similar to: GID Games Exploits

Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that

Colleagues, one of my servers had to be rebooted uncleanly and then I have backgrounded fsck locked for more than an our in snaplk: 742 root 1 -4 4 1320K 688K snaplk 0:02 0.00% fsck_ufs File system in question is 200G gmirror on SATA. Usually making a snapshot (e.g., for making dumps) consumes 3-4 minutes for that fs, so it seems to me that filesystem is in a deadlock. Any

Hi, I have strange problem when booting FreeBSD-6.x in HP Proliant ML370 G4. The problem is "-" appears on the screen and it never boots unless somebody hits the "Enter" key. Sometimes even PS2 keyboard doesn't respond during that time. Tried with USB keyboard, same problem. The machine has dual Xeon 3.2 GHz, 1GB of RAM and LSI Logic (mpt-5.0.5.20.00 bios) LSI1030-IT

Why does GCC produce faster code using "-march=pentium2 -mtune=pentium4" on a Pentium 4 chip versus plain -march=pentium4? Try it... CPUTYPE=pentium2 CFLAGS+= -mtune=pentium4 COPTFLAGS+= -mtune=pentium4 -- BSD Podcasts @ http://bsdtalk.blogspot.com/

Seems our current libarchive? That support FreeBSD's tar implementation has a bug where it can create archives it cant read back. This can be seen by simply creating an empty tar.gz file and then trying to expand or list it. In doing the above you get the following error: tar: Unrecognized archive format: Inappropriate file type or format N.B. gtar can list and expand the created file

hi is there any way to build 4.8 release with this fstack protection? or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. //martin

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

currently i'm trying to setup diskless client, which netboots 6.1-PRERELEASE kernel with help of etherboot. i've built custom kernel with `sudo make -j4 buildkernel KERNCONF=DISKLESS CPUTYPE=pentium-mmx -DNO_MODULES' and attached config. kernell loads off tftp server fine, detecting devices, but traps, when trying to mount root fs from nfs server. i've managed to get copy of

Hello! My attempt to build openoffice.org-3 seems to be hanging. Pressing Ctrl-T produces: load: 0.11 cmd: tcsh 79759 [sleeping without queue] 0.00u 0.00s 0% 0k (tcsh is used by OOo's build-script). What is this "sleeping without queue" state, and why is process in it for so long? This is an 4-CPU amd64 system with 4Gb of RAM. Only 16% of the swap is currently in use and

I just updated to RELENG_7 from 6.2 and I'm running into some really annoying issues with jerky mouse movement and skipping sound. This seems to be similar to: Re: SCHED_4BSD in RELENG_7 disturbs workflow This happens both with 4BSD and ULE. I seems to happen when I'm compiling ports and a new cc/bzip2/sh process fires off (I'm just watching top), I'll get the skip/freezeup.

Hello One one of my stable machines I see these messages in /var/log/messages: Mar 3 18:37:41 kg-i82 kernel: 16.011e9e3975b3aa06 too long Mar 3 21:41:42 kg-i82 kernel: 16.016a24cf0742715c too long Mar 3 21:41:58 kg-i82 kernel: 15.feb784aee196608c too short Does anyone know hwat the messages mean, or which part of the kernel they are from? Googling didn't help me. The machine runs FreeBSD

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc

Hello, I have a RELENG_6/AMD64 with an AMD64X2 cpu, 1GB of memory, 512MB swap. I remarked that when I run 2 simulation program [1], sometimes, one of them run one or several of its threads [2] very slowly, but sometimes, it doesn't occur. I remarked that is doesn't depend on SMP/UP, ULE/4BSD, i386/AMD64. It seems to occur also with the kernel stress test under the same conditions (all

In http://www.freebsd.org/releases/7.0R/announce.html says Updating Existing Systems > An upgrade of any existing system to FreeBSD 7.0-RELEASE constitutes > a major version upgrade, so no matter which method you use to update > an older system you should reinstall any ports you have installed on > the machine. This will avoid binaries becoming linked to inconsistent > sets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2 Does this affect FreeBSD? - -Justin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z7QbdYQBw9Ox1VgRAsb2AJ0eZxI/s3Q5KJQxvgROLM8FnU1kiQCfSsma XcJ/R/6s9yQJwBTYDeWI2+Y= =BoVH

We have 10 SuperMicro PDSMi+ 5015M-MTs that are panic'ing every few days. This started shortly after upgrade from 6.2-RELEASE to 6.3-RELEASE with freebsd-update. Other than switching to a debugging kernel, a little sysctl tuning, and patching with freebsd-update, they are stock. The debugging kernel was built from source that is also being patched with freebsd-update. These systems are

We have a little soekris box running freebsd that uses racoon for key management. It's used for setting up an ipsec tunnel. I noticed that one of these devices lost the tunnel this morning. I looked in the log and saw this Jul 23 01:37:57 m0n0wall /kernel: pid 80 (racoon), uid 0, was killed: out of swap space I reproduced this problem using this code. #include <stdlib.h> int

On Fri, Feb 14, 2003 at 12:44:50AM -0800, Kris Kennaway wrote: > On Sat, Jan 18, 2003 at 05:50:05PM -0500, Tim Vanderhoek wrote: > > On Sat, Jan 18, 2003 at 10:38:27PM +0100, Gunnar Flygt wrote: > > > > > > Actually it seems more that some of the pors have huge "include's" > > > as /usr/ports/devel/cdk as it includes the big maninfo.mk, or >

Is there any reason why releases have EoL dates after only 12 months? While it's clear that some sort of EoL is important, I can't think of any security advisories recently which weren't accompanied by patches for all the security branches, even those which are no longer officially supported. Colin Percival