Displaying 20 results from an estimated 1200 matches similar to: "systrace for FreeBSD 5.1"
2003 Jun 10
2
CerbNG v1.0-RC2 is now avaliable!
Hello!
We are proudly announce that CerbNG-1.0 Release Candidate 2 is now
avaliable.
There are many changes from RC1 (many new functionalities, some bug fixes,
new interesting policies, new regression tests and more).
It seems that CerbNG is stable for now, so we hope that the next version
is going to be final 1.0 series release. We count on feedback from
FreeBSD community in founding bugs (if
2003 Jun 10
2
CerbNG v1.0-RC2 is now avaliable!
Hello!
We are proudly announce that CerbNG-1.0 Release Candidate 2 is now
avaliable.
There are many changes from RC1 (many new functionalities, some bug fixes,
new interesting policies, new regression tests and more).
It seems that CerbNG is stable for now, so we hope that the next version
is going to be final 1.0 series release. We count on feedback from
FreeBSD community in founding bugs (if
2007 Aug 09
9
Is DTrace Vulnerable?
There is a Slashdot discussion today titled "Cambridge Researcher Breaks
OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s
Dtrace might be vulnerable." I don''t think it is. Comments?
Exploiting Concurrency Vulnerabilities in System Call Wrappers
http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf
Abstract
2003 Apr 13
2
chroot() as non-root user?
I suspect this has been asked before but I'll ask anyway.
Q1: Is it possible for a non-root process to perform a chroot?
My interest is this: I have a typical ISP hosting account (verio; on a
FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet
protect myself (and my email, and my .ssh keys) from bugs being exploited
in those CGI packages. Chroot at the start
2006 Apr 05
23
DTrace as a security tool / http://systrace.org
I''d like to see if we can use DTrace to as the kernel implementation of
the BSD systrace security policy system (http://www.systrace.org). I
don''t really want to port systrace to Solaris because I think with
DTrace we already have all the necessary in kernel hooks to do this.
With systrace you express things like: "httpd can bind to port 80 but
not any other port, it
2011 Aug 14
10
Call for testing: OpenSSH-5.9
Hi,
OpenSSH 5.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains a
couple of new features and changes and bug fixes. Testing of the new
sandboxed privilege separation mode (see below) would be particularly
appreciated.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security
I also have installed and am configuring ipfilter. Here are my
questions:
Because I'm using Jails, I will have to have multiple ip aliases on the
network interface. I will use ipfilter to specify what can go to each
of the addresses. (e.g., allow only incoming to port 80 on the jail
running apache).
Another
2010 Apr 24
3
Installing multiple discs
I need help! I installed Winebottler, and installed the first disc of a 4 disc windows program on my mac book pro. But when I went to install disc 2 when prompted, I had to quit Winebottler to put the disc in. But I need Winebottler running to do the install. How do I do it? David Murphey
2011 Sep 06
2
Announce: OpenSSH 5.9 released
OpenSSH 5.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2011 Sep 06
2
Announce: OpenSSH 5.9 released
OpenSSH 5.9 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches,
2014 Feb 28
5
Call for testing: OpenSSH 6.6
Hi,
OpenSSH 6.6 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a small release
mostly to fix some minor but annoying bugs in openssh-6.5.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable
2011 Jun 23
1
sandbox for OS X
Hi,
The systrace and rlimit sandboxes have been committed and will be in
snapshots dated 20110623 and later. This diff adds support for
pre-auth privsep sandboxing using the OS X sandbox_init(3) service.
It's a bit disappointing that the OS X developers chose such as
namespace-polluting header and function names "sandbox.h",
"sandbox_init()", etc. It already forced me to
2006 Mar 06
6
gmirror(8) and graid3(8) changes.
Hi.
Here you can find patches with changes to gmirror(8) and graid3(8):
http://people.freebsd.org/~pjd/patches/gmirror.7.patch
http://people.freebsd.org/~pjd/patches/graid3.patch
The patches does the following:
- Significant synchronization speed improvement. Now many parallel
synchronization I/O requests can be used instead of only one before.
Many people requested this.
- Close race
2006 Nov 02
11
ZFS and memory usage.
ZFS works really stable on FreeBSD, but I''m biggest problem is how to
control ZFS memory usage. I''ve no idea how to leash that beast.
FreeBSD has a backpresure mechanism. I can register my function so it
will be called when there are memory problems, which I do. I using it
for ARC layer.
Even with this in place under heavy load the kernel panics, because
memory with KM_SLEEP
2007 Apr 06
11
ZFS committed to the FreeBSD base.
Hi.
I''m happy to inform that the ZFS file system is now part of the FreeBSD
operating system. ZFS is available in the HEAD branch and will be
available in FreeBSD 7.0-RELEASE as an experimental feature.
Commit log:
Please welcome ZFS - The last word in file systems.
ZFS file system was ported from OpenSolaris operating system. The code
in under CDDL license.
I''d
2006 Jun 03
1
man pages for each providers ?
Hey,
Do you guys think that is a good idea to have a manual page for each provider with a complete description of what probes are offered ? Found some already under 7D category:
dtrace dtrace (7d) - DTrace dynamic tracing facility
fasttrap fasttrap (7d) - DTrace user instruction tracing provider
fbt fbt (7d) - DTrace function boundary tracing provider
2005 Oct 11
7
dtrace: failed to initialize dtrace: DTrace device not available on system
I have a number of systems running solaris10 and i see the package and binary for dtrace installed however whenever we try to run anything we get this error
dtrace: failed to initialize dtrace: DTrace device not available on system
the only system in which i dont have this error is the development server that has the full solaris 10 install while others are minimized, do i need additional
2004 Mar 08
4
Call for review: restricted hardlinks.
Hi.
I've no response from so@ in this topic, probably because leak of time,
so I'll try here.
Here is a patch that I'm planing to commit:
http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch
It adds two new sysctls:
security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users
are not
2006 Aug 25
4
Looking for confirmation.
Hi.
I''ve almost all file system functions working.
I started to run some heavy file system regression tests. They work. fsx
wasn''t able to break my port, but the test you can find here:
http://people.freebsd.org/~kan/fsstress.tar.gz
broke it. My kernel panics on this assertion (zfs_dir.c):
749: mutex_exit(&dzp->z_lock);
750:
751: error =
2008 May 04
3
Some bugs/inconsistencies.
Hi.
I''m working on getting the most recent ZFS to the FreeBSD''s CVS. Because
of the huge amount of changes, I decided to work on ZFS regression
tests, so I''m more or less sure nothing broke in the meantime.
(Yes, I know about ZFS testsuite, but unfortunately I wasn''t able to
port it to FreeBSD, it was just too much work. I''m afraid it is too