CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD.
OpenBSD is renowned for its security innovations and code quality. With its emphasis on code correctness, exploit mitigation techniques, and a rigorous development process, OpenBSD provides a rich platform and environment for developers to create robust software. This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.
https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/
#develop
OpenBSD is renowned for its security innovations and code quality. With its emphasis on code correctness, exploit mitigation techniques, and a rigorous development process, OpenBSD provides a rich platform and environment for developers to create robust software. This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.
https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/
#develop
HyperbolaBSD Roadmap
This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones...
https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/
#system
This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones...
https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/
#system
Lecture: A systematic evaluation of OpenBSD's mitigations.
OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way...
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10519.html
p. s. isopenbsdsecu.re - coming soon
#security
OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way...
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10519.html
p. s. isopenbsdsecu.re - coming soon
#security
OpenBSD
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) We discovered a Local Privilege Escalation in OpenBSD's dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or…
This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).
https://packetstormsecurity.com/files/155764
#security
https://packetstormsecurity.com/files/155764
#security
Suggestion: Replace Perl with Lua in the OpenBSD Base System.
Hmmm... 🤔 https://openbsd-archive.7691.n7.nabble.com/Suggestion-Replace-Perl-with-Lua-in-the-OpenBSD-Base-System-tt380393.html
#system #misc
Hmmm... 🤔 https://openbsd-archive.7691.n7.nabble.com/Suggestion-Replace-Perl-with-Lua-in-the-OpenBSD-Base-System-tt380393.html
#system #misc
Creating Onion Services on OpenBSD.
https://cloudyday.tech.blog/2020/01/05/creating-onion-services-on-openbsd/
#tor
https://cloudyday.tech.blog/2020/01/05/creating-onion-services-on-openbsd/
#tor
Automating OpenBSD Installs.
https://xenotrope.blogspot.com/2018/04/ansible-week-bonus-automating-openbsd.html
#autoinstall
https://xenotrope.blogspot.com/2018/04/ansible-week-bonus-automating-openbsd.html
#autoinstall
WP2Static and OpenBSD.
Want to setup a WP2Static-friendly, minimal webserver vs using an off the shelf image? We detail the steps for setting up an optimized environment in OpenBSD, our preferred, secure by default, lightweight and easy to maintain operating system.
https://wp2static.com/developers/webserver-setup/
#wordpress #wp2static
Want to setup a WP2Static-friendly, minimal webserver vs using an off the shelf image? We detail the steps for setting up an optimized environment in OpenBSD, our preferred, secure by default, lightweight and easy to maintain operating system.
https://wp2static.com/developers/webserver-setup/
#wordpress #wp2static
cloud-agent for OpenBSD.
This is a simple OpenBSD-specific agent that aims to handle provisioning and cloud initialization on public clouds such as Microsoft Azure and Amazon AWS. For OpenBSD on Azure, it is a minimal alternative to the WALinuxAgent.
https://github.com/reyk/cloud-agent
#cloud #github
This is a simple OpenBSD-specific agent that aims to handle provisioning and cloud initialization on public clouds such as Microsoft Azure and Amazon AWS. For OpenBSD on Azure, it is a minimal alternative to the WALinuxAgent.
https://github.com/reyk/cloud-agent
#cloud #github
OpenBSD: High-Availability Firewalling.
https://stuarthowlette.me.uk/posts/openbsd-firewall-ha/
#firewall #pf #carp
https://stuarthowlette.me.uk/posts/openbsd-firewall-ha/
#firewall #pf #carp
OpenBSD supremacy, Laslo Hunhold.
A look at recent developments in OpenBSD and a discussion about how to include these advances in suckless tools.
https://suckless.org/conferences/2019/
#dev #video
A look at recent developments in OpenBSD and a discussion about how to include these advances in suckless tools.
https://suckless.org/conferences/2019/
#dev #video
LPE and RCE in OpenSMTPD (CVE-2020-7247).
We discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.
https://www.openwall.com/lists/oss-security/2020/01/28/3
#opensmtpd #mail
We discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.
https://www.openwall.com/lists/oss-security/2020/01/28/3
#opensmtpd #mail
Your preferred OpenBSD use case:
Anonymous Poll
40%
Server (router, etc) only.
17%
Desktop only.
43%
Server & Desktop.
Monitoring OpenBSD using CollectD, InfluxDB and Grafana.
In a “get pretty graphs” mood, I’m looking at what can be done regarding OpenBSD monitoring using the CollectD collector and Grafana dashboard renderer. OpenBSD 6.2-current provides InfluxDB and Grafana packages. A great stack for pretty reportings.
https://www.tumfatig.net/20180220/monitoring-openbsd-using-collectd-influxdb-grafana/
#collectd #influxdb #grafana
In a “get pretty graphs” mood, I’m looking at what can be done regarding OpenBSD monitoring using the CollectD collector and Grafana dashboard renderer. OpenBSD 6.2-current provides InfluxDB and Grafana packages. A great stack for pretty reportings.
https://www.tumfatig.net/20180220/monitoring-openbsd-using-collectd-influxdb-grafana/
#collectd #influxdb #grafana
Docker on OpenBSD 6.1.
All thanks to VMM/VMD, Alpine Linux, and the latest OpenBSD improvements
https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110
#docker #vmm #vmd
All thanks to VMM/VMD, Alpine Linux, and the latest OpenBSD improvements
https://medium.com/@dave_voutila/docker-on-openbsd-6-1-current-c620513b8110
#docker #vmm #vmd