ecPerClust;
> else
> +#ifdef PAGE_SIZE
> alignto = PAGE_SIZE / bpb.bpbBytesPerSec;
> +#else
> + alignto = 1;
> +#endif
Imagine the following:
1. someone builds FreeBSD on Linux or macOS
2. that build is deployed
3. FreeBSD is rebuilt on that deployment
Co
Hey Bjoern,
For some reason this commit breaks booting on two of my Dell laptops.
I'm unsure why. Reverting this particular commit makes them happy
again.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
On Sun, Aug 11, 2024 at 02:38:16PM +, Bjoern A. Zeeb wrote:
> On Sun, 11 Aug 2024, Shawn Webb wrote:
>
> > Hey Bjoern,
> >
> > For some reason this commit breaks booting on two of my Dell laptops.
> > I'm unsure why. Reverting this particular commit m
. Only
IPv4 is impacted.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Tue, Aug 20, 2024 at 09:34
bo:
> > > > >
> > > > > URL:
> > > > > https://cgit.FreeBSD.org/src/commit/?id=aefe30c5437159a5399bdbc1974d6fbf4
> > > 0f2ba0f
> > > > >
> > > > > commit aefe30c5437159a5399bdbc1974d6fbf40f2ba0f
> > > &g
interfaces need casts! :-( */
> return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,
Does a fix like this need to get a security advisory report? Also, any
plans to MFC?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG Key ID: 0xFF2
dation
> MFC after: 1 week
> Differential revision: https://reviews.freebsd.org/D32127
Wrong Differential revision URL? The patch in the URL doesn't match
what was committed here.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBS
On Sat, Sep 25, 2021 at 10:55:28AM -0500, Kyle Evans wrote:
> On Sat, Sep 25, 2021 at 8:18 AM Shawn Webb wrote:
> >
> > On Sat, Sep 25, 2021 at 01:11:31PM +, Konstantin Belousov wrote:
> > > The branch main has been updated by kib:
> > >
> > > URL:
a quick example, but please don’t call
> anything “new,” because it isn’t new for long. ;)
My bikeshed is now painted with a color called "Freshmixer". What's
your bikeshed called? ;-)
(This is meant in jest.)
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://g
mat/MsgPackDocumentYAML.cpp
> +SRCS_MIN+= BinaryFormat/MsgPackReader.cpp
Hey Alex,
You'll also want to add BinaryFormat/MsgPackWriter.cpp. Adding that
file fixes the build for HardenedBSD, since we use LTO, CFI, and
SafeStack in base.
Thanks,
s.
>
> PR: 259183
> Submitted by: Kajetan Staszkiewicz
> Sponsored by: InnoGames GmbH
Hey Kristof,
Any plans to MFC?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/0
27;re working with a local machine that have a loud buzzer.
> Switch the default to have it disable.
I have no objection to the change (or any opinion on the matter), but
I wonder if changes like this carry an accessibility impact. I wonder
if any hard-of-sight folks relied on the original be
h
> is
> A5 (the second A above middle C). Please see
> https://reviews.freebsd.org/D32594
> for a fix for the bug I found here.
Tangentially related for curious minds:
Tom Scott did a video in 2014 about how the types of trucks that beep
when reversing are changing from
h Macek
> AuthorDate: 2021-11-06 16:45:50 +
> Commit: Wojciech Macek
> CommitDate: 2021-11-06 16:45:50 +
>
> Revert "ossl: Add support for ETA mode"
>
> This reverts commit 048a71b46e816de8fb95b553a8ad0e98c0d51e12.
Why?
--
Shawn W
for PIE binaries"
>
> What is the actual/correct behaviour of the control?
It also doesn't make much sense to toggle AS{L}R for the different
parts of an executable image. AS{L}R is an "all or nothing" thing.
