Valuable News – 2020/03/16

submited 16 March 2020

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!


04 April 2020
Tale of two hypervisor bugs - Escaping from FreeBSD bhyve  

VM escape has become a popular topic of discussion over the last few years. A good amount of research on this topic has been published for various hypervisors like VMware, QEMU, VirtualBox, Xen and Hyper-V. Bhyve is a hypervisor for FreeBSD supporting hardware-assisted virtualization. This paper details the exploitation of two bugs in bhyve - FreeBSD-SA-16:32.bhyve (VGA emulation heap overflow) and CVE-2018-17160 (Firmware Configuration device bss buffer overflow) and some generic techniques which could be used for exploiting other bhyve bugs. Further, the paper also discusses sandbox escapes using PCI device passthrough, and Control-Flow Integrity bypasses in HardenedBSD 12-CURRENT.

In Other BSDs for 2020/04/04  

BSD news from DragonflyBSD Digest.

FreeBSD Office Hours - April 1 2020  

This was the first of the FreeBSD Office Hours sessions. Each Office Hours session, they invite users, contributors, and developers to ask questions, and a team of developers will try to answer or direct the questioner in the appropriate direction.

03 April 2020
MixerTUI 0.1  

MixerTUI 0.1 is out! MixerTUI is an audio mixer with a Terminal User Interface built on the FreeBSD sound system It can show the current Sound Driver configuration and select an audio device: to get its information, change the volume or to set as default, the last feature allows to switch easily audio from/to laptop and hdmi, headphones and speakers, etc.

BSD Now 344: Grains of Salt  

Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
02 April 2020
Extending support for the NetBSD-7 branch  

Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), NetBSD team will announce the end-of-life of the N-2 branch, in this case NetBSD-7. They've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong. Security fixes will still be made to the NetBSD-7 branch.

NetBSD 8.2 is available!  

The third release in the NetBSD-8 is now available. This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.

Update Lenovo X260 BIOS with OpenBSD  

X260 runs OpenBSD fine, but has no CD driver. But one might still need to upgrade its BIOS from time to time. And this is possible using the ISO BIOS image. There are tools on OpenBSD to get this working.

01 April 2020
GhostBSD 20.03 Now Available  

This new build comes with some minor system update and numerous software applications updates. What has changed since 20.02:

  • The default pkg configuration now points to the GhostBSD packages repository instead of FreeBSD.
  • Fixed Update Station to make sure it only runs pkg update alone.
  • Added code to make sure that the update icon appears appropriately.
  • Added wg in notnics of NetworkMgr to avoid adding wireguard as a nics.
Self Hosted Hugo Workflow using BastilleBSD and more!  

"I’ve been playing with Bastille for a few months now. The more I use it, the more it makes 100% sense." Learn how to use Bastille, caddy, restic and more to build a self hosted secure static website on FreeBSD.

NextCloud on OpenBSD  

NextCloud and OpenBSD are complimentary to one another. NextCloud is an awesome, secure and private alternative for propietary platforms, whereas OpenBSD forms the most secure and solid foundation to serve it on. Setting it up in the best way isn’t hard, especially using this step by step tutorial.

31 March 2020
OPNsense 20.1.3 released  

Quick reliability release for all of you out there doing the impossible providing VPN for road warriors and what not. Keep it up!

Running Applications on the NetBSD Rump Kernel - Justin Cormack  

The NetBSD rump kernel has been developed for some years now, allowing NetBSD kernel drivers to be used unmodified in many environments, for example as userspace code. However it is only since last year that it has become possible to easily run unmodified applications on the rump kernel, initially with the rump kernel on Xen port, and then with the rumprun tools to run them in userspace on Linux, FreeBSD and NetBSD. This talk will look at how this is achieved, and look at use cases, including kernel driver development, and lightweight process virtualization.

Rethinking OpenBSD security  

OpenBSD aims to be a secure operating system. In the past few months there were quite a few security errata, however. That’s not too unusual, but some of the recent ones were a bit special. One might even say bad. The OpenBSD approach to security has a few aspects, two of which might be avoiding errors and minimizing the risk of mistakes. Other people have other ideas about how to build secure systems. It’s worth examining whether the OpenBSD approach works, or if this is evidence that it’s doomed to failure.

Full history of DragonFly, documented  

Aaron LI managed to graft FreeBSD code history onto the DragonFly BSD git repository, and he’s documented how he did it. So, you can follow DragonFly code all the way back to 2003, and then FreeBSD code all the way back to…

load more