FreeBSD shines while Apple fails

This is an article by Paul Rubens on Serverwatch. Paul analyses the difference between Apple and the FreeBSD (security) Team with regards to tackling security problems:

Apple is making a lot of money these days. The more money it makes, the greater the contempt for its customers it seems to display. A critical bug recently discovered in FreeBSD, and the speed with which this bug was resolved, illustrates this rather well. If you use Apple’s products in your business, be afraid; be very afraid.

Here’s how the sorry story unfolds. FreeBSD 8.0 was released last week, and the latest version of the UNIX-like OS was generally received with approval. FreeBSD enjoys a good reputation with its followers, and many OSes and products contain code based on or borrowed from the OS, including Juniper routers, and — ironically, as we shall see — Mac OS X.

So far so good. Until Monday morning, when researcher Nikolaos Rangos announced he discovered “an unbelievable [sic] simple local r00t bug in recent FreeBSD versions,” along with some exploit code. The vulnerability affected the 8.0 release, as well as the older 7.1 and 7.0 versions of FreeBSD.

All software has bugs, but it’s how people react when things go wrong that you can judge them. Did the FreeBSD folks sit around and do nothing? Did they busy themselves with other things and leave 8.0, 7.1 and 7.0 users vulnerable to pwnage? No, they did not!


Nvidia 64bit graphics card drivers for FreeBSD

freebsd_nvidia_logoThe NVIDIA Corporation releases an initial BETA version of NVIDIA 195.22 FreeBSD graphics drivers for both i386 and amd64 architectures. The drivers support recent versions of the FreeBSD operating system, i.e. 7.2-STABLE and 8.0-RELEASE and provide support for features like SLI, improved compatibility and performance, especially on systems with 4GB or more of RAM. This marks the first driver release for amd64, as it was previously available only for i386 architecture. Please see the original announcement for more information.

I am pleased to announce the initial release of NVIDIA FreeBSD BETA graphics drivers that take advantage of kernel features (see added in FreeBSD 7.3 and 8.0 that enable improved NVIDIA graphics driver support for FreeBSD/i386 and initial support for FreeBSD/amd64.

The binary components of this release are functionally identical to those included with the 195.22 NVIDIA FreeBSD BETA graphics driver release announced earlier (see However, the kernel interface layer updated for FreeBSD 7.3 and 8.0 provides improved compatibility, especially on systems with 4GB or more of RAM, improved performance (mileage will vary between systems) and support for features like SLI. It also introduces support for FreeBSD/amd64.

In order to use this driver release, your system will need to have either FreeBSD 7.3 or FreeBSD 8.0 (or later) installed. Until FreeBSD 7.3 has been released, you can use FreeBSD 7.2 with a current RELENG_7 kernel (__FreeBSD_version__ >= 702106; use of a top-of-tree RELENG_7 kernel is recommended to ensure recent Linux ABI compatibility fixes are picked up). For general installation instructions, please see the README.

Both the FreeBSD/x86 and FreeBSD/x86-64 driver packages include 32-bit Linux ABI compatibility libraries; 64-bit Linux libraries may be included with a future release (when support for Linux/x86-64 compatibility is added to FreeBSD/amd64). The FreeBSD/x86-64 package does not include the FreeBSD/x86 OpenGL libraries; however, the libraries shipped with the FreeBSD/x86 driver package have been tested on FreeBSD/x86-64.


FreeBSD 7.x & 8.x Root Exploit Patched!

A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher discovered.

The flaw is present in FreeBSD 8.0 and is known to affect versions 7.1 and 7.2.

“A short time ago a “local root” exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root.

Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is already widely available I want to make a patch available ASAP. Due to the short timeline, it is possible that this patch will not be the final version which is provided when an advisory is sent out; it is even possible (although highly doubtful) that this patch does not fully fix the issue or introduces new issues — in short, use at your own risk (even more than usual).” (source)

More information and the patch can be found here.

The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables.

II. Problem Description

When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing.

