OpenBSD on Google Compute Engine.
This tutorial outlines a simple way to get OpenBSD working on GCE, utilizing only OpenBSD to create the image and send up into gcloud.
https://www.findelabs.com/post/openbsd-on-gce/
#gce #gcloud
This tutorial outlines a simple way to get OpenBSD working on GCE, utilizing only OpenBSD to create the image and send up into gcloud.
https://www.findelabs.com/post/openbsd-on-gce/
#gce #gcloud
BSD, C, httpd, SQLite.
BCHS is an open source software stack for web applications. To prepare a BCHS environment, install OpenBSD, start your editor of choice, and get to work. https://learnbchs.org/index.html
#bchs
BCHS is an open source software stack for web applications. To prepare a BCHS environment, install OpenBSD, start your editor of choice, and get to work. https://learnbchs.org/index.html
#bchs
OpenBSD & WireGuard VPN.
WireGuard VPN Server on a Cloud VPS on OpenBSD 6.6 with Full Disk Encryption.
https://www.cryptsus.com/blog/wireguard-vpn-privacy-server-on-a-vultr-cloud-vps-on-openbsd-6.6-with-full-disk-encryption.html
#wireguard #vpn
WireGuard VPN Server on a Cloud VPS on OpenBSD 6.6 with Full Disk Encryption.
https://www.cryptsus.com/blog/wireguard-vpn-privacy-server-on-a-vultr-cloud-vps-on-openbsd-6.6-with-full-disk-encryption.html
#wireguard #vpn
syscall call-from verification
The following change only permits system calls from address-ranges in the process which system calls are expected from.
If you manage to upload exploit code containing a raw system call sequence and instruction, and mprotect -w+x that block, such a system call will not succeed but the process is killed. This obliges the attacker to use the libc system call stubs, which in some circumstances are difficult to find due to libc random-relinking at boot...
https://marc.info/?l=openbsd-tech&m=157488907117170
#syscall
The following change only permits system calls from address-ranges in the process which system calls are expected from.
If you manage to upload exploit code containing a raw system call sequence and instruction, and mprotect -w+x that block, such a system call will not succeed but the process is killed. This obliges the attacker to use the libc system call stubs, which in some circumstances are difficult to find due to libc random-relinking at boot...
https://marc.info/?l=openbsd-tech&m=157488907117170
#syscall
rcctl-stat.
See which services are enabled in OpenBSD. https://github.com/dantecatalfamo/rcctl-stat
#github #rcctl
See which services are enabled in OpenBSD. https://github.com/dantecatalfamo/rcctl-stat
#github #rcctl
pkg_ping.
Determines and prints or writes the fastest OpenBSD mirror for "/etc/installurl". https://github.com/lukensmall/pkg_ping
#github #pkg
Determines and prints or writes the fastest OpenBSD mirror for "/etc/installurl". https://github.com/lukensmall/pkg_ping
#github #pkg
Authentication vulnerabilities in OpenBSD.
We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.
https://www.openwall.com/lists/oss-security/2019/12/04/5
#security
We discovered an authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.
https://www.openwall.com/lists/oss-security/2019/12/04/5
#security
attention please: host's IP stack behavior got changed slightly.
commit from today [1] makes IP stack more paranoid. Up to now OpenBSD implemented so called 'weak host model' [2]. The today's commit alters that for hosts, which don't forward packets (don't act as routers)...
https://undeadly.org/cgi?action=article;sid=20191209024432
#network
commit from today [1] makes IP stack more paranoid. Up to now OpenBSD implemented so called 'weak host model' [2]. The today's commit alters that for hosts, which don't forward packets (don't act as routers)...
https://undeadly.org/cgi?action=article;sid=20191209024432
#network
An OpenBSD desktop using WindowMaker.
Since I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64...
https://www.tumfatig.net/20190215/an-openbsd-desktop-using-windowmaker/
#desktop #windowmaker
Since I started using *N?X, I’ve regularly used WindowMaker. I’ve always liked the look and feel, the dock system and the dockapps. It may look a bit oldish nowadays. And that’s enough to try to change this. So here it is, a 2019 flavored WindowMaker Desktop, running on OpenBSD 6.4/amd64...
https://www.tumfatig.net/20190215/an-openbsd-desktop-using-windowmaker/
#desktop #windowmaker
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726)
We discovered a Local Privilege Escalation in OpenBSD's dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges.
We developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.
https://www.openwall.com/lists/oss-security/2019/12/11/9
#security
We discovered a Local Privilege Escalation in OpenBSD's dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges.
We developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.
https://www.openwall.com/lists/oss-security/2019/12/11/9
#security
Why computers suck and how learning from OpenBSD can make them marginally less horrible.
https://telegra.ph/Why-OpenBSD-is-marginally-less-horrible-12-05
#feedback
https://telegra.ph/Why-OpenBSD-is-marginally-less-horrible-12-05
#feedback
OpenBSD: Local privilege escalation via S/Key and YubiKey.
OpenBSD, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root’s file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
https://allelesecurity.com/asa-2019-00653/
#security
OpenBSD, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root’s file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
https://allelesecurity.com/asa-2019-00653/
#security
CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD.
OpenBSD is renowned for its security innovations and code quality. With its emphasis on code correctness, exploit mitigation techniques, and a rigorous development process, OpenBSD provides a rich platform and environment for developers to create robust software. This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.
https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/
#develop
OpenBSD is renowned for its security innovations and code quality. With its emphasis on code correctness, exploit mitigation techniques, and a rigorous development process, OpenBSD provides a rich platform and environment for developers to create robust software. This talk explores various OpenBSD programs, exploit mitigation techniques, tools, and development practices to show how you can use them to write code that is safe, robust, and resistant to exploits – even if your code is meant for platforms other than OpenBSD.
https://lteo.net/blog/2019/04/27/carolinacon-15-writing-exploit-resistant-code-with-openbsd/
#develop
HyperbolaBSD Roadmap
This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones...
https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/
#system
This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones...
https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/
#system
Lecture: A systematic evaluation of OpenBSD's mitigations.
OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way...
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10519.html
p. s. isopenbsdsecu.re - coming soon
#security
OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way...
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10519.html
p. s. isopenbsdsecu.re - coming soon
#security
OpenBSD
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) We discovered a Local Privilege Escalation in OpenBSD's dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or…
This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).
https://packetstormsecurity.com/files/155764
#security
https://packetstormsecurity.com/files/155764
#security