Introducing HardenedBSD 12-STABLE

submited 18 December 2018

The first public release of hardened/12-stable/master branch, which contains lots of security improvements over 11-STABLE.

Among those improvements are:

  • Non-Cross-DSO Control-Flow Integrity (CFI) for applications on amd64 and arm64. At this time, CFI is not applied to the kernel.
  • Jailed bhyve.
  • Per-jail toggles for unprivileged process debugging (the security.bsd.unprivilegedprocessdebug sysctl node).
  • Spectre v2 mitigation with retpoline applied to the entirety of base and ports.
  • Symmetric Multi-Threading (SMT) disabled by default (re-enable by setting machdep.hyperthreading_allowed to 1 in loader.conf(5)).
  • Migration of more compiler toolchain components to llvm's implementations (llvm-ar, llvm-nm, and llvm-objdump).
  • Compilation of applications with Link-Time Optimization (LTO).
The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!


20 November 2019
Signal safety in DragonFly  

Some of the larger application sets on DragonFly have had trouble building, and inconsistent problems with that build. i.e. rust would fail, but in different parts of the build process, every time. It looks to be a problem with signal interaction, and there’s now much safer ways to do that on DragonFly.

[email protected] adventures at p2k19  

Next up in the series of p2k19 reports is Ken Westerback ([email protected]).

19 November 2019
DragonFlyBSD Pulls In AMD Radeon Graphics Driver Code From Linux 4.9  

DragonFlyBSD developer François Tigeot has continued doing a good job in continually updating their kernel's graphics driver code with a port of the AMD Radeon graphics source code from the Linux kernel along with related components like TTM memory management.

NomadBSD 1.3 RC1  

The project has published a new development snapshot based on FreeBSD 12.1.

Emergency Space Mode - BSD Now 324  

Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.

p2k19 Hackathon Report: PostgreSQL and Ruby  

Our next p2k19 report comes from Jeremy Evans ([email protected]).

18 November 2019
p2k19 Hackathon Report: Landry Beuil on unveil(2)-ing Mozilla, sqlite3 testing  

Fresh from the just concluded p2k19 hackathon comes this report from Landry breuil ([email protected]).

load more