similar to: Integrity checking NANOBSD images

Hello, Possibly some of you will have read the news about "Hijacking a Macbook in 60 Seconds or Less"[1]. At this time I was searching a wireless card for my server and I wonder how this can affect to the combination FreeBSD+ath(4). The ath_hal page states that FreeBSD use a binary driver and I think it is located in this file[2]. Unlike OpenBSD which affirms that they have

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced:

On a FreeBSD 5.0 the behaviour of screen when connecting to other users sessions have changed. Previously: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3. result failure as userA cant access the ttyX with such a message Current: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3.

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

Hi, I'm pondering building my own SSL accelerator out of a multi-CPU FreeBSD system and a crypto accelerator. What's the recommended hardware crypto accelerator card these days? Thanks, ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org Today's chance of throwing it all away to start a goat farm: 49.1% http://www.BlackHelicopters.org/~mwlucas/

Hi. I've been playing a bit with "use sound card as an entropy source" idea. This simple program does what I wanted: http://people.freebsd.org/~pjd/misc/sndrand.tbz The program is very simple, it should be run with two arguments: % sndtest /dev/dspW 1048576 > rand.data This command will generate 1MB of random data. With my sound card: pcm0: <Intel ICH3 (82801CA)>

I've included all posts till now. Can I ask anyone with older proliant multi-cpu hardware using the smart2 controllers to get in touch with me? I am curious to know if this works for anyone... -D Quoting Danny Carroll <fbsd@dannysplace.net>: > Still more info... > It does not work on 5_0-RELEASE either. > > -D > ----- Original Message ----- > From: "Danny

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

In message <20050731135919.GA43753@afields.ca>, Allan Fields writes: >Yes, this is all very nice, but when is someone actually going to >commit it? ;) I'm (as always) short of time, and GBDE is not the top priority for me for the time being. So I am more than happy to see people band together and improve gbde. The main work necessary is to polish the userland program and that

I have a grown list of IPs that I am "deny ip from ###.### to any". Infected machines, hackers, etc.. Is there a way to have this list outside of rc.firewall and just read it in?

I had originally mentioned this only to 2 people, which was Jordan K. Hubbard and Paul Henning-Kemp, but since I have received a lot of queries on this, I thought I might as well post it on the FreeBSD announce groups. Included below is a posting done on the Linux-atm mailing group, by Pragnesh Sampat. I have just adapted for FreeBSD. RV -------------------------- Announcement

Hello, I think there was already a thread on this. I just want to raise the question again if anyone has successfully booted an gdbe-encrypted filesystem (everything encrypted except the bootloader). The passphrase is entered at the bootloader prompt or embedded in the bootloader. I appreciate any tips. Thanks, - ronnel

a.. http://bsdmag.org/magazine/1114-bsd-firewalls a.. Introduction to NanoBSD NanoBSD is a tool developed by Poul-Henning Kamp phk@FreeBSD.org. It creates a FreeBSD system image for embedded applications, suitable for use on a Compact Flash card (or other mass storage medium). -------------------------------------------------------------------------------- - DANIEL GERZO a.. Feature:

shell# /sbin/devfs rule -s 2 delset shell# /sbin/devfs rule -s 2 add hide shell# /sbin/devfs rule -s 2 add path random unhide shell# /sbin/devfs rule -s 2 add path urandom unhide shell# /sbin/devfs rule -s 2 add path zero unhide shell# /sbin/devfs rule -s 2 add path pty\* unhide shell# /sbin/devfs rule -s 2 add path pty\* unhide shell# /sbin/devfs rule -s 2 add path tty\* unhide shell#

Is it possible to find a repository that hold a newer version of tar. The current version is 1.26 I have some students trying to build Yocto project on my Centos 7 host, but OpenEmbedded reports incompatibility problems with the current version of tar. I thank you on beforehand for any help. |< -- Med venlig hilsen Klaus Kolle Teknikumingeni?r, B.Sc.EE., e-mail : klaus at kolle.dk

Hi all! I found this today on FD: http://seclists.org/fulldisclosure/2012/Aug/4

I read this (http://www.petur.eu/blog/?p=459) blog post today. It's about that a remote user with root privilegs to a FreeBSD jail & user privileges to the jails host machine can obtain root privileges on the host machine. Can someone confirm if this bugg/exploit works?

Hi all. This might seem really naive, but can mtree be used effectively as a native-to-core-OS tripwire equivalent? Would it be as efficient in terms of time-to-run and resource requirements? What sort of pitfalls should I be aware of? Has anyone here done this? If so, would you care to share your scripts/techniques? Thanks, Dave -- ______________________

Just got a pointer to this via ACM "TechNews Alert" for today: http://www.acm.org/technews/articles/2004-6/0818w.html#item2 Seems that "... French computer scientist Antoine Joux reported on Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often used with digital signatures...." There's more in the article cited above. Peace, david -- David H. Wolfskill

We still have MD5 as our default password hash, even though known-hash attacks against MD5 are relatively easy these days. We've supported SHA256 and SHA512 for many years now, so how about making SHA512 the default instead of MD5, like on most Linux distributions? Index: etc/login.conf =================================================================== --- etc/login.conf (revision