The first BETA build for the FreeBSD-9.1 release cycle is now available.
U-Boot for Raspberry Pi is now working. This is a “fairly stable, flexible u-boot distribution suitable to be used as an environment for OS bring-up”.
So, current state of affairs is:
- USB support
- SD card support (FAT filesystem)
- Support for built-in USB ethernet
- Autoimport environment from uEnv.txt
- Autorun of boot script (boot.scr)
Next stage is to get FreeBSD working on Raspberry Pi.
David Chisnall looks at Capsicum, a new capability-oriented security model in FreeBSD 9, and how it can be used to implement reduced and separated privilege with small modifications to existing applications.
Read the article: Capsicum: Lightweight Isolation for FreeBSD Processes
Below we have some useful howto’s and tutorials collected over the last few weeks
- HowTo: Enable Wake-on-LAN on FreeBSD (linuxbsdsharing)
- HowTo: Install and setup MiniDLNA on FreeBSD (linuxbsdsharing)
- CFEngine3 on FreeBSD (wunki)
Bill Toulas from unixmen.com conducted an interview with Dru Lavigne on FreeBSD. They talk about how she started with FreeBSD, how the FreeBSD Project is run, what she thinks the advantages of using FreeBSD are etc.
The FreeBSD Foundation has announced that Pawel Jakub Dawidek has been awarded a grant to develop a comprehensive userspace framework for writing Capsicum-based applications, building on the kernel features originally developed by the University of Cambridge and Google Research. Pawel was rewarded grants previously for the HAST and auditdistd projects.
This framework will include a Capsicum runtime linker and component library providing sandboxed versions of key higher-level system libraries. Components will both be sandboxed, improving resistance to vulnerabilities, and also easily available for delegation to sandboxed applications, such as the Chromium web browser. The prototype libcapsicum developed by Cambridge will be analyzed and updated based on lessons learned in implementing Capsicumised software packages, such as hastd and auditdistd. Funding for this project will be provided by the FreeBSD Foundation matched 100% by the Google Open Source Program Office, in support of open source technology transition of Capsicum.
“A continuing challenge in security is to find solutions that not only fix the problems but also can be applied to existing technologies: attractive though the notion is, we are not going to persuade the world to rewrite everything! This is why we at Google are pleased and excited to support the continuing development of Capsicum, which radically improves the security of UNIX based systems whilst allowing a continuous migration path from today’s mechanisms to tomorrow’s,”
said Ben Laurie, Google Senior Staff Software Engineer.
“I’m very excited to be able to work on Capsicum. Some of my software is already using Capsicum, so I’m fully aware of the great potential of this framework. This technology is so much superior than the current attempts to provide sandboxing using tools like chroot(2) or unprivileged user credentials. No matter how corny it sounds, I strongly believe Capsicum can make the Internet a safer place.”
This project will conclude in August, 2012
Not directly related to these breaches, but still in the realm of security, Poul-Henning Kamp, the author of md5crypt(), has said that md5crypt() is no longer secure despite being recommended as a password hashing function. md5crypt is used to encrypt passwords on some FreeBSD systems.
The md5crypt password scrambler was created in 1995 by yours truly and was, back then, a sufficiently strong protection for passwords.
New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days.
As the author of md5crypt, I implore everybody to migrate to a stronger password scrambler without undue delay.