
> > > > > + bcopy(addr, hw->mac.addr, sizeof(addr));
> > > > > + } else {
> > > > > + device_printf(dev, &
On Mon, Apr 12, 2021 at 01:39:50PM +0200, Kristof Provost wrote:
> On 10 Apr 2021, at 17:27, Shawn Webb wrote:
> > On Sat, Apr 10, 2021 at 09:16:22AM +, Kristof Provost wrote:
> > > The branch main has been updated by kp:
> > >
> > > URL:
> >
index b13758931c4e..854cd2c7f3f3 100644
> --- a/lib/libnv/Makefile
> +++ b/lib/libnv/Makefile
> @@ -10,6 +10,7 @@ SHLIB_MAJOR= 0
>
> .PATH: ${SRCTOP}/sys/contrib/libnv ${SRCTOP}/sys/sys
> CFLAGS+=-I${.CURDIR}
> +CFLAGS+=-fPIC
Wouldn't the better fix be renaming L
protocol headers from packets.
>
> Cheers,
> Vincenzo
>
> On Wed, Apr 7, 2021, 11:46 PM Shawn Webb wrote:
>
> > Hey Vincenzo,
> >
> > On Wed, Apr 07, 2021 at 09:42:53PM +, Vincenzo Maffione wrote:
> > > The branch main has been updated by vmaf
4_t paddr;
> void *addr = PNMB(na, slot, &paddr);
> int err;
>
> - NM_CHECK_ADDR_LEN(na, addr, len);
> + (void)addr;
What is this change for?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.ha
I wonder if it'd be worth it to report such data via sysctl. Thoughts?
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Fri, Mar 05, 2021 at 07:23:56PM
interfaces need casts! :-( */
> return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,
Does a fix like this need to get a security advisory report? Also, any
plans to MFC?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG Key ID: 0xFF2
bo:
> > > > >
> > > > > URL:
> > > > > https://cgit.FreeBSD.org/src/commit/?id=aefe30c5437159a5399bdbc1974d6fbf4
> > > 0f2ba0f
> > > > >
> > > > > commit aefe30c5437159a5399bdbc1974d6fbf40f2ba0f
> > > &g
77 matches
Mail list logo