Really, there should be only a single toggle with four modes:
1. AS{L}R force disable
2. AS{L}R opt out
3. AS{L}R opt in
4. AS{L}R force enable
HardenedBSD has found that users get confused or are unsure of having
too many toggles. "What happens when I do ?" In this case, you'd
probably have to have deeper knowledge of how FreeBSD's AS{L}R is
implemented. Having a single sysctl knob makes life easier for users
and reduces implementation complexity.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
I wonder if it'd be worth it to report such data via sysctl. Thoughts?
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Fri, Mar 05, 2021 at 07:23:56PM
4_t paddr;
> void *addr = PNMB(na, slot, &paddr);
> int err;
>
> - NM_CHECK_ADDR_LEN(na, addr, len);
> + (void)addr;
What is this change for?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.ha
protocol headers from packets.
>
> Cheers,
> Vincenzo
>
> On Wed, Apr 7, 2021, 11:46 PM Shawn Webb wrote:
>
> > Hey Vincenzo,
> >
> > On Wed, Apr 07, 2021 at 09:42:53PM +, Vincenzo Maffione wrote:
> > > The branch main has been updated by vmaf
index b13758931c4e..854cd2c7f3f3 100644
> --- a/lib/libnv/Makefile
> +++ b/lib/libnv/Makefile
> @@ -10,6 +10,7 @@ SHLIB_MAJOR= 0
>
> .PATH: ${SRCTOP}/sys/contrib/libnv ${SRCTOP}/sys/sys
> CFLAGS+=-I${.CURDIR}
> +CFLAGS+=-fPIC
Wouldn't the better fix be renaming L
On Mon, Apr 12, 2021 at 01:39:50PM +0200, Kristof Provost wrote:
> On 10 Apr 2021, at 17:27, Shawn Webb wrote:
> > On Sat, Apr 10, 2021 at 09:16:22AM +, Kristof Provost wrote:
> > > The branch main has been updated by kp:
> > >
> > > URL:
> >
ddr[0] &= 0xFE;
> > > > > + addr[0] |= 0x02;
> > > > > + bcopy(addr, hw->mac.addr, sizeof(addr));
> > > > > + } else {
> > > > > + device_printf(dev, &
Ah. I think I misinterpreted your email. Sorry about that!
On Thu, Apr 15, 2021 at 03:22:41PM -0500, Kyle Evans wrote:
> Yes, sorry, this is precisely what I meant.
>
> On Thu, Apr 15, 2021 at 3:20 PM Shawn Webb wrote:
> >
> > Could ether_gen_addr be updated to take in
ality -Wno
-error=unused-function -Wno-error=pointer-sign -Wno-error=shift-negative-value
-Wno-address-of-packed-member -Wno-error=unused-but-set-variable -Wno-format-zer
o-length -std=iso9899:1999 -c /usr/src/sys/dev/hid/hidraw.c -o hidraw.o
/usr/src/sys/dev/hid/h
/reviews.freebsd.org/D33611
Hey Jason,
Thanks for working on unionfs! I'm wondering if MFC'ing all the recent
unionfs work to 13-stable is planned (or possible).
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Sh
gh, even as I type this email, I just realized that a different
function, Malloc, is being called. What's the difference between
malloc and Malloc?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CB
On Fri, Jul 09, 2021 at 02:34:12PM -0600, Warner Losh wrote:
> On Fri, Jul 9, 2021 at 1:54 PM Shawn Webb
> wrote:
>
> > On Fri, Jul 09, 2021 at 05:26:57PM +, Warner Losh wrote:
> > > The branch main has been updated by imp:
> > >
> > > URL:
&
> sys/sys/socket.h | 1 +
> sys/sys/socketvar.h| 6 -
> 21 files changed, 100 insertions(+), 35 deletions(-)
Hey Kevin,
Would this commit be a good candidate for bumping __
ng packages since even ports-mgmt/pkg relies on strip.
I'm working on a candidate patch to fix this right now. But if you
beat me to the punch, all the better. ;-)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master
On Sat, Sep 11, 2021 at 03:54:59PM +0100, Jessica Clarke wrote:
> On 11 Sep 2021, at 15:43, Shawn Webb wrote:
> >
> > On Mon, Sep 06, 2021 at 09:24:02AM +, Alex Richardson wrote:
> >> The branch main has been updated by arichardson:
> >>
> >> URL:
s
> Sponsored by: Orange Business Services
> Differential Revision: https://reviews.freebsd.org/D27758
Key Kristof,
This commit breaks the security/expiretable port. Specifically, the
guarding of the pf_state struct, which expiretable uses directly.
