Skip to content
  • 0 Votes
    1 Posts
    0 Views
    raptor@infosec.exchangeR
    A 27-Year-Old Authentication Bypass in #OpenBSD's #PPP Stackhttps://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html
  • 0 Votes
    1 Posts
    0 Views
    pitrh@mastodon.socialP
    Final week for submitting to #eurobsdcon 2026!https://2026.eurobsdcon.org/cfp/Submit by June 20th, come to Brussels September 9-13 and mingle with #BSD people!We also offer pre-submission guidance/mentoring, see the CFP text.Wonder what BSD and the conferences are about? See https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html@EuroBSDCon #freebsd #netbsd #openbsd #freesoftware #libresoftware #brussels #bruxelles
  • 0 Votes
    8 Posts
    0 Views
    stefano@mastodon.bsd.cafeS
    @DianeBruce @bsdtv i did, back in 2023. Great, indeed!
  • 0 Votes
    1 Posts
    0 Views
    openbsd_es@mastodon.bsd.cafeO
    Nuevo vídeo de The OpenBSD Guy: Instalación de #OpenBSD en Raspberry Pi 4https://youtu.be/y9IJNLJW7v0
  • Getting closer by the day...

    World runbsd freebsd netbsd openbsd eurobsdcon
    1
    0 Votes
    1 Posts
    0 Views
    eurobsdcon@bsd.networkE
    Getting closer by the day... The European *BSD event of 2026! Get your ️ at https://tickets.eurobsdcon.org/eurobsdcon/brussels/While you're at it, don't forget to drop your abstract like it's hot! https://events.eurobsdcon.org/We are still and always looking for first-time *BSD speakers.Whether you are just starting out or have a unique perspective to share, your voice matters!The schedule will be published on ️ 2026-07-15For everything else, peek at https://2026.eurobsdcon.org/More information is added all the time.EuroBSDCon 2026 in Brussels, Belgium September 09-13, 2026#RUNBSD #FreeBSD #NetBSD #OpenBSD #EuroBSDCon #EuroBSDCon2026 #BSD #CFP #Conference #Register
  • One year ago, today.

    World runbsd bsdcan freebsd openbsd netbsd
    11
    0 Votes
    11 Posts
    0 Views
    stefano@mastodon.bsd.cafeS
    @radhitya thanks!
  • 0 Votes
    1 Posts
    0 Views
    pitrh@mastodon.socialP
    syslogd(8) privileged and non-privileged parts now separate binaries https://www.undeadly.org/cgi?action=article;sid=20260612080210 #openbsd #syslogd #privsep #privelegeseparation #separation #security #logging #development
  • Hey #OpenBSD users.

    World openbsd
    1
    0 Votes
    1 Posts
    0 Views
    izder456@fe.disroot.orgI
    Hey #OpenBSD users. I have slowly been working on this now-sprawling hotplugd(8) attach script but I'm not a fan of how messy and complex it has gotten. Any tips to clean it up and make it more modular? I don't like the usbdevs hack, it feels uncomfortable to me for some reason. How do your hotplugd(8) scripts look? /etc/hotplug $ bat -l sh -pp attach #!/bin/ksh DEVCLASS=$1 DEVICE=$2 [ "$DEVCLASS" -eq 0 ] || exit 0 case "$DEVICE" in ugen*) # printer for CUPS if usbdevs -v | grep -q '03f0:dd11'; then ugen=$(usbdevs -v | awk ' /03f0:dd11/ { found=1 } found && /driver: ugen[0-9]+/ { sub(/^[[:space:]]*driver: /, "") print exit } ') [ "$DEVICE" = "$ugen" ] || exit 0 usbctl=$(usbdevs -v | awk -v dev="$ugen" ' /^Controller \/dev\/usb[0-9]+:/ { ctl=$2 sub(":", "", ctl) } $0 ~ ("driver: " dev "$") { print ctl exit } ') logger -t hotplug "Printer attached" if [ -n "$usbctl" ]; then chown _cups:_saned /dev/${ugen}.* "$usbctl" chmod 660 /dev/${ugen}.* "$usbctl" fi # usb midi keyboard setup for LMMS elif usbdevs -v | grep -q '28e9:0001'; then logger -t hotplug "USB Midi Keyboard Attached" ( midicat -q midi/0 -q midithru/0 ) & fi ;; uvideo*) # usb webcam setup for video calls logger -t hotplug "USB Webcam attached" chown nobody:nobody /dev/video* chmod 0777 /dev/video* ;; esac
  • 0 Votes
    1 Posts
    0 Views
    r1w1s1@snac.bsd.cafeR
    Just read a great write-up by @miodvallat@hostux.social on the 2002 OpenSSH trojan incident.It's a fantastic look at early incident response, code auditing, and how OpenBSD handled one of the first major software supply-chain attacks.Definitely worth a read:http://miod.online.fr/software/openbsd/stories/trojan.html#openbsd #openssh #security
  • [Kirill's journal]

