Podcast Episode Details

Back to Podcast Episodes
151: Fuzzy Auditing

151: Fuzzy Auditing

This week on BSDNow, we have all sorts of interesting news, including a Kernel Fuzzing audit done for OpenBSD, a much improved

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open Source />DigitalOcean - Simple Cloud Hosting, Built for <br> DevelopersTarsnap - Online Backups for the Truly <br> Paranoid

Headlines

Multiple Bugs in OpenBSD Kernel

  • Its patch Wednesday! (OR last Thursday if you were watching the mailing lists)
  • Jesse Hertz and Tim Newsham (part of the NCC Group calling themselves project Triforce) have been working with the OpenBSD team to fix some newly discovered bugs in the kernel using fuzzing.
  • Specifically they were able to track down several potential methods to corrupt memory or panic the kernel:
    • mmap_panic: Malicious calls to mmap() can trigger an allocation panic or trigger memory corruption.
    • kevent_panic: Any user can panic the kernel with the kevent system call.
    • thrsleep_panic: Any user can panic the kernel with the __thrsleep system Call.
    • thrsigdivert_panic: Any user can panic the kernel with the __thrsigdivert system call.
    • ufs_getdents_panic: Any user can panic the kernel with the getdents system call.
    • mount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when mounting a tmpfs filesystem.
    • unmount_panic: Root users, or users on systems with kern.usermount set to true, can trigger a kernel panic when unmounting a filesystem.
    • tmpfs_mknod_panic: Root can panic kernel with mknod on a tmpfs filesystem.
  • This was a great find, and we have a link to more of the results, if you would like to explore them in more detail.
  • NCC Group OpenBSD Kernel fuzzing results
  • Would like to see more work like this done in all of the BSDs ***

Running CockroachDB in a FreeBSD Jail

  • The developers behind CockroachDB have written up a nice walkthrough of getting their software to run inside FreeBSD jails.

“Manually encapsulating CockroachDB using Linux cgroups is no easy task, which is why tools like Docker exist in the first place. By comparison, running server processes natively in FreeBSD jails is straightforward and robust.”

  • The walkthrough begins with compiling CockroachDB straight from source (A port is pending), which is pretty easy relying upon bash / git / gmake and GO.
  • With the compile finished, the next step will be mounting linprocfs, although that may be going away in the future:

“(Note: Linux compatibility files / packages / libraries are not needed further. CockroachDB uses Linux’s procfs to inspect system properties via gosigar. If/when gosigar evolves to read FreeBSD properties natively, CockroachDB will not need linprocfs any more.)”

  • With the initial setup complete, the walkthrough then takes us through the process of creating the rc.d script (Which should be included with the port) and ultimately setting up ezjail and deploying CockroachDB within.
  • With the word getting out about jails and their functionality, we hope to see more projects also provide walkthroughs and FreeBSD support natively. Kudos to the CockroachDB team! ***

    Published on 9 years, 5 months ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait