OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Poll: Are Frequent Password Changes Actually Useful?
Contributed by pitrh on Mon May 12 07:19:59 2014 (GMT)
from the You make me go -.!kz&Y_a! dept.

Book of PF author and Undeadly editor Peter Hansteen asks the following question:

Does enforced password change at set intervals actually enhance security?

Given the increasing sophistication of password cracking techniques, and potentially insecure methods for two-factor authentication, what can administrators do to strike the balance between utility and security?

[topicsecurity]
[ 6 comments 131d1:05 ago ] (flat) (expanded)

BSDNow Episode 036: Let's Get RAID
Contributed by tbert on Fri May 9 18:36:09 2014 (GMT)
from the still-not-a-backup-solution dept.

BSDNow Episode 36 is out, with the titular segment featuring RAID setups on both FreeBSD and OpenBSD.

In OpenBSD content, the episode covers the release of 5.5, the recent work to unhitch OpenSSH from OpenSSL, and incestuously links back to jasper@'s m2k14 report.

It also features an overview of the April issue of BSDMag, an interview with FreeBSD developer David Chisnall, using FreeBSD in the cloud, a new episode of BSDTalk, and a weekly update from PCBSD.

[topicbsdnow]
[ 5 comments 311d9:17 ago ] (flat) (expanded)

LibreSSL Will be Portable
Contributed by tbert on Fri May 9 09:22:42 2014 (GMT)
from the ssl-on-DOS-we-hardly-knew-ye dept.

Although much internet hand wringing has been performed in the service of "Won't someone think of the child^H^H^H^H^Hportability!", the OpenBSD devs are making changes in OpenBSD itself which will make the upcoming release of LibreSSL more easily portable to other operating systems:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2014/05/08 15:43:49

Modified files:
	lib/libc/stdlib: Makefile.inc malloc.c 
Added files:
	lib/libc/stdlib: reallocarray.c 

Log message:
move reallocarray() to a seperate file so that -portable applications
can avoid reinventing the wheel
ok guenther schwarze

reallocarray(3) was added to address issues found in the OpenSSL source, and now exists as a single, freely-licensed, easily-included file for any and all who require it to make LibreSSL work on their system, as long as that system isn't Irix running Visual C 1.5.2.

[topicopenbsd]
[ 7 comments 55d13:04 ago ] (flat) (expanded)

Dead Code Walking: What Companies Can Do to Mitigate Old, Bad Code (beck@ interview)
Contributed by pitrh on Thu May 8 19:55:46 2014 (GMT)
from the take-it-out-back-and-set-it-on-fire dept.

Over at Servicevirtualization.com, Bob Beck (beck@) was interviewed for a piece called Dead Code Walking: What Companies Can Do to Mitigate Old, Bad Code about the Heartbleed bug and the subsequent LibreSSL fork. A favorite quote:

ServiceVirtualization: What can organizations do to ensure they are building applications using high-quality, open-source components?

Beck: This is not an open source problem. Itís a problem with any codebase you incorporate or reuse. Examine where they come from, have competent developers look at what they are bringing in, and know what the motivations of the organization is that is developing them. OpenBSD can stand well on its own track record. We are security-focused developers.

[topiceditorial]
[ 5 comments 936d19:10 ago ] (flat) (expanded)

New Compiler Capabilities: -fstack-shuffle and Return Value Guards
Contributed by tbert on Wed May 7 10:03:25 2014 (GMT)
from the doing the fstack shuffle dept.

Martynas Venckus (martynas@) has committed a pair of security-related enhancements to OpenBSD's gcc(1), improving the bug- and exploit-resistance of the entire system.

The first, a new -fstack-shuffle option, hopes to find bugs that were slipping through due to the ordering of variables on the stack.

CVSROOT:        /cvs
Module name:    src
Changes by:     martynas@cvs.openbsd.org        2014/05/06 17:22:33

Modified files:
        gnu/gcc/gcc    : cfgexpand.c common.opt

Log message:
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.

Discussed with Theo at m2k14 hackathon.  "oh god yes" tedu@, "oh nice" djm@

Read more...
[topicopenbsd]
[ 56 comments 4d12:08 ago ] (flat) (expanded)

Privsep Debugging Support: /var/crash/$programname, sysctl-Managed, Added
Contributed by tbert on Wed May 7 19:31:47 2014 (GMT)
from the crash-test-puffy dept.

Debugging privsep code on OpenBSD-current just became a little easier. In this commit, Theo de Raadt (deraadt@) added a new kern.nosuidcoredump value, 3, which makes core dumps go to /var/crash/$programname (assuming the directory exists), and dumps cores named after the crashing program's PID.

