FreeBSDNews.com - Page 10 of 247 -

[How-To] Chrony Network Time Server – a FreeBSD install of chronyd (ntp)

June 3, 2016 By Cao Leave a Comment

In this tutorial, the folks at calomel.org show us how to get Chrony set up on FreeBSD. Chrony is an alternative setup of the Network Time Protocol. See the link below for full instructions.

Chrony is an accurate network time daemon and an alternate implementation of the Network Time Protocol (NTP) compared to ntp.org’s NTPd, Ntimed, OpenNTPd and systemd-timesyncd. Chrony can be used to sync with NTP servers, reference clocks (e.g. GPS receiver), and even input by hand for an air-gapped network. The daemon will operate as an NTPv4 (RFC 5905) server and peer providing time service to other computers in the network.

We will build Chrony from source on FreeBSD and the daemon will the configured to be a Network Time Protocol (NTP) server on the local LAN to provide millisecond accuracy to its local clock as well as to the hundreds of clients in the cluster.

Full tutorial: https://calomel.org/chrony_network_time.html

[Blog] OpenBSD/FreeBSD (ZFS) dual-boot & thoughts about GPT/EFI

June 3, 2016 By Cao Leave a Comment

User eerielinux follows up on the earlier article (Setting up a FreeBSD/OpenBSD dual-boot with full disk encryption), using ZFS on root on the installation in this instance. Check out their findings in the link below.

In the previous post I wrote about how to get a computer up and running with a dual-boot of FreeBSD and OpenBSD while using full disk encryption. This worked quite well but a bit later I decided that it would be a good time to do the FreeBSD installation again – this time going the modern way and using ZFS on root. This has led to a surprisingly large amount of problems. In the end I got a working system that uses ZFS, so that I’ve actually got an alternative howto for FreeBSD (the OpenBSD part remains the same as before and can be looked up in the previous post). But it’s all a bit different from what I first thought it would be.

Original post: https://eerielinux.wordpress.com/2016/04/30/openbsdfreebsd-zfs-dual-boot-thoughts-about-gptefi/

[Blog] Analysis of SETFKEY FreeBSD kernel, compatibility layers, vulnerabilities by CTurt

June 3, 2016 By Cao Leave a Comment

FreeBSD security researcher CTurt, known for his recent work in the PS4 kernel exploit, outlines a recent FreeBSD kernel vulnerability found in iotcl handlers. In addition, check out his article on vulnerabilities in FreeBSD compatibility layers.

Every FreeBSD keyboard driver exposes its own ioctl interface to allow it to be configured from userland (through the kbdcontrol utility for example). Typically, these ioctl handlers will implement any specific commands for the hardware, such as enabling or disabling LEDs, and will delegate the rest of the commands to a common handler, called genkbd_commonioctl.

I discovered a vulnerability in this common handler, which has been present since the driver’s introduction in 1999.

Due to a poor default sysctl variable, this bug can be triggered by an unprivileged user, so long as at least one keyboard driver is running (by default the atkbd driver is used), making its impact critical.

I decided to report this bug to the FreeBSD Security Team on April 22, 2016, the day after I had discovered it, and was able to exploit it about a week later. It has been assigned CVE-2016-1886 and Security Advisory 16:18.

In this article I will provide an explanation of the bug, and some of the methods which I considered for exploitation, including the one I had success with: using the corrupted len member of a keytab to trigger a powerful two way heap and stack overflow.

Original post: http://cturt.github.io/SETFKEY.html

Analysis of stack disclosure vulnerabilities in FreeBSD compatibility layers

Arguably one of FreeBSD’s most renowned features is its compatibility layers. In particular, FreeBSD provides compatibility layers for 32-bit Linux binaries and for legacy 4.3BSD software. These are usually enabled by building a custom kernel with the COMPAT_LINUX32 and COMPAT_43 configuration options, however the Linux compatibility layer is also implemented as a separate kernel module, which can be loaded at runtime instead (kldload linux).

