Subscribe: OpenBSD Journal
http://undeadly.org/cgi?action=rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
azure  microsoft azure  new  openbsd azure  openbsd daily  openbsd support  openbsd  read  running openbsd  support  tech  trapsleds 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: OpenBSD Journal

OpenBSD Journal



The OpenBSD Community.



 



OpenBSD now has Trapsleds to make life harder for ROPers

Thu, 22 Jun 2017 06:55:25 GMT

You heard it here (or on tech@) first: Trapsleds are in, and it makes OpenBSD even safer. Work done by Todd Mortimer and submitted to tech@ in the Trapsleds thread was later committed by Theo de Raadt.

Todd's message to tech says,

I have attached a patch that converts NOP padding from the assembler into INT3 padding on amd64. The idea is to remove potentially conveinent NOP sleds from programs and libraries, which makes it harder for an attacker to hit any ROP gadgets or other instructions after a NOP sled.

Read more...




KARL - kernel address randomized link

Tue, 13 Jun 2017 02:52:37 GMT

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) has announced a new randomization feature for kernel protection:

Over the last three weeks I've been working on a new randomization
feature which will protect the kernel.
[...]
Recently I moved all our kernels to a new mapping model, with patrick
and visa taking care of two platforms.
[...]
As a result, every new kernel is unique.  The relative offsets between
functions and data are unique.
[...]
However, snapshots of -current contain a futher change, which I
worked on with Robert Peichaer (rpe@):

That change is scaffolding to ensure you boot a newly-linked kernel
upon every reboot.[...]

Read the full message for the juicy details.

Note that, because of the new mechanisms, unhibernate does not work on -current (for now).




OpenBSD Daily, code review, and you

Fri, 09 Jun 2017 16:48:32 GMT

OpenBSD developer Adam Wolk (awolk@) talks about a community effort to read at least one C source file from OpenBSD every day at https://blog.tintagel.pl/2017/06/09/openbsd-daily.html.

I made a new years resolution to read at least one C source file from OpenBSD daily. The goal was to both get better at C and to contribute more to the base system and userland development.



Running OpenBSD on Azure

Fri, 09 Jun 2017 11:21:52 GMT

A new Microsoft Azure blog entry, Running OpenBSD on Azure, describes OpenBSD support:

Today we are happy to share you that Azure supports OpenBSD 6.1 with the collaboration effort from Esdenera and Microsoft. Meanwhile Esdenera brings their firewall product based on OpenBSD on board Azure Marketplace now.

[Esdenera is Reyk (reyk@) Flöter's company.]

The Register covers this development in Microsoft Azure adds OpenBSD support. Repeat. Azure adds OpenBSD support.

This results from the efforts of mikeb@, reyk@, jsg@, and others.