Monthly Archive for August, 2009

New BSD Licensed debugger: D

Published on August 29, 2009 in FreeBSD. 0 Comments

D is a systems programming language. Its focus is on combining the power and high performance of C and C++ with the programmer productivity of modern languages like Ruby and Python. Special attention is given to the needs of quality assurance, documentation, management, portability and reliability.

The D language is statically typed and compiles directly to machine code. It’s multiparadigm, supporting many programming styles: imperative, object oriented, and metaprogramming. It’s a member of the C syntax family, and its appearance is very similar to that of C++. Here’s a quick list of features.

Links:

EuroBSDCon 2009

Published on August 29, 2009 in BSD Certification and FreeBSD Conferences. 0 Comments

ukuugThe U.K. Unix and Open Systems User Group (UKUUG) is hosting the EuroBSDCon 2009 in Cambridge from 18-20 September. The conference by many seen as the annual get-together for the European BSD community.

The conference runs over three days starting with many tutorials.

  • Tutorial 1: Kirk McKusick’s FreeBSD Overview, and a focus on FileSystems and VM
  • Tutorial 2: Building the network you need with PF – Peter Hansteen
  • Tutorial 3: SCTP Introduction and Workshop – Randall Stewart

On the second and third day there will be talks on various BSD systems related talks (FreeBSD, NetBSD and PC-BSD).

The BSD Certification Group (BSDCG) will be taking exams on these days too.

Check the EuroBSDCon website for prices, directions, time tables ets

S0urce: www.bsdevents.net (check the BSD calendar for any BSD related events in your area).

Keeping FreeBSD up-to-date

Published on August 28, 2009 in FreeBSD. 0 Comments

Richard Bejtlich wrote four years ago an article titled Keeping FreeBSD Up-To-Date. His goal was to document various ways that a FreeBSD 5.2 system could be updated and upgraded using tools from that time, in an example-drive way that complemented the FreeBSD Handbook.

He has now an updated version that starts with a FreeBSD 7.1 RELEASE system and ends by running FreeBSD 7.2-STABLE.

Sections included are:

  • Introduction
  • FreeBSD Handbook
  • The Short Answer
  • Understanding FreeBSD Versions
  • Learning About Security Issues
  • Starting with the Installation
  • Installing Gnupg and Importing Keys
  • Installing Source Code
  • Installing CVSup
  • Applying Kernel Patches Manually
  • Applying Userland Patches Manually
  • Using CVSup to Apply Patches
  • Using Csup to Apply Patches
  • FreeBSD Update to Upgrade FreeBSD within Versions
  • STABLE: The End of the Line for a Single Version
  • What Comes Next?
  • Conclusion

Download the Keeping FreeBSD Up-To-Date PDF. Richard appreciates any comments and feedback.

Anyone who updates FreeBSD using CVSup through an HTTP Proxy, have a read here.

Living The PC-BSD Lifestyle

Published on August 28, 2009 in PC-BSD. 0 Comments

pc-bsd logo 100x100James Nixon has a post about the PC-BSD lifestyle:

Sitting next to my 47” Westinghouse LCD TV is the iXsystems Apollo Workstation. This workstation is powered by the 5500 series of the Intel® Xeon® processor, an Asus GeForce 9800 GT video card, and 4 gigs of RAM. It came with PC-BSD Galileo Edition (7.1) pre-installed and a handful of applications that immediately increased my quality of life tenfold.

Using free software instead of spending hundreds, or even thousands of dollars on commercial software is great, especially because I enjoy dabbling in Photoshop, FL Studio, Sony Music Studio, as well as playing games such as Left 4 Dead, Half-Life 2, and Eve Online.

The points he’s trying to get across are:

  • PC-BSD is for Gamers
  • PC-BSD is for Music Lovers
  • PC-BSD is for Movie Buffs
  • PC-BSD is for Everyone!

Read James’ Living The PC-BSD Lifestyle post

Two Security Alerts for FreeNAS

Published on August 28, 2009 in FreeNAS. 0 Comments

freenas logo 100x100The Learn FreeNAS blog reported about two recently found security flaws in FreeNAS, which will only affect those connected to the internet.

  1. Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
  2. Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

FreeBSD 6.1 vulnerability exploit

Published on August 27, 2009 in FreeBSD. 0 Comments

The number 1 rule for any sys admin, is to keep systems and servers up-to-date with the latest  security patches. (number 2 rule is to create regular back-ups).

FreeBSD 6.1 suffers from classical check/use race condition on SMP. The bug was fixed in 6.1-STABLE, just before release of 6.2-RELEASE, but was not recognised as security vulnerability.

This code exploits this vulnerability to run root shell.

To find out more about FreeBSD security, refer to the FreeBSD Security Information page.

Update all installed Ports / Applications in FreeBSD

Published on August 27, 2009 in FreeBSD. 0 Comments

It is recommended that to keep FreeBSD systems up to date with the latest application security patches installed via ports collection. But, how to upgrade all packages under FreeBSD?

FreeBSD comes with various tools to to install and update software packages. The portmaster command line tool is used to install and update software packages. There are four steps here. Most of the actions listed in this FAQ are written with the assumption that they will be executed by the root user running the csh or bash shell.

