OpenBSD

Earlier this month, Philip Guenther (guenther@) committed (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs. Theo de Raadt (deraadt@) discussed this in his BSDCan 2018 ... [More] session. Using information disclosed in Theo's talk, Colin Percival developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the official announcement of the vulnerability. [Less]

Earlier this month, Philip Guenther (guenther@) committed (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate against rumored FPU state leakage in Intel® CPUs. Theo de Raadt (deraadt@) discussed this in his BSDCan 2018 ... [More] session. Using information disclosed in Theo's talk, Colin Percival developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the official announcement of the vulnerability. [Less]

BSDCan 2018 has concluded, and materials for (some of) the OpenBSD-related tutorials and talks can be found in the usual place. Highlights include the unveiling of unveil(), hinted at by Bob Beck (beck@) in his p2k18 report, and "Speculating about ... [More] Intel", by Theo de Raadt (deraadt@). [An unofficial video of the latter presentation is available.] At the time of writing, official video recordings are not yet available. [Less]

Todd Mortimer (mortimer@) has committed "RETGUARD" for clang (for amd64). This is a new anti-ROP security mechanism, which uses random per-function cookies to protect return addresses on the stack. Read more…

Joel Sing (jsing@) has committed Crypto Simplified Interface (CSI) to -current: CVSROOT: /cvs Module name: src Changes by: [email protected] 2018/06/02 11:40:33 Added files: lib/libcsi : Makefile Symbols.list csi.c csi.h csi_dh.c ... [More] csi_dh_groups.c csi_internal.h csi_util.c shlib_version Log message: Initial version of Crypto Simplified Interface (CSI). This is a code base that intends on providing a simplified interface for mid-level cryptographic operations. In due course various applications and libraries will be able to benefit from a clean and robust API, rather than using libcrypto or other similar APIs directly. Discussed at length with deraadt@, djm@, markus@, beck@ and others. This parallels the addition of libtls. [Less]

Gilles Chehade (gilles@) has committed (to -current) the new smtpd.conf grammar discussed in his p2k18 hackathon report. Read more…

Next up in the stream of p2k18 reports is one from Antoine Jacoutot (ajacoutot@): Because there was yet another national railroad strike, I decided not to take any chance and arrived on the eve of the hackathon. I figured it would be a good excuse ... [More] for a pajama party at gilles@'s. It turned out to be a great achievement… thank you mead :-) Read more… [Less]

Next up in our series of p2k18 hackathon reports is from Paul Irofti (pirofti@), who writes: I joined the hackathon with plenty on my todo list and to my surprise managed to finish or at least narrow down a plan for most items. Read more…

Peter Hessler (phessler@) writes about his time in Nantes: I had arrived at Nantes with two goals, first was to port an app to watch baseball via mlb.tv, and second to clean up my work on BFD and hopefully enable it. I'd sent out some ports for ... [More] OKs, and was cleaning up some long-standing diffs for BFD when I overheard a conversation between Paul Irofti (pirofti@) and Theo de Raadt (deraadt@) about remembering which WiFi networks a machine has connected to. I mentioned I had 90% of that done, and only needed to finish the remaining 90%. After some discussion, I sent out my existing diff with the warning "it breaks WEP". Read more… [Less]

Eric Faurot (eric@) is next with his report on what he did in Nantes: Besides trying to reach Nantes (for some reason it has always been more complicated than it seems, even if I live not too far away; I now consider it as an achievement in ... [More] itself), my goal for this hackathon was mostly to work with Gilles on fixing the remaining issues for the config rewrite of smtpd. I will not go into a detailed description of the whys and wherefores, since he already explained a lot about it. It is something quite big we needed for a long time, and we wanted to have it done for good before adding other features we had in mind. Read more… [Less]