    OpenBSD openbsd qemu
    1
    2 Votes
    1 Posts
    65 Views
    CiotBSDC
    ⇒ OpenBSD under QEMU Architecture specific notes for OpenBSD guests under QEMU, with working command lines where installation succeeds and failure points where it does not. https://kirill.korins.ky/articles/openbsd-under-qemu/
  • [Dr Brian R. Callahan]

    OpenBSD openbsd antirop
    1
    1 Votes
    1 Posts
    84 Views
    CiotBSDC
    (06/10) ⇒ A Final Return for OpenBSD Anti-Return-Oriented Programming Mitigations Return-Oriented Programming (ROP) continues to be a serious attack taking advantage of flaws in memory unsafe languages, particularly buffer overflows, to launch arbitrary code execution attacks by chaining together pieces of already existing code in loaded binaries and shared libraries, called gadgets. With the continued reliance on x86_64 CPUs in cloud and personal servers, mitigations that can meaningfully reduce the success of ROP attacks without significant overhead continue to be attractive. We propose the porting of one such software-based anti-ROP mitigation proposed by OpenBSD: compile-time instruction rewriting to avoid opportunities for ROP exploitation. We bring this mitigation, originally developed for the custom OpenBSD implementation of the LLVM compiler suite, to GCC by way of a standalone utility that sits in between the compiler and the assembler and rewrites potential gadget instructions before assembly into object code. Our utility provides a minimal reduction in gadgets with some penalties in binary sizes and performance impacts. We compare our GCC-ported standalone utility to the original OpenBSD LLVM mitigation and discovered that our standalone utility is weaker compared to the original LLVM-based mitigation. However, due to the overall weak reduction in gadgets for both the LLVM-based and GCC-based implementations, we conclude that seemingly obvious mitigations may prove to be anything but, and caution providing security improvements without significant testing and evaluation. https://www.researchgate.net/publication/405728967_A_Final_Return_for_OpenBSD_Anti-Return-Oriented_Programming_Mitigations ping: https://bsd.network/@bcallah/116725877009964245 It seems to be my 200th post here…
  • 0 Votes
    1 Posts
    0 Views
    bcallah@bsd.networkB
    By the way, our first two publications on evaluating #OpenBSD mitigations are out. Both of these papers evaluate some amd64 anti-ROP mitigations: specifically changing the register selection order and semantically equivalent rewriting of instructions that may produce a potential polymorphic gadget instruction. This tracks a paper by mortimer@ back in 2019 at AsiaBSDCon.The TL;DR is "OpenBSD can shrink binaries a little and gain a little performance without any security loss simply by reverting these mitigations." The mitigations did not hold up to independent evaluation.The first paper did an exact 1:1 port of these mitigations to FreeBSD and found that register reallocation eliminates only about 0.3% of unique gadgets, for a 0.5% increase in binary size (mortimer@ claimed 6% reduction and "entirely free"). It is useless at best but more likely actively detrimental, as it produces a false sense of security. It also found the instruction rewriting reduces unique gadgets by about 3.5% with a binary size increase of about 1.8% (mortimer@ claimed 5% reduction with 0.15% binary size increase).We then did a separate implementation of the instruction rewriting mitigation to GCC in the second paper. Our GCC implementation does the older <xchg; op; xchg> dance, as that's what mortimer@'s paper described. This is way worse; producing about a 3% performance hit for no security benefit at all.The only part of both mitigations worth saving is for basic arithmetic, OpenBSD LLVM now takes advantage of the fact that basic arithmetic has two forms. For example, the newer instruction rewriting mitigation turnsaddq %rax, %rbx (48 01 c3)into{load} addq %rax, %rbx (48 03 d8)The new instruction rewriting mitigation is genuinely free in terms of binary size and execution speed, but doesn't move the security needle, so this one can stay as it is harmless. Other rewritings still have the flaw of increasing binary size and reducing performance for no security benefit.Anyhow feel free to read the papers:https://ieeexplore.ieee.org/abstract/document/11458911https://www.researchgate.net/publication/405728967_A_Final_Return_for_OpenBSD_Anti-Return-Oriented_Programming_Mitigations#BSD #FreeBSD #NetBSD #DragonFlyBSD #Linux #Unix #security #cybersecurity
  • I am looking for small computo, requirements are:

