similar to: ProPolice/SSP in 7.0

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here.

Hi there, I was looking for stack smashing protection under freebsd, so i found libparanoia (/usr/ports/security/libparanoia), i had only one question using the normal 'make install' (so no copy-to-libc). If i add in /ert/make.conf: CFLAGS= -O -pipe -lparanoia -L/usr/local/lib COPTFLAGS= -O -pipe -lparanoia -L/usr/local/lib Will EVERYTHING build from that time (including

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

I was wondering if there's any non-executable stack patch for FreeBSD's kernel. I searched in google but all I got was some questions in freebsd-security back from 2001 and an answer saying someone heard about a project like this, but no information at all. Is there any patch like PaX or Openwall available for FreeBSD? I dont want to discuss if its useless or not since there're a

Hi, I dare to send you this very small patch that defines LOCKED_PASSWD_STRING for the FreeBSD operating system. The manpage had been unclear about this for a long time, up to 5.x days. Since 6.x, it has been made clearer, and thanks to Ceri Davies who highlighted this feature in OpenSSH, I made this patch. I hope this will reach OpenSSH source tree. This is not a big deal and I would add

Hi all Does FreeBSD support a non-executable stack on any of the tier 1 and 2 platforms that has this feature? If not, are there any plans of implementing this and is there a patch I can use for 6.0 (when it is released)? Best regards db

Hi! This is the third and last patch. This patch makes the xen kernel buildable on OpenBSD by adding support for ProPolice. ProPolice has been added to standard GCC in version 4.1.x under the name Stack Smashing Protection (SSP). Cheers Christoph _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

Hi list, (Please Cc: me in your replies because I'm not subscribed to this list.) While trying to build lukemftpd staticaly on FreeBSD, I got a link-time error. Libssh.a indeed provides the "xmalloc" symbol (I suppose there are more). I wonder if this is whether intentional or not. It is a very common function name, and I think it would be worth renaming it to something like

I just wanted to inform that there is new patch donated by Walter Karshat which implements packet overhead and MPU computations to the rate table. See diff for details on arguments. No tc binary available yet at I have to compile it on system with older glibc (not everyone use 2.3.2). ------------------------------- Martin Devera aka devik Linux kernel QoS/HTB maintainer

hi is there any way to build 4.8 release with this fstack protection? or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. //martin

Hello, I think there was already a thread on this. I just want to raise the question again if anyone has successfully booted an gdbe-encrypted filesystem (everything encrypted except the bootloader). The passphrase is entered at the bootloader prompt or embedded in the bootloader. I appreciate any tips. Thanks, - ronnel

----- Forwarded message from Damien Miller <djm@cvs.openbsd.org> ----- Subject: OpenSSH 4.0 released From: Damien Miller <djm@cvs.openbsd.org> Date: Wed, 9 Mar 2005 02:54:13 -0700 (MST) To: announce@openbsd.org X-Original-To: jeremie@le-hen.org Delivered-To: tataz@tataz.chchile.org X-Loop: announce@openbsd.org Precedence: list OpenSSH 4.0 has just been released. It will be available

Hi folks, I think we need to update compat5x binary to fix FreeBSD-SA-05:21.openssl, but will the binaries built by ``make universe'' be identical with actual build on Alpha, Sparc64, etc? (Yes, I'm volunteering to do the work iff they are identical ;-) Cheers, -- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information.

hi I am trying to stop the application running in the VM from the host machine.....that means by typing some command in the host machine, (script or using some API''s or sending some signal to VM from the host), i want stop application running in the VM.......is there any way to do this.....if anybody know this please help me....... I want this because......I want to take VM consistent

Hello, I was playing around with geli an gbde after last EuroBSDCon. I liked the idea of encrypting my data which resides in /home/$user. Since this is a "single" user laptop i intended to encrypt the whole /home partition. Well no problems with that. But i wanted the lockfile or keyfile on a seperate usb disc. Which would be mounted or used during boot of the system. I also used

Hello! Is it possible to compile kernel without '-O' option? When my COPTFLAGS=-O -pipe, it compiles fine. When I change COPTFLAGS=-pipe, it breaks: cc -c -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmis sing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -g -nostdinc -I- -I. -I../.. -I../../../include -I../../contrib/ipfilter

Dear "R" list, Our statisticians usually give us results back in a PDF format. I would like to be able to copy and past tables from "R" output directly into a Microsoft Word table since this will save us tons of time, be more accurate to minimize human copying errors and help us update data in our papers more easily. Do people have suggestions for the best way to do this? I

Hi all, ?Is there any app like denyhosts[1] but intended for MySQLd service? We have a mysql ports (3306) opened for remote connections, and obviously the /var/db/mysql/machine_name.log is full of these kind of entries: ........... 936012 Connect Access denied for user 'user'@'85.19.95.10' (using password: YES) 936013 Connect Access denied for user