Debian kFreeBSD at risk of being dropped

debiaDebian developers warned in a mailing list post that Debian kFreeBSD is at risk of being dropped from official support.

kFreeBSD
========

We remain gravely concerned about the viability of this port. Despite
the reduced scope, we feel that the port is not currently of sufficient
quality to feature as a fully supported release architecture in Jessie.
However, we accept that our published view of the port has not been as
‘clear and unambiguous’ as we would wish.

We therefore advise the kFreeBSD porters that the port is in danger of
being dropped from Jessie, and invite any porters who are able to commit
to working on the port in the long term to make themselves known *now*.
The factor that gives us greatest concern is the human resources
available to the port.

Porters of any architecture need to bear in mind that being part of a
stable release is a long commitment to both taking care of stable and
oldstable, and continuing development in sid. It has implications for
the security team, release team, DSA and other parties.

The urgency of this matter cannot be over-stated. We will assess the
viability of kFreeBSD in Jessie on or after 1st November, and a yes/no
decision will be taken at that time. This will not be a full
architecture qualification, but a simple decision on whether or not the
release team’s concerns have been adequately addressed.

Check out the official announcement here: https://lists.debian.org/debian-devel-announce/2014/09/msg00002.html

FreeNAS 9.2.1.8 is now available

FreeNAS_logo_lightThe developers of FreeNAS have made available version 9.2.1.8.

Time for another FreeNAS release! This one fixes a number of issues in 9.2.1.7 as well as addressing the “shellshock” security vulnerability in bash (to which FreeNAS is not generally vulnerable as bash is not the system shell, but it was still worth fixing).

The list of bugs fixed in 9.2.1.8-RELEASE can be found here. The release notes for 9.2.1.8:

Check out the official announcement here: http://forums.freenas.org/index.php?threads/freenas-9-2-1-8-release-is-now-available.23773

Installing tomcat7 on FreeBSD

apachetomcat7This short tutorial by tugrulaslan will show you how to install tomcat7 on FreeBSD.

I’ve been wondering and playing around with FreeBSD recently as well as discovering the power of free unix operating system. So long story short I have installed FreeBSD on a virtual machine so that I can well manage it. So far I would like to enhance my operating system with free stuff and I have discovered the installation of tomcat on my freebsd. So let us get started.

First of all we need to install Java. There are two options first of all to make it clear that its very easy to install OpenJDK on freebsd because of I believe licensing issues that freebsd offers openjdk from its ports and it seems very painful to install Oracle JDK on it. So I will walk along with OpenJDK depending on your preference you may install Oracle JDK as well.

For full instructions head on over to the following link: http://tugrulaslan.com/?p=461

Installing MySQL on FreeBSD

MySQL.svg
This short tutorial by tugrulasan will show you how to install MySQL on FreeBSD.

Go to the installation folder
cd /usr/ports/databases/mysql56-server

carry out the installation command
make install clean

After a long run of installation edit the below file
nano /etc/rc.conf

add this line and save&exit
mysql_enable="YES"

start the server
/usr/local/etc/rc.d/mysql-server start

Set the root password
mysqladmin -u root password "YOUR-PASSWORD-GOES-HERE"

connect to your server
mysql -u root -p

Then to see status type in

mysql=> STATUS;

Check out the official post here: http://tugrulaslan.com/?p=467

Introducing ASLR In FreeBSD

Address Space Layout Randomization, an exploit mitigation technique which randomizes the in-memory layout of executables, is a feature lacking in FreeBSD that people have been asking for for a number of years. Oliver Pinter and Shawn Webb have come up with an innovative implementation of ASLR for FreeBSD. This presentation gives an introduction and a live demo of our ASLR implementation.

http://lanyrd.com/2014/eurobsdcon/sdffby/

Coverage of the session can be found here: https://github.com/lattera/presentations/blob/master/eurobsdcon/2014/introducing_aslr_in_freebsd.slide

FreeBSD Foundation Upcoming Events

The Foundation is pleased to attend a number of events over the coming months:

EuroBSDcon '14EuroBSDCon 2014

September 27-28, Sofia, Bulgaria

 

Diversity '14USENIX Diversity ’14

October 5, 2014, Broomfield CO

 

OSDI'14USENIX OSDI ’14

October 6-8, 2014, Broomfield, CO

 

GraceHopper 2014Grace Hopper Celebration

October 8-10, 2014, Phoenix, AZ

 

MeetBSD 2014MeetBSD California 2014

November 1-2, 2014, San Jose, CA

 

LISA14USENIX LISA ’14

November 9-14, 2014, Seattle, WA

 

For a description of each event, head on over to the following link: https://www.freebsdfoundation.org/activities/upcoming_events

Bash Vulnerability in FreeBSD

As has been widely reported, a major vulnerability in bash has been discovered. This vulnerability, which is being referred to as “Shellshock”, is considerably less severe in FreeBSD than most other Unix-like systems because bash is not in the base system, and FreeBSD does not link /bin/sh to bash by default. However, anyone running a system that uses bash, or especially one that might allow external input into bash environments, should be aware of this issue and patch any potentially vulnerable systems as soon as possible.

Brian Drewery (bdrewery [at] freebsd.org) has patched the FreeBSD bash port to disable function importing from the environment unless an option is set at build time. Packages should be available soon.

Brian also gave the following tips for reducing exposure to this vulnerablity:

The port is fixed with all known public exploits. The package is
building currently.

However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:

1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI :)
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.

Related links:
https://svnweb.freebsd.org/ports?view=revision&revision=369341

http://blog.pcbsd.org/2014/09/bash-shell-bug/