src
ports
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
src
-
OpenBSD Upgrade 7.3 to 7.4
The OpenBSD project released 7.4 of their OS on 16 Oct 2023 as their 55th release đź’«
-
OpenBSD System-Call Pinning
Well since https://www.openbsd.org/ still says
> Only two remote holes in the default install, in a heck of a long time!
I'm assuming not, but I could always be mistaken.
- Project Bluefin: an immutable, developer-focused, Cloud-native Linux
-
From Nand to Tetris: Building a Modern Computer from First Principles
> building a cat from scratch
> That would be an interesting project.
Here is the source code of the OpenBSD implementation of cat:
> https://github.com/openbsd/src/blob/master/bin/cat/cat.c
and here of the GNU coreutils implementation:
> https://github.com/coreutils/coreutils/blob/master/src/cat.c
Thus: I don't think building a cat from scratch or creating a tutorial about that topic is particularly hard (even though the HN audience would likely be interested in it). :-)
-
OpenBSD – pinning all system calls
> I don't know how they define `MAX`, but I'm guessing it's a typical "a>b?a:b"
Indeed: https://github.com/openbsd/src/blob/master/sys/sys/param.h#L...
> Then `SYS_kbind` seems to be a signed int.
It's an untyped #define: https://github.com/openbsd/src/blob/master/sys/sys/syscall.h...
I believe your whole analysis is correct, that running an elf file with an openbsd.syscalls entry with .sysno > INT_MAX will allow an out-of-bounds write.
- Une nouvelle mise à jour de Systemd permettra à Linux de bénéficier de l'infâme "écran bleu de la mort" de Windows, mais la fonctionnalité a reçu un accueil très mitigé
-
tmux causing ANSI color-response garbage on attaching?
I can reproduce it. And this is the commit that causes the issue: https://github.com/openbsd/src/commit/d21788ce70be80e9c4ed0c52c149e01147c4a823
-
Sudo-rs' first security audit
This doesn’t really change your conclusion, but I think that’s the wrong file. This is the real doas afaict: https://github.com/openbsd/src/blob/master/usr.bin/doas/doas...
Still just a tidy 1072 lines in that folder though.
I spent 5 minutes staring at your file trying to understand how on earth it does the things in the man page, but of course it doesn’t.
-
OpenBSD: Removing syscall(2) from libc and kernel
OpenBSD developers are making serious effort to kill off indirect syscalls, the base system is completely clean, take a look at the work Andrew Fresh did to adapt Perl. He write a complete syscall "dispatcher" or emulator for the Perl syscall function so that it calls the libc stubs.
https://github.com/openbsd/src/commit/312e26c80be876012ae979...
The ports tree is also being cleansed of syscall(2) usage, until they're all gone.
msyscall, pinsyscall, recent mandatory IBT/BTI, xonly. OpenBSD is making waves, but people aren't really seeing them yet.
-
"<ESC>[31M"? ANSI Terminal security in 2023 and finding 10 CVEs
Actually, I got it wrong, too many vulnerabilities in flight. They did fix it: https://github.com/openbsd/src/commit/375ccafb2eb77de6cf240e...
ports
- Wayland on OpenBSD
-
Firejail: Light, featureful and zero-dependency security sandbox for Linux
I think OpenBSD comes the closest to what you want with its two easy to use syscalls that provide syscall filtering and restricting access to paths:
https://man.openbsd.org/pledge.2
https://man.openbsd.org/unveil.2
A few random examples:
https://github.com/tmux/tmux/blob/c8494dff7b6b9a996866edaf8c...
https://github.com/openbsd/ports/blob/master/www/mozilla-fir...
https://github.com/openbsd/ports/blob/master/www/mozilla-fir...
To get the best isolation you need to patch the source — the application needs to go through initial setup and then drop privileges to the absolute possible minimum. But it's easy to make custom wrappers for third-party applications — the above profiles taken from the OpenBSD ports tree are the proof.
-
Understanding rc.d/
Have you checked the no-ip port: https://github.com/openbsd/ports/blob/master/net/no-ip/pkg/noip2.rc
-
OpenBSD: Shutdown/reboot now require membership of group _shutdown
> https://github.com/openbsd/ports/commit/bf33ea5f3ff390d8cde3...
Now, this is surprising. I randomly clicked on that link and I immediately see that the code and the patch has a bug. It only checks the first 8 characters:
- if (gr != NULL && strncmp(gr->gr_name, "operator", 8) == 0) -
Does OpenBSD have temperature monitoring and CPU usage issues?
Some people are working around this by using obsdfreqd, some by patching sys/kern/sched_bsd.c (change if (hw_power) to if (0 && hw_power)), some by simply setting to a lower speed (sysctl hw.perfpolicy=manual and hw.setperf=99 might be enough as this disables turbo mode found on some CPUs).
-
How to compile something that requires OpenSSL?
You could also look into a port that has a hard dependency on openssl like: https://github.com/openbsd/ports/tree/master/security/sslscan
-
How I would sell OpenBSD as a salesperson
For me it's the ease of management and good documentation.
For example, during 6.8 to 6.9 upgrade, there was a major postgresql upgrade.
It is mentioned in the doc https://www.openbsd.org/faq/upgrade69.html (see Special packages at the bottom).
You're redirected to the package README with special instructions on how to setup and upgrade: https://github.com/openbsd/ports/blob/master/databases/postg...
Et voilĂ , everything is explained.
On debian, if I am not careful, I'll do an upgrade and risk breaking something during a db migration (I'm looking at you MySQL upgrades...).
- So I installed OpenBSD 7.0 on my iMac G3 and well no desktop environment will fully install because of missing packages… even compiling CDE was a no go because KSH93 is broken on macppc. At least it’s a step in the right direction as far as getting anything graphical working.
-
OpenBSD Gaming Updates Q2 2022
Godot engine gamecontroller support. This is limited and incomplete, but it's a start. A huge number of indie games made with Godot are released every week; most of which work at least partially with an XBox {360,One} controller. You can follow This Week in Godot if you're interested.
-
Handling argc==0 in the Linux kernel
> OpenBSD has handled this case for some years. I do not know if there was any breakage or fallout from this.
The other thing about OpenBSD is that when they make a change to their OS, they also go through to make sure all the (third-party) ports/packages:
* https://cvsweb.openbsd.org/ports/
* https://github.com/openbsd/ports
do not break. So they're create patches for the software and and submit them upstream.
What are some alternatives?
cosmopolitan - build-once run-anywhere c library
mlvwm - Macintosh-like Virtual Window Manager (official repo)
bastille - Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.
NsCDE - Modern and functional CDE desktop based on FVWM
buttersink - Buttersink is like rsync for btrfs snapshots
xcape - Linux utility to configure modifier keys to act as other keys when pressed and released on their own.
PHPT - The PHP Interpreter
dxvk-native - D3D9/11 but it runs natively on Linux!
Joomla! - Home of the Joomla! Content Management System
OpenBSD-Games-Database - Database of games that run on OpenBSD
ctl - The C Template Library
Perimeter