similar to: systrace for FreeBSD 5.1

Displaying 20 results from an estimated 1200 matches similar to: "systrace for FreeBSD 5.1"

2003 Jun 10
2
CerbNG v1.0-RC2 is now avaliable!
Hello! We are proudly announce that CerbNG-1.0 Release Candidate 2 is now avaliable. There are many changes from RC1 (many new functionalities, some bug fixes, new interesting policies, new regression tests and more). It seems that CerbNG is stable for now, so we hope that the next version is going to be final 1.0 series release. We count on feedback from FreeBSD community in founding bugs (if
2003 Jun 10
2
CerbNG v1.0-RC2 is now avaliable!
Hello! We are proudly announce that CerbNG-1.0 Release Candidate 2 is now avaliable. There are many changes from RC1 (many new functionalities, some bug fixes, new interesting policies, new regression tests and more). It seems that CerbNG is stable for now, so we hope that the next version is going to be final 1.0 series release. We count on feedback from FreeBSD community in founding bugs (if
2007 Aug 09
9
Is DTrace Vulnerable?
There is a Slashdot discussion today titled "Cambridge Researcher Breaks OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s Dtrace might be vulnerable." I don''t think it is. Comments? Exploiting Concurrency Vulnerabilities in System Call Wrappers http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf Abstract
2003 Apr 13
2
chroot() as non-root user?
I suspect this has been asked before but I'll ask anyway. Q1: Is it possible for a non-root process to perform a chroot? My interest is this: I have a typical ISP hosting account (verio; on a FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet protect myself (and my email, and my .ssh keys) from bugs being exploited in those CGI packages. Chroot at the start
2006 Apr 05
23
DTrace as a security tool / http://systrace.org
I''d like to see if we can use DTrace to as the kernel implementation of the BSD systrace security policy system (http://www.systrace.org). I don''t really want to port systrace to Solaris because I think with DTrace we already have all the necessary in kernel hooks to do this. With systrace you express things like: "httpd can bind to port 80 but not any other port, it
2011 Aug 14
10
Call for testing: OpenSSH-5.9
Hi, OpenSSH 5.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains a couple of new features and changes and bug fixes. Testing of the new sandboxed privilege separation mode (see below) would be particularly appreciated. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another
2010 Apr 24
3
Installing multiple discs
I need help! I installed Winebottler, and installed the first disc of a 4 disc windows program on my mac book pro. But when I went to install disc 2 when prompted, I had to quit Winebottler to put the disc in. But I need Winebottler running to do the install. How do I do it? David Murphey
2011 Sep 06
2
Announce: OpenSSH 5.9 released
OpenSSH 5.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,
2011 Sep 06
2
Announce: OpenSSH 5.9 released
OpenSSH 5.9 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,
2014 Feb 28
5
Call for testing: OpenSSH 6.6
Hi, OpenSSH 6.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a small release mostly to fix some minor but annoying bugs in openssh-6.5. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable
2011 Jun 23
1
sandbox for OS X
Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to
2006 Mar 06
6
gmirror(8) and graid3(8) changes.
Hi. Here you can find patches with changes to gmirror(8) and graid3(8): http://people.freebsd.org/~pjd/patches/gmirror.7.patch http://people.freebsd.org/~pjd/patches/graid3.patch The patches does the following: - Significant synchronization speed improvement. Now many parallel synchronization I/O requests can be used instead of only one before. Many people requested this. - Close race
2006 Nov 02
11
ZFS and memory usage.
ZFS works really stable on FreeBSD, but I''m biggest problem is how to control ZFS memory usage. I''ve no idea how to leash that beast. FreeBSD has a backpresure mechanism. I can register my function so it will be called when there are memory problems, which I do. I using it for ARC layer. Even with this in place under heavy load the kernel panics, because memory with KM_SLEEP
2007 Apr 06
11
ZFS committed to the FreeBSD base.
Hi. I''m happy to inform that the ZFS file system is now part of the FreeBSD operating system. ZFS is available in the HEAD branch and will be available in FreeBSD 7.0-RELEASE as an experimental feature. Commit log: Please welcome ZFS - The last word in file systems. ZFS file system was ported from OpenSolaris operating system. The code in under CDDL license. I''d
2006 Jun 03
1
man pages for each providers ?
Hey, Do you guys think that is a good idea to have a manual page for each provider with a complete description of what probes are offered ? Found some already under 7D category: dtrace dtrace (7d) - DTrace dynamic tracing facility fasttrap fasttrap (7d) - DTrace user instruction tracing provider fbt fbt (7d) - DTrace function boundary tracing provider
2005 Oct 11
7
dtrace: failed to initialize dtrace: DTrace device not available on system
I have a number of systems running solaris10 and i see the package and binary for dtrace installed however whenever we try to run anything we get this error dtrace: failed to initialize dtrace: DTrace device not available on system the only system in which i dont have this error is the development server that has the full solaris 10 install while others are minimized, do i need additional
2004 Mar 08
4
Call for review: restricted hardlinks.
Hi. I've no response from so@ in this topic, probably because leak of time, so I'll try here. Here is a patch that I'm planing to commit: http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch It adds two new sysctls: security.bsd.hardlink_check_uid security.bsd.hardlink_check_gid If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users are not
2006 Aug 25
4
Looking for confirmation.
Hi. I''ve almost all file system functions working. I started to run some heavy file system regression tests. They work. fsx wasn''t able to break my port, but the test you can find here: http://people.freebsd.org/~kan/fsstress.tar.gz broke it. My kernel panics on this assertion (zfs_dir.c): 749: mutex_exit(&dzp->z_lock); 750: 751: error =
2008 May 04
3
Some bugs/inconsistencies.
Hi. I''m working on getting the most recent ZFS to the FreeBSD''s CVS. Because of the huge amount of changes, I decided to work on ZFS regression tests, so I''m more or less sure nothing broke in the meantime. (Yes, I know about ZFS testsuite, but unfortunately I wasn''t able to port it to FreeBSD, it was just too much work. I''m afraid it is too