BSD BLOG DOT COM

Damien Miller (djm@) recently committed some extra paranoia for malloc(3):

CVSROOT:        /cvs
Module name:    src
Changes by:     djm@     2008/12/29 15:25:50

Modified files:
       lib/libc/stdlib: malloc.3 malloc.c

Log message:
extra paranoia for malloc(3):

Move all runtime options into a structure that is made read-only
(via mprotect) after initialisation to protect against attacks that
overwrite options to turn off malloc protections (e.g. use-after-free)

Allocate the main bookkeeping data (struct dir_info) using mmap(),
thereby giving it an unpredictable address. Place a PROT_NONE guard
page on either side to further frustrate attacks on it.

Add a new 'L' option that maps struct dir_info PROT_NONE except when
in the allocator code itself. Makes attacks on it basically impossible.

feedback tedu deraadt otto canacar
ok otto

Thanks Damien for the hard work!

Marc Balmer (mbalmer@) has updated his blog with a very nice piece about how OpenBSD can be applied in real world applications other than your typical firewall or router.

The blog describes how OpenBSD was setup on Point Of Sales machines at the Basel Zoo.

Please read on for a short excerpt from the blog:

Read more…

An alert reader reported that a recent SANS Institute White Paper describes using OpenBSD and a variety of open source software to protect your parent’s home network.

Read more…

Jason Dixon (jdixon@) wrote to the misc mailinglist about DCBSDCon 2009 now being open for registration.

If you want to attend, please register now!

You can also tune in to the official DCBSDCon blog, here.

Read more…

Austin Hook (austin@) has found a few rare old OpenBSD CD sets.

They can be had via the international web store:

Read more…

Jacob Meuser (jakemsr@) wrote in about his latest patches for azalia(4) audio devices, which are a continuation of his earlier work we mentioned, that he sent to tech@ :

I have just posted a couple patches to tech@. Both are important steps toward a friendlier mixer:

• better names
• remove static mixer configurations

Please also see my website for prebuilt kernels and more details.

Thanks.

If you have azalia in your machine and want to help, please test these patches and report your results to Jacob.

Damien Bergamini (damien@) has committed an update to the man page for the iwn(4) wireless device.
The update describes a firmware update by Intel.

As you know, Intel refuses to grant distribution rights without contractual obligations, so OpenBSD cannot include the firmware file and the users have to download it on their own.

For further reading please see this article here on Undeadly which explains the matter in depth.

There were 7 new ports for the week of December 1 to December 7:

Some ports had
updates that users should be aware of. One port was removed.

Read more…

From the BSDanywhere 4.4 announce page,

We are pleased to announce the immediate availability of BSDanywhere 4.4 - enlightenment at your fingertips.

As always, we release our OpenBSD based images in two flavours: i386 (32bit) and amd64 (64bit). There are no changes compared to the last release candidate:

http://bsdanywhere.org/download/

Here’s a quick summary of the not-to-intense changes since 4.3 (remember, all the innovation comes from OpenBSD anyway):

Read more…

In BSDTalk #167, Will Backman interviews Jason Dixon (jdixon@). They talk about Jason’s work in organizing DCBSDCon and unveil two illustrious speakers, Marshall Kirk McKusick and Henning Brauer (henning@).

File Info: 10Min, 5MB: mp3 or ogg

Thanks for yet another interesting interview Will!