Thanks,
--
Shawn Webb
Cofounder / Secu
net/tcp_ratelimit.h |4 +-
> sys/netinet/tcp_sack.c | 11 +
> sys/netinet/tcp_stacks/bbr.c | 92 +-
> sys/netinet/tcp_stacks/rack.c| 9876
> ++
Hey Randall,
Out of curiosity, did anyone take the time
ead_loop() at taskqueue_thread_loop+0x9c
fork_exit() at fork_exit+0x74
fork_trampoline() at fork_trampoline+0x14
KDB: enter: panic
[ thread pid 0 tid 100023 ]
Stopped at kdb_enter+0x44: undefined f904411f
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
mization for a while, but if memory serves correctly, we made
that change.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
for it to set its limit to that. The
> fact that FreeBSD decides to count an arbitrary, non-deterministic amount of
> additional unusable virtual address space towards that limit is not its fault,
> but a bug in FreeBSD that needs to be fixed as it’s entirely unreasonable for
> appli
rr_lib.o' was not built (being made, type
OP_DEPS_FOUND|OP_MARK, flags REMAKE|DONE_WAIT|DONE_ALLSRC|DONECYCLE)!
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Thu, Jun 03, 2021 at 09:38:07AM -0400, Ed Maste wrote:
> On Thu, 3 Jun 2021 at 09:10, Shawn Webb wrote:
> >
> > There's something about this change that breaks buildkernel:
> >
> > make[4]: make[4]: don't know how to make
> > /usr/src/sys/dev/hptr
spl (obj,all,install)
make[4]: don't know how to make atomic.S. Stop
make[4]: stopped in /usr/src/cddl/lib/libspl
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA
for aout binaries. This was added on 64-bit Linuxulator import by mistake.
Are there even any FreeBSD users running Linux aout binaries on
FreeBSD? I'm wondering if Linux aout support can be ripped out
entirely.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedb
ATH_MAX];
> - char keym[64], lng[64], desc[256];
> + char keym[65], lng[65], desc[257];
> char dialect[64], lang_abk[64];
> struct keymap *km;
> struct keymap **km_sorted;
>
Hey Dimitry,
Would commits like this and d310bf3867b4168e57365196c3a31797c0538097
nor
, 94 insertions(+), 61 deletions(-)
Hey Mark,
Something about this commit breaks booting in Hyper-V. Reverting this
particular commit makes Hyper-V happy again.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Fri, Mar 04, 2022 at 09:45:28AM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 09:24:47AM -0500, Shawn Webb wrote:
> > On Tue, Mar 01, 2022 at 02:39:55PM +, Mark Johnston wrote:
> > > The branch main has been updated by markj:
> > >
> > > URL:
On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 09:24:47AM -0500, Shawn Webb wrote:
> > On Tue, Mar 01, 2022 at 02:39:55PM +, Mark Johnston wrote:
> > > The branch main has been updated by markj:
> > >
> > > URL:
On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> > On Fri, Mar 04, 2022 at 09:24:47AM -0500, Shawn Webb wrote:
> > > On Tue, Mar 01, 2022 at 02:39:55PM +, Mark Johnston wrote:
> > > > Th
On Fri, Mar 04, 2022 at 01:31:10PM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 01:15:29PM -0500, Shawn Webb wrote:
> > On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> > > On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> > > >
