FreeBSD foundation newsletter – December 2008

FreeBSD foundation logoPlease find below the FreeBSD Foundation Newsletter for December 2008.

In this Edition:

  • Letter From the Vice President
  • End-of-Year Fundraising Drive
  • Safe Removal of Active Disk Devices
  • Improvements to the FreeBSD TCP Stack
  • Network Stack Virtualization Project
  • FreeBSD Advocacy in Ticino 2008
  • NYCBSDCon 2008
  • EuroBSDCan 2008
  • meetBSD 2008
  • Foundation at meetBSD and Developer Recognition
  • 2008 Grant and Travel Grant Recipients
  • Travel Grant Recipient Spotlight
  • FreeBSD Testimonial from Hobnob, Inc.
  • Financials

Full newsletter below.

Continue reading

The circle of technology and FreeBSD

Ivan Voras writes he read the release notes of FreeBSD 1.1 and it struck him how many developers have joined the Core Team and then moved on, i.e. there’s a lot of fresh blood and no “tsar” heading up the project. Additionally there are also technical and organisational problems that in some way seem to be returning every now and then.

Two things are interesting to me here:

  • The only name in the old core team I recognize is Jordan Hubbard, and he’s not a FreeBSD developer any more (joined Apple for Mac OS X)
  • Some problems, both technical and organizational, are always repeating themselves.
    Full post here

What do you think? Do you agree with this or do you see things differently?

BSDTalk interview with Michael Lauth, CEO of iXsystems

FreeBSD Podcasts

Will Backman from BSDTalk has a 17 minutes interview with Michael Lauth, CEO of iXsystems.

They talk about how iXsystems has build its business model around open source software and how open source software is being used internally as much as possible.

iXsystems offer PC-BSD laptops and desktops, FreeNAS base NAS servers etc

As a sidenote, BSDTalk is celebrating its 3rd birthday. Congratulations, Will. Keep this going!

BSDTalk 168 - Listen to the podcast: MP3 | OGG

OpenBSM 1.1 (alpha 4)

openbsm-logoRobert Watson has announced a test snapshot of OpenBSM 1.1 (alpha 4)  The following are the change notes from the OpenBSM NEWS file included with this release:

  • With the addition of BSM error number mapping, we also need to map the local error number passed to audit_submit(3) to a BSM error number, rather than have the caller perform that conversion.
  • Reallocate user audit events to avoid collisions with Solaris; adopt a more formal allocation scheme, and add some events allocated in Solaris that will be of immediate use on other platforms. 
  • Add an event for Calife. 
  • Add au_strerror(3), which allows generating strings for BSM errors directly, rather than requiring applications to map to the local error space, which might not be able to entirely represent the BSM error number space.
  • Major auditd rewrite for launchd(8) support. Add libauditd library that is shared between launchd and auditd. Add AUDIT_TRIGGER_INITIALIZE trigger (sent via ‘audit -i’) for (re)starting auditing under launchd(8) on Mac OS X.
  • Add ‘current’ symlink to active audit trail.
  • Add crash recovery of previous audit trail file when detected on audit startup that it has not been properly terminated.
  • Add the event AUE_audit_recovery to indicated when an audit trail file has been recovered from not being properly terminated. This event is stored in the new audit trail file and includes the path of recovered audit trail file.
  • Mac OS X and FreeBSD dependent code in auditd.c is separated into auditd_darwin.c and auditd_fbsd.c files.
  • Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls.
  • For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
  • Add support for NOTICE level logging.

This test release is known to build and run (to varying degrees) on FreeBSD 4.x, 5.x, 6.x, 7.x, 8.x, Mac OS X Leopard, Mac OS X Snow Leopard, and OpenSuse Linux.

OpenBSM releases and snapshots can be downloaded from the OpenBSM website

Thanks Robert for emailing me.

FreeBSD 6.4 CDs/DVDs now shipping from FreeBSDMall

iXsystems have announced the availability of FreeBSD 6.4-based products through FreeBSD Mall, one of their subsidiaries. In addition to CD and DVD products, there’s a large collection of FreeBSD shirts, hats, jackets, boxer shorts, stickers, case-plates, coffee mugs, mouse pads, and other promotional materials.

FreeBSD is a free operating system developed by many volunteers. To help iXsystems promote FreeBSD, why not buy some of their product?

Announcement here

FreeBSD 7.1 RC2 available

FreeBSD LogoThe FreeBSD Project has announced the availability of FreeBSD 7.1 Release Candidate 2.

FreeBSD 7.1-RC2 is now available, the second of the Release Candidates. Unless an as yet undiscovered show-stopper comes along the release itself will be anywhere from a week to two weeks from now. We might be doing it next week since the release test cycle has gone on for quite a while now and the latest thing that delayed the release was a Security Advisory (SAs don’t typically get or need much in the way of public testing). The traffic we’re seeing on the lists and in Gnats is certainly stuff we’ll pay attention to and deal with but isn’t quite severe enough to warrant further delaying an already severely delayed release. Continued…

The ISO images and FTP install trees are available on the FreeBSD Mirror sites.

Full release Announcement

Many thanks Prudvi for submitting this story.

Cool board games on FreeBSD

FreeBSD is used a lot on servers but it can be used as desktop operating system as well. You may not be able to play the latest Windows games, but there are plenty of cool board games you can play on FreeBSD (and PC-BSD / DesktopBSD)

K.C. Smith has a post on board games on FreeBSD.

Cool board games… On FreeBSD, of course. There’re many great games in ports of course. In the area of board games, gnuchess, gnugo, and gnubg have been around for a while and are all excellent. gnubg (backgammon) is a very tough opponent! Turns out computers are a lot (lot!) better at backgammon than they are at Go.So, I like board games. I also like to play board games against humans because, well, I guess I’m not that good at them. :) If you’ve got your java web-plugin working, you’ve got a great variety of games you can play against other people on-line. Yahoo! games uses java and has a large user-base and selection of games.

Recently, though, I’ve discovered this website called BoardSpace. It also uses java and works great on FreeBSD. They have bots available for many games — which is nice, it gives you a chance to learn the basics before playing against other people. And, they have a large variety of unusual games. 

More…

FreeBSD Security Advisories (ftpd & protosw)

The FreeBSD Team has issued 2 security warnings:

  • FreeBSD-SA-08:13.protosw – netgraph / bluetooth privilege escalation
  • FreeBSD-SA-08:12.ftpd – Cross-site request forgery in ftpd(8)

FreeBSD-SA-08:13.protosw

I. Background

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. As an early form of object-oriented design, much of the functionality specific to different types of sockets is abstracted via function pointers.

II. Problem Description

Some function pointers for netgraph and bluetooth sockets are not properly initialized.

III. Impact

A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.

For a workaround, solution and patch etc go here

FreeBSD-SA-08:12.ftpd

I. Background

ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server, or a standard-alone server.

A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site.

II. Problem Description

The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command.

III. Impact

This could, with a specifically crafted command, be used in a cross-site request forgery attack.

FreeBSD systems running ftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites.

For a workaround, solution and patch etc go here