https://www.openbsd.org/62.html
Code:
predrag@oko$ uname -a
OpenBSD oko-mobile.bagdala2.net 6.2 GENERIC.MP#134 amd64
predrag@oko$ uname -a
OpenBSD oko-mobile.bagdala2.net 6.2 GENERIC.MP#134 amd64
Although US-CERT show network exploitable vulnerabilities in the base in the past couple of months, and rated like 9.5.
Version 5.9 and earlier were no longer supported in 2017. Since they did not show up in 6.0/6.1 can we assume that they were addressed in a timely fashion?openbsd -- openbsd The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. 2017-03-07 4.9 CVE-2016-6239
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. 2017-03-07 4.9 CVE-2016-6242
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call. 2017-03-07 4.9 CVE-2016-6243
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call. 2017-03-07 4.9 CVE-2016-6245
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node. 2017-03-07 4.9 CVE-2016-6246
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. 2017-03-07 4.9 CVE-2016-6247
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9. 2017-03-07 4.9 CVE-2016-6350
CONFIRM
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID(link is external)
openbsd -- openbsd Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping. 2017-03-07 4.9 CVE-2016-6522
CONFIRM
MLIST(link is external)
MLIST(link is external)
BID
008: SECURITY FIX: May 19, 2017 All architectures
An additional mitigation is added by placing a gap of 1 MB between the stack and mmap spaces.
A source code patch exists which remedies this problem.
It was patched, with an additional mitigation, in May.
The dates of the US-CERTS/CVE:
CVE Dictionary Entry:
CVE-2017-1000372
Original release date:
06/19/2017
Last revised:
06/29/2017
Source:
US-CERT/NIST
Nothing is secure by default - it takes effort and in this particular case is was a proactive effort.So much for secure by default.
There's a good use for Linux: if you need a live operating system to set up a network, where you can't from the operating system on that computer. Puppy Linux is suitable for that.Must bite tongue ... must not enter into religious war ...
I will only use Linux if someone pays me for it (perhaps with the exception of the Raspberry Pi, where FreeBSD is being a little ornery, and I may switch to Raspbian for simplicity).
It is good to have programs that are rebuilt, like security/libressl, where the full operating system and everything in its ports is expected to work with it. I'm more concerned about what gets contributed from OpenBSD to FreeBSD, such as PF.I think OpenBSD is a fine operating system, with a different focus.
Must bite tongue ... must not enter into religious war ...
I think OpenBSD is a fine operating system, with a different focus.
Any interesting changes and/or improvements you encountered?
Any interesting changes and/or improvements you encountered?
Depends what you care about. The easier question would be what has not changed at all and what are the things that suck?Any interesting changes and/or improvements you encountered?
softraid
the matter of the fact remains that OpenBSD still uses fdisk
Master Boot Record (MBR) partitions and lacks the full proper support for GPT (there is GPT switch in fdisk for UEFI installation which works really well) let alone something like GEOM. More importunately OpenBSD still lacks a modern file system (WAPBL for embedded/root partition or HAMMER for storage). The guy who started bringing WAPBL from BitRig port of WAPBL of NetBSD completely disappeared. I would not contemplating running OpenBSD NFS server but even the NFS client is supper slow (I am using at home with DragonFly NFS server which is blazingly fast). Still GNU binutils crap in the base. Unfortunately you can still run Gnome crap on OpenBSD. Hopefully will be pruned soon from the ports three. relayd
and httpd
for example. Too many improvements of native dhcp
client and server to be able to summarise in one sentence. syspatch
is maturing really nicely. Even a major upgrade no longer requires sysmerge. Source patches for the stable branch are the thing of the past thanks to syspatch
. Unfortunately no beadm
If/when you do that could you post the hardware selected and your setup?You can genuinely use OpenBSD on ARM and I am contemplating buying my first ARM firewall.
$ uname -a
OpenBSD tengu 6.2 GENERIC.MP#0 amd64
Binutils' BSD replacement is ELF Tool Chain.Still GNU binutils crap in the base.
Unlike FreeBSD, OpenBSD runs really well on many different architectures and was never Wintel only OS (NetBSD heritage). Until the demise of Sun the default hacking platform was actaully sparc64 because it is big endian. Not that anything besides amd64, armv7, arm64, and octeon (mips64 for network hardware/switches) really matters these days. LLVM is the default compiler only on amd64 (sure on i386 as well but that is dead platform). On all other platforms one of old GCC versions is the default compiler. I think that might be the reason for keeping binutils crap for now in OpenBSD.Binutils' BSD replacement is ELF Tool Chain.
I'm not sure if this is what is in llvm: most of its binutils filename equivalents are prefixed with llvm-.
ELF Tool Chain is a different implementation than GNU devel/elfutils.
(perhaps with the exception of the Raspberry Pi, where FreeBSD is being a little ornery, and I may switch to Raspbian for simplicity). ...
Maybe you have never tried the right Linux distroThat's sad, because I'm very familiar and comfortable with administering *BSD, not so much with any Linux derivative. And because having to use Linux gives me hives, everything is getting so complex and overly integrated (need I say "systemd"?). On the other hand, if it ends up being less work to get Linux = Raspbian to work, I'm willing to deal with it. To me this is not a question of religious principles, just of practicalities.
With Open and FreeBSD, I'm only getting 2-3 MBs.
OpenBSD bsd 6.2 GENERIC.MP#0 amd64
Gosh, that sounds like I'm putting down the OpenBSD people, or something, hopefully, it's clear I'm not.
I think that Broadcom 43438 RPi3 comes with, is not well-supported by anything but Raspbian. Only Gentoo claims to provide a working ARM port for its driver. Yet Realtek-based Wifi dongles do not cost over 10€ and are barely 1x0,5 cm large. Might not be the most elegant solution, but they're that small you'll forget about ever having plugged one of them inFreeBSD basically works on the Raspberry Pi (I have a Pi 3 right now, and will need to add a Pi Zero W).
Problem #1: Wireless does not work for my particular hardware. In one case, that's OK, because the first one is installed in a place where there is wired available, and wireless would be unreliable or non-existing
Some months ago friends gifted me with the Rpi3 I was whishing for for birthdayIn general, FreeBSD on the RPi seems to not be quite ready for prime time yet; too much is only "barely" or "basically" working, and there isn't critical mass for a community that has tried everything and keeps things going yet. In contrast, Raspbian seems to be heavily used and supported.
SARPi is another pretty good choice.Maybe you have never tried the right Linux distroHint: Alpine Linux