On Fri, Mar 04, 2022 at 01:31:10PM -0500, Mark Johnston wrote:
> On Fri, Mar 04, 2022 at 01:15:29PM -0500, Shawn Webb wrote:
> > On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> > > On Fri, Mar 04, 2022 at 10:13:54AM -0500, Mark Johnston wrote:
> > > >
On Fri, Mar 04, 2022 at 04:10:27PM -0500, Shawn Webb wrote:
> On Fri, Mar 04, 2022 at 01:31:10PM -0500, Mark Johnston wrote:
> > On Fri, Mar 04, 2022 at 01:15:29PM -0500, Shawn Webb wrote:
> > > On Fri, Mar 04, 2022 at 12:52:26PM -0500, Shawn Webb wrote:
> > > > On F
if this has an assigned CVE, should it go through
the normal FreeBSD security advisory process?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
alt raltO
> + 094 fkey49 fkey49 fkey49 fkey49 fkey49 fkey49 fkey49 fkey49 O
> + 095 fkey50 fkey50 fkey50 fkey50 fkey50 fkey50 fkey50 fkey50 O
> + 096 fkey51 fkey51 fkey51 fkey51 fkey51 fkey51 fkey51 fkey51 O
> + 097 fkey53 fkey53 fkey53 fkey53 fkey53 fkey53 fkey53 fke
items[2].value = strdup(items[2].init);
> + if (nitems > 3)
> + items[3].value = strdup(items[3].init);
> }
>
> /*
>
Hey Alfonso,
Would it be a good idea to check the return value of strdup
#16 0x80baf625 in fork_exit (
callout=0xffff822b0be0 , arg=0xf80121887000,
frame=0xfe03aa3a8f40) at /usr/src/sys/kern/kern_fork.c:1118
#17
(kgdb)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Fri, May 27, 2022 at 02:18:54PM -0400, Alexander Motin wrote:
> On 20.05.2022 15:12, Bryan Drewery wrote:
> > On 5/20/2022 12:04 PM, Shawn Webb wrote:
> > > On Wed, May 18, 2022 at 11:05:54PM +, Martin Matuska wrote:
> > > > The branch main has been updated by
ipsec
> inet | ipsec inet6
> netipsec/xform_tcp.c optional ipsec inet tcp_signature | \
>ipsec inet6 tcp_signature | ipsec_support inet tcp_signature | \
>ipsec_support inet6 tcp_signature
> +netlink/netlink_generic_kpi.cstandard
> +netlink/netli
d `git log --committer=benl` show that Ben
Laurie's last commit to FreeBSD was in 2011. Does this mean that
in-base OpenSSL effectively has no official maintainer?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/S
t;>>> =3D3D3D=3D3D3D=3D3D3D
> > >> >>>>>> Mark Millard
> > >> >>>>>> marklmi at yahoo.com
> > >> >>>>>> =3D20
> > >> >>>>> =3D20
> > >> >>>>> L
On Thu, Apr 13, 2023 at 06:48:14PM -0400, Charlie Li wrote:
> Shawn Webb wrote:
> > Does the ZFS project have some sort of automated testing to catch
> > data-gobbling, pool killing bugs? It seems like this would have been
> > caught with some CI/CD stress testing automat
to hardlink telnet(1) to nc(1).
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Wed, Sep 21, 2022 at 02:55:36PM -0700, Cy Schubert wrote:
> In message <20220921214546.426y6o4jpnsfsa2l@mutt-hbsd>, Shawn Webb writes:
> >
> >
> > On Wed, Sep 21, 2022 at 02:11:44PM -0700, Gleb Smirnoff wrote:
> > > Mike,
> > >=20
> > >
t-align -Wchar-subscripts -Wnested-externs -Wold-style-definition
-Wno-pointer-sign -Wmissing-variable-declarations -Wthread-safety
-Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable
-Wno-error=unused-but-set-variable -Qunused-arguments-c netlink_netlink.c
-o netlink_netlink.o
netlink_netlink.c:1:10: fatal error: 'netlink/netlink.h' file not found
#include
^~~
1 error generated.