    World openbsd netbsd
    29
    0 Votes
    29 Posts
    0 Views
    bpl@snac.bsd.cafeB
    Thank you, I have bought Eee PC, but will keep that in mind. You won 128 sun rays!
  • 0 Votes
    1 Posts
    0 Views
    miodvallat@hostux.socialM
    Here is your last #OpenBSD story before the summer break: that one time OpenSSH was used in a supply-chain attack, before that expression was even coined.http://miod.online.fr/software/openbsd/stories/trojan.html
  • 0 Votes
    3 Posts
    0 Views
    goldfish@mastodon.bsd.cafeG
    @mike_k I set the time and tried again. Still no luck. I've never had this issue on other devices. I also didn't have this issue on my last arm64 RPi install... the only difference in that one was that I installed the sets from http.
  • 0 Votes
    3 Posts
    0 Views
    mjack@mastodon.bsd.cafeM
    @fionescu Thanks, learned something new!https://en.wikipedia.org/wiki/XNU
  • 0 Votes
    4 Posts
    0 Views
    radhitya@navi.lain.dayR
    @goldfish
  • 0 Votes
    3 Posts
    0 Views
    joany@mastodon.bsd.cafeJ
    @Tionisla @orbite Looks good
  • 0 Votes
    1 Posts
    0 Views
    pitrh@mastodon.socialP
    Do you want to come to Brussels, mingle with BSD people, perhaps do a talk, a tutorial or a BOF session?The Call for papers https://2026.eurobsdcon.org/cfp/ is open until June 20th, for the conference in Brussels September 9-13, 2026.We also offer pre-submission guidance/mentoring, see within.Wonder what BSD and the conferences are about? See https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html@EuroBSDCon #freebsd #netbsd #openbsd #freesoftware #libresoftware #brussels #bruxelles
  • 0 Votes
    1 Posts
    0 Views
    eurobsdcon@bsd.networkE
    Hotel Discount Expires The block booking for the hotel is expiring soon!https://2026.eurobsdcon.org/accomodation.htmlIf you were planning to book your hotel early now is your chance!https://www.warwickhotels.com/hotel-barsey-by-warwick/book/dates-of-stay?domain=2026.eurobsdcon.org&groupID=4846572Hotel Barsey by WarwickLouizalaan 381-383, 1050 BrusselLocated near the Flagey area, know for its restaurants and bars.#RUNBSD #FreeBSD #NetBSD #OpenBSD #EuroBSDCon #EuroBSDCon2026 #BSD