Original post: http://cturt.github.io/compat-info-leaks.html

FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd

packet storm – FreeBSD Security Advisory – FreeBSD-SA-16:19.sendmsg

BSDNow.TV Episode 143: One small step for DRM, one giant leap for BSD

June 1, 2016 By Cao Leave a Comment

In this BSD Now episode, hosts Kris Moore and Allan Jude interview Matthew Macy regarding the state of graphics on FreeBSD. Hit play below to tune in:

For this week’s round up of BSD related content from BSD Now: http://www.bsdnow.tv/episodes/2016_05_26-one_small_step_for_drm_one_giant_leap_for_bsd

GhostBSD 10.3 ALPHA 2 available

May 27, 2016 By Cao Leave a Comment

The developers of GhostBSD have made available the second ALPHA for version 10.3. See the link below for the update and full release notes.

This second ALPHA development release is for testing and debugging new feature in GhostBSD 10.3, MATE and XFCE is available on SourceForge for the i386, amd64, and amd64-uefi architectures.

New feature.

UEFI is now supported for 64bit only.

What has been fix.

Gbi log and partition data base is now deleting when closing gbi.
Resetting partition data base when going back the installation type.
4K Partition Alignment.
Networkmgr full SSID name.
System Update duplicating the whole install under /boot/kernel.old
Gbi “back” button error
sudo configuration
Wifi down by default
/etc/localtime not created by installer.
Locales are not correctly set up on installation.
missing kern.vty=vt setting in grub.cf

Official announcement: http://ghostbsd.org/10.3-ALPHA2

DistroWatch – Development Release: GhostBSD 10.3-ALPHA2

Softpedia – GhostBSD 10.3 Development Continues, Now with UEFI Support for 64-Bit Platforms

Phoronix – GhostBSD 10.3 Alpha 2 Has Many Fixes, 64-bit UEFI

Faces of FreeBSD 2016: Michael Lucas

May 27, 2016 By Cao Leave a Comment

Michael W. Lucas, critically acclaimed author of many BSD books, is featured in this edition of Faces of FreeBSD. The FreeBSD Foundation gives a history of how Lucas started and his many contributions to the FreeBSD world. Read his full story in the link below.

Faces of FreeBSD

Back by popular demand, we’re again sharing a story from someone involved in FreeBSD with our Faces of FreeBSD series. It may be a story from someone who’s received funding from us to work on development projects, run conferences, travel to conferences, or advocate for FreeBSD. Or, it may be from someone who gives back to FreeBSD financially or in another way. Regardless, it is always from someone who is making a positive difference in the FreeBSD world.

Here’s a chance to get to know your fellow FreeBSD enthusiasts. Sit back and enjoy the next 2016 Faces of FreeBSD story.

Michael’s Story

My name is Michael W Lucas. I’m originally from Rochester, Michigan, USA, a little farm town outside Detroit, Michigan. As a kid, I’d bike past the grain elevator and see the great big pallets of Purina Monkey Chow next to the train tracks. When I asked my dad about them, he sent me out into the woods and fields to find the monkey farm…

Faces of FreeBSD – Michael W Lucas: https://www.freebsdfoundation.org/blog/faces-of-freebsd-2016-michael-lucas/

[How-To] FreeBSD 10.3 Desktop Install

May 27, 2016 By Cao Leave a Comment

This guide from the folks at SCOpenSource shows you how to get started with FreeBSD, from installation all the way to setting up the desktop environment. Follow the link below for the full instructions.

Installing a Desktop Environment (XFCE) on FreeBSD

In this tutorial, I am going to install FreeBSD 10.3 and then I will install a desktop environment, specifically XFCE. However, the following steps would work for any desktop environment supported by FreeBSD, including, but not limited to, MATE, Gnome, and KDE. Also, this is not a complete guide to installing FreeBSD. If more information or if you have questions not addressed in this guide, please see the FreeBSD documentation on the FreeBSD website.