III. Impact

An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run. On most systems configurations, this will allow a local attacker to execute code as the root user.

Death of a FreeBSD contributor: John Birrell

Craig Rodrigues writes that his friend and colleague John Birrell passed away.

John has contributed much to the Free code over the years:

  • port of Sun’s DTrace to FreeBSD (2007)
  • contributed BSD licensed libdwarf to FreeBSD (2008)
  • contributed initial implementation of FreeBSD on DEC Alpha, from NetBSD (1998)
  • contributed original libc_r pthread implementation to FreeBSD before KSE (1998)
  • contributed to port of Sun UltraSPARC-T1 (Niagara) to FreeBSD (2005)

John Birrell was a Unix developer since 1988 and a FreeBSD user since version 1.0.5.  He had a Bachelor Degree in Engineering (Electrical, First Class Honours, 1981) from Monash University in Australia.

Over the years he developed with various commercial Unix variants such as SysVR2/3, Solaris, AIX, HP-UX, OSF/1 and SCO and several embedded operatings systems like VxWorks, LynxOS and Microware’s OS9.

In the open source world he was once a user of NetBSD and OpenBSD in addition to FreeBSD. Afterwards, he preferred just to use FreeBSD.

While on a business trip visiting his employer Juniper Networks in Sunnyvale, California, U.S.A., John suffered a stroke, and passed away on November 20, 2009.

Read more about John and his achievements

FreeBSD 8.0 benchmarked against Linux, OpenSolaris

Phoronix has done another benchmark test of FreeBSD against other *nix systems: Fedora and OpenSolaris.

“With the stable release of FreeBSD 8.0 arriving last week we finally were able to put it up on the test bench and give it a thorough look over with the Phoronix Test Suite. We compared the FreeBSD 8.0 performance between it and the earlier FreeBSD 7.2 release along with Fedora 12 and Ubuntu 9.10 on the Linux side and then the OpenSolaris 2010.02 b127 snapshot on the Sun OS side.

FreeBSD 8.0 introduced support for a TTY layer rewrite, network stack virtualization, improved support for the Sun ZFS file-system, the ULE kernel scheduler by default, a new USB stack, binary compatibility against Fedora 10, and improvements to its 64-bit kernel will allow a NVIDIA 64-bit FreeBSD driver by year’s end, among a plethora of other changes. With today’s benchmarking — compared to our initial Ubuntu 9.10 vs. FreeBSD 8.0 benchmarks from September — we are using the official build of FreeBSD 8.0 without any debugging options and we are also delivering a greater number of test results in this article, along with a greater number of operating systems being compared.

The hardware we are using for benchmarking this time was a Lenovo ThinkPad T61 notebook with an Intel Core 2 Duo T9300 processor, 2GB of system memory, a 100GB Hitachi HTS72201 7200RPM SATA HDD, and a NVIDIA Quadro NVS 140M graphics processor powering a 1680 x 1050 LVDS panel.”

Whatever you think of comparing and benchmarking FreeBSD vs Linux, here’s the comparison

Chromium (Google Chrome) for FreeBSD

chromium google chrome freebsdA fewe months ago we mentioned Ben Laurie’s porting of  the Chromium browser to FreeBSD. There are now more instructions on how to compile this fast browser.

If anybody is interested in building and running Chromium on FreeBSD, before an official port is released, check out these links:

Personally, I think Google Chrome is the best browser available. It’s fast, secure and now also supports bookmark sync and extensions (beta version).

GNOME 2.28.1 for FreeBSD

Gnome 2.28.1 has been released for FreeBSD

On the FreeBSD front, though, a lot went into this release. Major thanks goes to kwm and avl who did a lot of the porting work for this release. In particular, kwm brought in Evolution MAPI support for better Microsoft Exchange integration. Avl made sure that the new gobject introspection repository ports were nicely compartmentalized so that large dependencies aren’t brought in wholesale.

Release Notes (2.28)

FreeBSD Gnome site