Bash Vulnerability in FreeBSD

As has been widely reported, a major vulnerability in bash has been discovered. This vulnerability, which is being referred to as “Shellshock”, is considerably less severe in FreeBSD than most other Unix-like systems because bash is not in the base system, and FreeBSD does not link /bin/sh to bash by default. However, anyone running a system that uses bash, or especially one that might allow external input into bash environments, should be aware of this issue and patch any potentially vulnerable systems as soon as possible.

Brian Drewery (bdrewery [at] freebsd.org) has patched the FreeBSD bash port to disable function importing from the environment unless an option is set at build time. Packages should be available soon.

Brian also gave the following tips for reducing exposure to this vulnerablity:

The port is fixed with all known public exploits. The package is
building currently.

However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:

1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI :)
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.

Related links:
https://svnweb.freebsd.org/ports?view=revision&revision=369341
http://blog.pcbsd.org/2014/09/bash-shell-bug/

PC-BSD 10.0.3 update released

pcbsdThe PC-BSD team is pleased to announce the availability of the next PC-BSD quarterly package update, version 10.0.3!

This update includes a number of important bug-fixes, as well as newer packages and desktops. Packages such as Chromium 37.0.2062.94, Cinnamon 2.2.14, Lumina 0.6.2 and more. This release also includes a CD-sized ISO of TrueOS, for users who want to install a server without X. For more details and updating instructions, refer to the notes below.

We are already hard at work on the next major release of PC-BSD, 10.1 later this fall, which will include FreeBSD 10.1-RELEASE under the hood. Users interested in following along with development should sign up for our Testing mailing list.

Check out the official announcement with the list of changes here: http://blog.pcbsd.org/2014/09/pc-bsd-10-0-3-quarterly-package-update-released/

New Lumina source repro and FreeBSD port (PC-BSD)

pcbsdBy popular demand, the source tree for the Lumina project has just been moved to its own repository within the main PC-BSD project tree on GitHub.

In addition to this, an official FreeBSD port for Lumina was just committed to the FreeBSD ports tree which uses the new repo.

By the way, here is a quick usage summary for those that are interested in how “light” Lumina 0.6.2 is on PC-BSD 10.0.3:

System: Netbook with a single 1.6GHz atom processor and 2GB of memory (Fresh installation of PC-BSD 10.0.3 with Lumina 0.6.2)

Usage: ~0.20.4% CPU and ~120MB active memory use (no apps running except an xterm with “top” after a couple minutes for the PC-BSD tray applications to start up and settle down)

Check out the official announcement here: http://blog.pcbsd.org/2014/09/new-lumina-source-repo-and-freebsd-port/

PC-BSD 10.0.2-RELEASE is now available

pcbsdThe developers of PC-BSD have just released the official version of 10.0.2  after a series of test releases. The most notable changes include the new Lumina desktop (still in its alpha stages), as well as a revamp of the AppCafe.

The PC-BSD team is pleased to announce the availability of the next
PC-BSD quarterly update, version 10.0.2!

This update includes a number of important bug-fixes, as well as newer
packages and desktops, such as KDE 4.12.5, Cinnamon 2.2.13, Gnome 3.12.2 and more. This release also includes an alpha release of the new Lumina
desktop which is being developed on PC-BSD. For more details and updating instructions, refer to the notes below.

You can download the DVD/USB image here: http://www.pcbsd.org/en/download.html

Check out the official release announcement here: http://lists.pcbsd.org/pipermail/announce/2014-June/000065.html

PC-BSD 10.0.2-RC2 available for testing

pcbsdThe developers of PC-BSD have just made available the second release candidate for version 10.0.2. You can find the downloads here.

This will (hopefully) be our last RC before releasing 10.0.2 officially sometime on or around the 23rd. We have addressed or fixed most tickets related to the 10.0.2 release, so if you are still running into any issues, please report them using our Trac database.

Users running EDGE or earlier 10.0.2 images can upgrade their packages to the RC2 versions via AppCafe or Package Manager.

Head over to the following link for the official announcement: http://blog.pcbsd.org/2014/06/10-0-2-rc2-available-for-testing/

PC-BSD 10.0.2-PRERELEASE ISO available for testing

pcbsdThe developers of PC-BSD have just released 10.0.2-PRERELEASE ISO:

The next 10.0.2-PRERELEASE ISO is now available for testing and can be downloaded from
http://download.pcbsd.org/iso/10.0-RELEASE/testing/amd64/.

If you have a spare system or virtual machine, consider testing this image. If you find any bugs, report them at https://trac.pcbsd.org so we can take a look at fixing them before 10.0.2 is released later this month.

Check out the official post here: http://blog.pcbsd.org/2014/06/10-0-2-prerelease-iso-available-for-testing/

PC-BSD vs. Ubuntu

PC-BSD Logoubuntu_logo_black-orangeThis article by Make Tech Easier discusses the pros and cons of both PC-BSD and Ubuntu as an open-source desktop operating system. The two operating systems are compared by the ease of use as a desktop, starting with the installation process, desktop environment, and ending with application support and installation.

To read the full article with graphics, check out the following link: http://www.maketecheasier.com/pc-bsd-vs-ubuntu/