Step 1 – Downloading

Download FreeBSD 10.3. FreeBSD is available from wwww.freebsd.org. Click the link Get FreeBSD then click your architecture under FreeBSD 10.3-RELEASE …

Full tutorial: https://www.scopensource.com/wiki/FreeBSD_10.3_Desktop_Install

pfSense 2.3.1 RELEASE update

May 27, 2016 By Cao Leave a Comment

An update is available as a follow up to the recently released pfSense version 2.3.1. Version 2.3.1. addressed over 100 bug fixes. See the link below to grab the latest version.

2.3.1 Update 1 (2.3.1_1) is now available. This includes one security fix to the web GUI, and 7 other bug fixes. The 2.3.1-RELEASE change list has been updated with an Update 1 section specifying the changes.

This update will reboot the system after installing.

pfSense 2.3.1 announcement: https://blog.pfsense.org/?p=2050

Update 1 announcement: https://blog.pfsense.org/?p=2068

DistroWatch – BSD Release: pfSense 2.3.1

[Blog] FreeBSD 10.3’s new features, Myths & Misunderstandings: ZFS

May 27, 2016 By Cao Leave a Comment

Check out this lengthy review of FreeBSD 10.3’s features by user Jesse Smith. For those interested in trying out FreeBSD 10.3, he discusses the boot environment, Linux compatibility layer, FreeBSD jails, and more. See the link below to read his full review.

FreeBSD is a venerable operating system, often deployed on servers due to the project’s focus on performance and stability. At the beginning of April the FreeBSD project released version 10.3 of their operating system. The release announcement for FreeBSD 10.3 mentioned several features and improvements which caught my attention. Specifically the availability of ZFS boot environments, 64-bit Linux compatibility and jail improvements were of interest to me. I was especially eager to try out FreeBSD’s new jails technology using the iocage front-end. The iocage software has been presented as an improvement on (and replacement for) Warden, a friendly front-end for handling jail environments.

I already reviewed FreeBSD 10.0 when it was launched and so I plan to skip over most aspects of the new 10.3 release and focus on the key features I listed above, along with the notable changes I encounter. The new release is available in many different builds, ranging from x86 and ARM, to SPARC and PowerPC. For the purposes of my trial I downloaded the 2.6GB DVD image of FreeBSD’s 64-bit x86 edition.

FreeBSD 10.3 review by Jesse Smith: https://distrowatch.com/weekly.php?issue=20160516#freebsd

Also, check out Myths and Misunderstandings: ZFS from the same author. zfsx

This week’s subject is ZFS. ZFS is an advanced file system and storage management technology. Using ZFS it is easy to manage multiple storage devices (usually hard drives), create file system snapshots, work with RAID configurations and mirror disks. I probably run into more misinformation about ZFS than any other open source software, so I will try to tackle several aspects of ZFS quickly.

Myths and Misunderstandings by Jesse Smith: http://distrowatch.com/weekly.php?issue=20150420#myth

LinuxQuestions.org discussion – ZFS: Myths and Misunderstandings (by Jesse Smith)

pfSense 2.3.1-RELEASE now available

May 20, 2016 By Cao Leave a Comment

The developers of pfSense have made available version 2.3.1 release. Download the update or install file. See the links in the summary for a full list of changes.

We are happy to announce the release of pfSense® software version 2.3.1!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes, two security fixes in the GUI, as well as security fixes for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg. The full list of changes is on the 2.3.1 New Features and Changes page.

This release includes a total of 103 bug fixes. 79 regressions in 2.3 have been fixed, mostly minor issues in the new GUI. Several of these are significant issues, and have resolved nearly all the post-upgrade problems encountered in 2.3-RELEASE. 24 issues affecting 2.2.x and prior versions have also been fixed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Official announcement: https://blog.pfsense.org/?p=2050

Softpedia – pfSense 2.3 BSD Firewall Gets Its First Major Update with over 100 Changes