Skip to content

OpenBSD

45 Topics 139 Posts

Strong, secure, no compromises.
For all things OpenBSD, pf, and pledge.

This category can be followed from the open social web via the handle openbsd@billboard.bsd.cafe

  • Welcome to the OpenBSD Section

    Pinned
    1
    3 Votes
    1 Posts
    219 Views
    stefanoS
    Secure by default, no compromises. Discuss anything related to OpenBSD here: pf, pledge, unveil, httpd, relayd, installations, hardware support, or just why you chose OpenBSD and never looked back. Whether you run it as your daily driver or as the silent guardian of your network, this is your table.
  • [dataswamp.org/~solene] Full-featured email server running OpenBSD

    4
    1 Votes
    4 Posts
    15 Views
    CiotBSDC
    @naltun said: tyvm ??? Hummm, maybe: "Thank you very much", isn'it?!
  • [Undeadly.org] OpenBSD logs

    openbsd packetfilter tables
    4
    3 Votes
    4 Posts
    175 Views
    CiotBSDC
    06/29 ⇒ relayd(8) and httpd(8) TLS settings update. Both relayd(8) and httpd(8) now have the "secure" list of allowed crypto methods for HTTPS, which include TLSv1.3 and the TLSv1.2 AEAD cipher suites. The previous list was "HIGH:!aNULL" which contain non-perfect-forward-security methods and this change may cause old clients to not be able to connect. https://undeadly.org/cgi?action=article;sid=20260629165750
  • 4 Votes
    1 Posts
    21 Views
    izder456I
    What title says More info here: https://github.com/outpaddling/desktop-installer/issues/30#issuecomment-4835472901
  • 2 Votes
    3 Posts
    42 Views
    CiotBSDC
    @grahamperrin said: OT ???
  • Partitioning without /usr/src and /usr/obj

    1
    3 Votes
    1 Posts
    17 Views
    V
    Hi! So I have a small VPS with OpenBSD on it and I anticipate that disk space will not be enough, so my question is, if I know that I will never compile the whole system from source, can I just repurpose the space allocated to /usr/obj and /usr/src and mount those partitions where they're needed? Or is this a really really bad idea? It would free up about 10GB (out of 40GB total).
  • SSH port knocking with OpenBSD 7.9

    openbsd ssh port-knocking
    1
    2 Votes
    1 Posts
    61 Views
    CiotBSDC
    Port knocking is mostly a bad idea. But people keep wanting to do it, for some false sense of security. If you don't consider it a security control but a way to keep garbage out of your logs, it might be valid. In my case I'm using an old USG Pro 4 running OpenBSD as my firewall and I'd prefer to avoid writing stuff to the logs, as I'd prefer the flash not to wear out sooner than needed, definitely not thanks to background radiation on the internet. https://dgl.cx/2026/06/ssh-port-knocking-with-openbsd
  • [astharoshe.net] Hello assembler!

    1
    4 Votes
    1 Posts
    47 Views
    naltunN
    Sharing this [1] link as I dive into amd64 assembly programming on OpenBSD (it really came in handy!). This [2] Reddit thread also helped me understand the elf(5) requirements for programming assembly on OpenBSD. Happy hacking! [1] https://astharoshe.net/2020-06-28-Hello_assembler.html [2] https://www.reddit.com/r/openbsd/s/JN0hTLNKQF e: typo
  • 3 Votes
    3 Posts
    97 Views
    CiotBSDC
    @grahamperrin said: … The code originated from FreeBSD, which itself derived it from Cronyx Engineering Ltd.'s implementation written by Serge Vakulenko in 1994-1996. … I assume that FreeBSD is not affected. Surely (!?) But I dont known!
  • [Kirill's journal]

    openbsd qemu
    1
    2 Votes
    1 Posts
    65 Views
    CiotBSDC
    ⇒ OpenBSD under QEMU Architecture specific notes for OpenBSD guests under QEMU, with working command lines where installation succeeds and failure points where it does not. https://kirill.korins.ky/articles/openbsd-under-qemu/
  • [Dr Brian R. Callahan]