Changes by:	deraadt@cvs.openbsd.org	2014/05/03 21:53:38

Modified files:
	sys/kern       : kern_sig.c 
	lib/libc/gen   : sysctl.3 
	sbin/sysctl    : sysctl.8 
	share/man/man5 : core.5 

Log message:
When kern.nosuidcoredump=3, act like =2 but try to dump cores into
the /var/crash/programname/ directory, as root. For instance,
# mkdir /var/crash/bgpd/
# chmod 700 /var/crash/bgpd/    # If you skip this step, you are a moron
# sysctl kern.nosuidcoredump=3
# bgpd
# pkill -ABRT bgpd
# ls /var/crash/bgpd/
14764.core   23207.core   6423.core
Of course, in real life the idea is that you don't kill the daemon but it
crashes and you collect parallel cores.  Careful you don't fill your /var.
Further tuneables are being considered.

Sorry to be picking on bgpd for this example.  I've watched the "too
difficult to debug privsep code" angst for far too long.
ok guenther

[topicopenbsd]
[ 2 comments 943d14:56 ago ] (flat) (expanded)

Android's C Library Has 173 Files of Unchanged OpenBSD Code
Contributed by tbert on Mon May 5 14:19:30 2014 (GMT)
from the good-diffs-make-good-neighbors dept.

On may 2, 2014, a message with the somewhat arcane subject libc: #define to remove support for %n from printf(3)? from the main Android libc maintainer turned up on tech@, where part of the lead in was,

i maintain Android's C library which, as you may know, contains a lot of OpenBSD code. i've been working to clean up our mess and get us back in sync with upstream, and currently have 173 files that are exactly the same as current upstream OpenBSD. (more than we have from the other two BSDs put together.)

There's more after the fold:

Read more...
[topicopenbsd]
[ 3 comments 944d18:51 ago ] (flat) (expanded)

Doing some interesting OpenBSD work? EuroBSDCon 2014 wants to hear from you!
Contributed by pitrh on Mon May 5 20:36:16 2014 (GMT)
from the Talk? Talk! Puffy talk! dept.

EuroBSDCon, The European BSD Conference, is continuing its slow motion tour of European cities with EuroBSDCon 2014 taking place in Sofia, Bulgaria September 25-28 2014.

For this year's edition, there is no program yet, but you can help fix that: If you're doing something interesting with OpenBSD (or really any BSD, but this is an OpenBSD publication), that you could turn into a talk or tutorial, the program committee wants to hear from you.

Send your proposal (100 words or so will do) to submission at eurobsdcon dot org by May 19th, 2014. See the Call for papers for further details.

[topicconf]
[ 0 comments ] (flat) (expanded)

Call for testing: USB HID descriptor parser diff
Contributed by weerd on Mon May 5 20:38:59 2014 (GMT)
from the ueber-sympathetic-developers dept.

This weekend, Martin Pieuchot (mpi@) posted to tech with a diff to improve the HID descriptor parser:

In December 2012 a user reported on misc@ that the Noppoo Mini Choc
84 USB keyboard does not work on OpenBSD [0].  More recently, mcbride@
and yasuoka@ contacted me because they have a mouse that is not properly
recognized.  Both issues are related to our HID descriptor parser.

Read more...
[topichardware]
[ 0 comments ] (flat) (expanded)

Support OpenBSD!

Donate to OpenBSD

Buy OpenBSD products

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Older Stuff
Monday, May 05
18:03 Unknown Impact of OpenSSL Bug (0)
06:19 When Porting LibreSSL, Don't Assume Your OS Is As Sane As OpenBSD (1)
Friday, May 02
10:30 OpenBSD is Now Distributing Signed Patches (3)
08:44 m2k14 report: jasper@ on puppet, misc ports and Octeon (0)
06:18 BSDNow Episode 035: Puffy Firewall (1)
Thursday, May 01
17:37 m2k14: Antoine Jacoutot on GNOME, Heimdal, and Further Heartbleed Fallout (0)
15:32 OpenBSD 5.5 Released (7)
Wednesday, April 30
16:31 Privilege Separated Key Handling added to relayd(8) and smtpd(8) (3)
18:38 Compiling OpenSSH No Longer Requires Linking in OpenSSL (11)

Older Stuff...
Yesterday's Edition...

OpenBSD Errata
[xml]

OpenBSD Resources

XML/RSS/RDF
Users wishing RSS/RDF summary files of OpenBSD Journal, can retrieve: [xml]


[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]