June’s issue of the BSD Magazine is now available: BSD Security. Upgrade your skills (free PDF download).

BSD Magazine: BSD Security - upgrade your skills


You’ll find the following subjects inside:

DNSSEC: Threats to DNS Transactions Part 2

The threats to a DNS transaction depend on the type of transaction. Name resolution queries and responses (DNS query/response) between DNS clients (stub resolver or resolving name server) and DNS servers (caching/resolving name server or authoritative name server) could involve any nodes in the Internet. Paul, in his article, looks at protocol-based threats to the operation and administration of DNS.

Anatomy of a FreeBSD Compromise Part 6

While it is impossible to secure a server against every possible form of attack that the dark side may muster, by taking defensive steps the system administrator can make life exceedingly difficult for the hacker and can delay if not totally avoid a successful attack. Rob claims that while many of the suggestions are probably second nature to most admins, it cannot be stressed enough with busy schedules and tight deadlines the importance of preventative maintenance which has a tendency to slip down the priority list. Rob also examines some techniques that can assist in identifying and delaying attacks.

Using Qjail to set up the basejail

FreeBSD’s jail system offers process isolation within a separate environment in order to secure the host system. In case of a compromised service, only the jail running that service is affected. In a similar fashion, ZFS allows the creation of a separate filesystem for each jail. Benedict, in his article, explains how jails can be quickly instantiated using a third party wrapper script called Qjail.

PostgreSQL: Server-Side Programming Part 2

Luca claims that one great advantage of PostgreSQL is that it can run functions written in several foreign languages other than pure SQL and its extension plpgsql or the standard C. There are extensions that allow developers to write procedures using Java, Perl, Python and even Bash-like scripting! In this article Perl will be used as a language for both triggers and procedures showing how PostgreSQL can be flexible for server-side programming.

Synchronization Problems or: How I Learned to Stop Worrying and Love the Sleep Mutex

When two or more threads executing on different processors simultaneously manipulate the same data structure, that structure can be corrupted. Fortunately, FreeBSD contains multiple solutions to this problem. Joseph addresses his article to the problem of data and state corruption caused by concurrent threads.

ZFS Madness with BEADM – How To

Some time ago Slawomir found a good, reliable way of using and installing FreeBSD and described it in my Modern FreeBSD Install 1 2 HOWTO. Now, more then a year later he come back with his experiences about that setup and a proposal of newer and a lot better way of doing it.