*** Error code 1
Stop.
make[3]: stopped in /usr/src/tools/build/test-includes
*** Error code 1
Stop.
make[2]: stopped in /usr/src
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Sat, Oct 01, 2022 at 05:40:05PM +0100, Alexander V. Chernikov wrote:
>
> > On 1 Oct 2022, at 17:35, Shawn Webb wrote:
> >
> > On Sat, Oct 01, 2022 at 02:19:03PM +, Alexander V. Chernikov wrote:
> >> The branch main has been updated by melifar
On Sat, Oct 01, 2022 at 09:51:40AM -0700, Cy Schubert wrote:
> In message <20221001164556.guh2gu6umjvehq3r@mutt-hbsd>, Shawn Webb writes:
> >
> > --iwomfqhvgfyzurjf
> > Content-Type: text/plain; charset=utf-8
> > Content-Disposition: inline
> > Cont
pfil_member are set.
>
> Reviewed by:Zhenlei Huang
> MFC:never
> Differential Revision: https://reviews.freebsd.org/D37009
Hey Kristof,
Would this be a good candidate for RELNOTES?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBS
he beginning of working on this in 2021)
> and it provides useful
>
> > What I would like to see working on FreeBSD is Safestack as a
> > replacement for the stack protector, which we were so very slow to adopt
> > even when it was originally developed in FreeBSD. I think othe
hope this makes sense.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Sun, May 19, 2024 at 02:47:
^~~~
I'm getting tons of errors like these with `make -sj10 buildworld`.
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
t; #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
> > +#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
>
> This still assumes the native ABI is in use, i.e. doesn’t account for
> libcompat. Can we please just drop the directory, or if it’s really
tp.FreeBSD.org was less work.
I'm curious to learn why you chose http:// rather than https://.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Thu, Feb 15, 2024 at 10:50:19PM +0800, Philip Paeps wrote:
> On 2024-02-15 22:40:19 (+0800), Shawn Webb wrote:
> > On Thu, Feb 15, 2024 at 10:28:53PM +0800, Philip Paeps wrote:
> > > On 2024-02-15 22:06:09 (+0800), Ronald Klop wrote:
> > > > Shouldn’t
ut;
> + }
> + }
> +
> + /* Setup the environment variable */
> + asprintf(&runtime_dir, "XDG_RUNTIME_DIR=%s/%s", RUNTIME_DIR_PREFIX,
> user);
> + rv = pam_putenv(pamh, runtime_dir);
> + if (rv != PAM_SUCCESS) {
> +
On Mon, Feb 26, 2024 at 06:14:34PM +, Shawn Webb wrote:
> On Mon, Feb 26, 2024 at 05:35:57PM +, Emmanuel Vadot wrote:
> > The branch main has been updated by manu:
> >
> > URL:
> > https://cgit.FreeBSD.org/src/commit/?id=6e69612d5df1c1d5bd86990ea4d9a
ly implemented in functions
that recurse is to place a limit on how many times we recurse.
HardenedBSD now places an arbitrarily picked limit of 1000 recursions:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/148478d5743a8dd4362fd31dca4371618716d0a8
The limit can be changed at compile-time b
d
>
> Reviewed by:imp
> Approved by:imp
> Differential revision: https://reviews.freebsd.org/D42956
>
Hey Sumit,
What's the purpose of this commit? 0 files changed.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
HardenedBSD prevents loading of netlink.ko by
default. The code is too new and too complex, with already a
not-so-nice security history, to be trusted.
A lot (all?) of the other netlink integration code respects the
potential unavailability of netlink (or netlink.ko). Would it be
possible to do the same in pf?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote:
> On 9/5/24 22:10, Shawn Webb wrote:
> > Hey Mark,
> >
> > This commit seems to force me to now pass "-o pci.enable_bars=true" to
> > all my VMs on amd64. I wonder if that might be a POLA violation.
he default here really worth it for amd64? If so, I'm
thinking this should be in both RELNOTES and UPDATING. I now have to
propigate re-enabling this across my entire infrastructure.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn
On Fri, Sep 06, 2024 at 04:30:07PM UTC, Shawn Webb wrote:
> On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote:
> > On 9/5/24 22:10, Shawn Webb wrote:
> > > Hey Mark,
> > >
> > > This commit seems to force me to now pass "-o pci.enable_bars=true&q
75 matches
Mail list logo