  • Update FreeBSD Ports Tree
  • List All Outdated Packatges FreeBSD Ports Tree
  • Read /usr/ports/UPDATING File
  • Upgrade All Packages / Ports / Apps

All the details step-by-step can be found here (nixcraft)

On a related note, Richard Bejtlich has updated his draft of “Keeping FreeBSD Applications Up-To-Date“, a follow-up to my 2004 article of the same name that use FreeBSD 5.x for the examples.

The document contains the following sections

  • Introduction
  • FreeBSD Handbook
  • A Common Linux Experience
  • Simple Package Installation on FreeBSD
  • Checking for Vulnerable Packages with Portaudit
  • FreeBSD Package Repositories
  • Updating Packages by Deletion and Addition
  • Introducing the FreeBSD Ports Tree
  • Updatng the FreeBSD Ports Tree
  • Installing Portupgrade
  • Updating Packages Using Portupgrade
  • Removing Packages
  • Identifying and Removing Leaf Packages
  • Preparing to Build and Install Packages Using the Ports Tree
  • Building and Installing Packages Using the Ports Tree: A Simple Example
  • Building and Installing Packages Using the Ports Tree: A More Complicated Example
  • Install Packages Built on One System to Another System
  • Installing Screen Using a Remote FreeBSD Ports Tree
  • Reading /usr/ports/UPDATING
  • My Common Package Update Process
  • Conclusion

A PDF can be downloaded from the TaoSecurity website

FreeBSD 8 Getting New Routing Architecture

Published on August 25, 2009 in FreeBSD. 0 Comments

There’s an article on internetnews.com by Sean Michael Kerner on the new routing architecture in FreeBSD 8.0:

“Though the open source FreeBSD operating system has changed in many aspects over the last 16 years of its life, one item that has remained relatively static is its underlying network routing architecture.

No more: It’s getting an overhaul with the upcoming FreeBSD 8.0 release.

FreeBSD 8.0, due out next month, will include a new routing architecture that takes advantage of parallel processing capabilities. According to its developers, the update will provide FreeBSD 8.0 with a faster more advanced routing architecture than the legacy architecture.

It’s an important change for FreeBSD, which has emerged as a key open source operating system for networking vendors, with players like Juniper,Coyote Point, Blue Coat and others offering their own network operating systems that are based on FreeBSD.

The new routing architecture was written Qing Li, senior architect at Blue Coat, as a way to give back to the open source community.

“Blue Coat’s ProxySG networking kernel was partially derived from the FreeBSD kernel. Blue Coat is a sponsor of my open source development work, so this is a good way to contribute to the open source community.”

Li told InternetNews.com

The new routing architecture in FreeBSD 8 is also about optimization, as it reduces data dependencies across networking layers. The end result is a routing architecture that can take better advantage of multi-core, parallel processing CPUs.

“The new routing technology works on both multi-core as well as single-core CPUs. The performance gain is most visible in the multi-core situation, though.”

Li said.

But making changes also has important implications for BSD 8.0, since a key goal of the release is about ensuring a degree of compatibility with prior releases and the existing software ecosystem.

“Since the rewrite affects fundamental packet processing and the operation of protocols within the networking kernel, I had to ensure regression risk was low and compatibility was high,” Li said. “For example, those applications that are part of the ports, which interact with the kernel (e.g. retrieving the routing information, waiting for notification about routing table changes ) will continue to compile and operate semantically correct.”

In a technical paper that Li is publishing and talking about today at a conference in Spain, Li explained that the legacy version of the FreeBSD routing architecture actually reduced parallelism on SMP (define) and parallel architectures.

“As a result of the dependency between L2 and L3 (define), the processing through these two layers was single-threaded. A common parallel TCP/IP protocol stack design is to allow L2 and higher layer processing to run independently of each other, having each processor managing different protocols. The aforementioned locking contention increased processor stalling and prevented one from benefiting from more advanced hardware platforms.”

Li wrote in his paper

According to Li, contention locks consumed as much as 47 percent of a CPU’s time with the legacy routing architecture, determined through a test with eight transmitting threads.

“With the new split L2/L3 design, the L2 and L3 references can be cached in the protocol control block for connected sockets or in a flow table for unconnected sockets and forwarding. Thus we see that very little of the CPU time is now spent in the locking primitives even when there are [eight] transmitting threads.”

Li wrote.

The whole article can be read here.

FreeBSD 9 – FreeBSD CURRENT unfrozen

Published on August 25, 2009 in FreeBSD. 0 Comments

The FreeBSD team has unfrozen the development branch for -HEAD (eventually leading to a 9.0-RELEASE), meaning 8.0 is around the corner and work on FreeBSD 9 can be started.

More about FreeBSD Release Enginering.

m0n0wall 1.3b18 released

Published on August 25, 2009 in M0n0wall. 0 Comments

m0n0wall logo 100x100The m0n0wall team release beta 18 last week. The beta page has been updated to make it easier for you to decide what version is most suitable for you/your system: http://m0n0.ch/wall/beta.php