Episode Details

Back to Episodes
142: Diving for BSD Perls

142: Diving for BSD Perls

Published 9 years, 10 months ago
Description

This week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you

This episode was brought to you by

iXsystems - Enterprise Servers and Storage for Open SourceDigitalOcean - Simple Cloud Hosting, Built for DevelopersTarsnap - Online Backups for the Truly Paranoid

Headlines

The May issus of BSDMag is now out

  • GhostBSD
  • Reusing OpenBSD's arc4random in multi-threaded user space programs
  • Securing VPN's with GRE / Strongswan
  • Installing XFCE 4.12 on NetBSD 7
  • Interview with Fernando Rodriguez, the co-founder of KeepCoding ***

A rundown of the FPT_WX_EXT.1 security reqiurement for General Purpose Operating Systems by the NSA

  • NIST/NSA Validation Scheme Report
  • The SFR or Security Functional Requirement requires that; "The OS shall prevent allocation of any memory region with both write and execute permissions except for [assignment: list of exceptions]."
  • While nearly all operating systems currently support the use of the NX bit, or the equivalent on processors such as SPARC and ARM, and will correctly mark the stack as non-executable, the fact remains that this in and of itself is deemed insufficient by NIST and NSA.
  • OpenBSD 5.8, FreeBSD, Solaris, RHEL, and most other Linux distro have failed.
  • HardenedBSD passes all three tests out of the box.
  • NetBSD will do so with a single sysctl tweak. Since they are using the PaX model, anything else using PaX, such as a grsecurity-enabled Linux distribution pass these assurance activities as well.
  • OpenBSD 5.9 does not allow memory mapping due to WX being enforced by the kernel, however the kernel will panic if there are any attempts to create such mappings. ***

DistroWatch reviews new features in FreeBSD 10.3

  • DistroWatch did a review of FreeBSD 10.3
  • They ran into a few problems, but hopefully those can be fixed
  • An issue with beadm setting the canmount property incorrectly causing the ZFS BE menu to not work as expected should be resolved in the next version, thanks to a patch from kmoore
  • The limitations of the Linux 64 support are what they are, CentOS 6 is still fairly popular with enterprise software, but hopefully some folks are interested in working on bringing the syscall emulation forward
  • In a third issue, the reviewer seemed to have issues SSHing from inside the jail. This likely has to do with how they got a console in the jail. I remember having problems with this in the past, something about a secure console. ***

BSD Unix: Power to the people, from the code

  • Salon.com has a very long article, chronicling much of the history behind BSD UNIX.
  • It starts with detailing the humble origins of BSD, starting with Bill Joy in the mid-70’s, and then goes through details on how it rapidly grew, and the influence that the University of Berkeley had on open-source.

“But too much focus on Joy, a favorite target for business magazine hagiography, obscures the larger picture. Berkeley’s most important contribution was not s

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us