    openbsd antirop
    1
    1 Votes
    1 Posts
    84 Views
    CiotBSDC
    (06/10) ⇒ A Final Return for OpenBSD Anti-Return-Oriented Programming Mitigations Return-Oriented Programming (ROP) continues to be a serious attack taking advantage of flaws in memory unsafe languages, particularly buffer overflows, to launch arbitrary code execution attacks by chaining together pieces of already existing code in loaded binaries and shared libraries, called gadgets. With the continued reliance on x86_64 CPUs in cloud and personal servers, mitigations that can meaningfully reduce the success of ROP attacks without significant overhead continue to be attractive. We propose the porting of one such software-based anti-ROP mitigation proposed by OpenBSD: compile-time instruction rewriting to avoid opportunities for ROP exploitation. We bring this mitigation, originally developed for the custom OpenBSD implementation of the LLVM compiler suite, to GCC by way of a standalone utility that sits in between the compiler and the assembler and rewrites potential gadget instructions before assembly into object code. Our utility provides a minimal reduction in gadgets with some penalties in binary sizes and performance impacts. We compare our GCC-ported standalone utility to the original OpenBSD LLVM mitigation and discovered that our standalone utility is weaker compared to the original LLVM-based mitigation. However, due to the overall weak reduction in gadgets for both the LLVM-based and GCC-based implementations, we conclude that seemingly obvious mitigations may prove to be anything but, and caution providing security improvements without significant testing and evaluation. https://www.researchgate.net/publication/405728967_A_Final_Return_for_OpenBSD_Anti-Return-Oriented_Programming_Mitigations ping: https://bsd.network/@bcallah/116725877009964245 It seems to be my 200th post here…
  • [Miod Vallat] OpenBSD stories

    openbsd zaurus
    7
    5 Votes
    7 Posts
    399 Views
    CiotBSDC
    (06/10) ⇒ OpenBSD stories—Trojaned OpenSSH This is a story I had been considering writing for a long time, as many wrong or stupid things have been said or written at the time it happened. Being on a quite sensitive subject, I have however opted to redact a few things, especially the identity of two OpenBSD developers, as well as some IP addresses and other minor details which could help identify them. They will be referred to as dev1 and dev2 in this story. It does not matter who they are, and they really are trustworthy. http://miod.online.fr/software/openbsd/stories/trojan.html Very interesting! Pleaseant to read…
  • Has anyone installed OpenBSD on a Framework 13 AMD 7840?

    14
    2 Votes
    14 Posts
    497 Views
    CiotBSDC
    @Jan ohhh, interesting! The only question left is whether it's possible to install it from Fuguita. At the very least, this should let you know which devices are being detected correctly.
  • Scroll WM on OpenBSD?

    4
    2 Votes
    4 Posts
    199 Views
    CiotBSDC
    The problem is this, and this will always be the answer a member gives you: if the port doesn't exist, create it; otherwise, do without it until someone else does it someday—if ever. That sets the tone; if that's okay with you, great… As you can see on: https://www.openbsd.org/mail.html ports@openbsd.org (Archive) Discussions about using and contributing to the ports tree. (Archive: https://marc.info/?l=openbsd-ports) Browse the archive and you'll see…
  • Personal VPN Setup Using Wireguard, OpenBSD, and Vultr VPS

    2
    4 Votes
    2 Posts
    146 Views
    G
    Thanks for sharing, I will need this soon!
  • ksh tab completions and other nice-to-haves

    1
    1 Votes
    1 Posts
    77 Views
    naltunN
    I came across this [1] nice post detailing how to customize the ksh(1) experience. I came for the tab completions but it has some general ksh wisdom. Sharing it as ksh(1) is the default shell on OpenBSD and it's a great shell in general. [1] https://www.vincentdelft.be/post/post_20210102
  • the work I did on perfecting desktop-installer on OpenBSD has been merged.

    17
    9 Votes
    17 Posts
    802 Views
    izder456I
    [image: 1779402791145-3d230b19-00a3-4225-8320-d2fa5e496ccf-image.jpeg] Reporting Lumina as functional and in a good state. At least for the default locale.
  • OpenBSD 7.9 is released!!

    1
    2 Votes
    1 Posts
    74 Views
    betounixB
    https://www.openbsd.org/
  • #OpenBSD wallpaper collection

    openbsd
    14
    2 Votes
    14 Posts
    497 Views
    etrigan63E
    TBH some were quite usable. I converted one to use as an icon for OpenBSD on my personal startpage. [image: 1779160607261-openbsd_right.png]
  • NGINX (Rift) on OpenBSD: vulnerable?

    1
    1 Votes
    1 Posts
    76 Views
    CiotBSDC
    Hi. About Nginx: Rift vulnerability: On my OpenBSD (actually on 7.8) server, I use Nginx (v1.28.x) ­— I known, normally tomorrow, in few hours, v7.9 will be release, and Nginx will release with 1.30.1 — and I've some rewrite rules. As we can see on this page, I rewroted my rules. Is-it needed on OpenBSD? Your opinion about, plz. In any case, I think — maybe I'm wrong?! — that it's a good idea to get into the habit of “filtering” rewrite rules this way, don't you think? is-not-it?