hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
 
[20080409] AsiaBSDCon 2008 Papers
AsiaBSDCon 2008 was held in March 2008 in Tokyo, Japan. There werea number of interesting papers and talks, and a number of them had a focus on NetBSD:
  • Christoph Badura: Gaols - Implementing Jails Under the kauth Frameworki (paper)
  • Yuji IMAI, Takahiro KUROSAWA, Koichi SUZUKI, Eiichi MURAMOTO, Katsuomi HAMAJIMA, Hajimu UMEMOTO, and Nobuo KAWAGUTI: BSD implementations of XCAST6 (paper)
  • Antti Kantee: Send and Receive of File System Protocols: Userspace Approach With puffs (paper)
  • Kristaps Džonsons: Logical Resource Isolation in the NetBSD Kernel (paper)
  • Alistair Crooks: A Portable iSCSI Initiator (paper)
  • Jörg Sonnenberger, Jared D. McNeill: Sleeping Beauty---NetBSD on Modern Laptops(slides, paper)


[Tags: , , , , , , , ]


[20080131] Article: Waving the flag: NetBSD developers speak about version 4.0
Federico Biancuzzi has collected interviews from more than twenty NetBSD developers in an multiple-page article which talks about what's new in the NetBSD 4.0 release: If you have any comments, there's also a page for comments and discussion available.

[Tags: , , , , , , , , , , ]


[20060829] Catching up
There were a number of interesting items in the past week or so that I didn't manage to put here so far. Instead of putting them into seperate entries, I'll take the liberty to assemble them into one entry here:

  • The Newsforge article "Which distro should I choose?" refers us to a Comparison between NetBSD and OpenBSD, the website apparently allows other comparisons.

  • Parallels is a ``powerful, easy to use, cost effective desktop virtualization solution that empowers PC users with the ability to create completely networked, fully portable, entirely independent virtual machines on a single physical machine.'' In other words "something like VMware". In contrast to the leading(?) product in that area, Parallels supports NetBSD as guest OS officially.

  • PC-98 is a PC-like computer from NEC that has a Intel CPU and that was only sold in Japan. Due to some subtle differences from the "original" (IBMesque) PC architecture, it can't run NetBSD/i386 and was so far supported e.g. by FreeBSD/PC98. Now, Kiyohara Takashi has made patches and a floppy image available for a NetBSD/pc98 port - see Kiyohara's mail to tech-kern for more details, and also some discussion about further abstraction of the current x86 architecture to support machines with Intel CPUs that can't run NetBSD/i386.

  • Staying on the technical side, David Young has a need to tunnel packets through consumer-grade (and consumer-intelligence) devices, which are unlikely to cope with anything outside of the IP protocol. As such, he has posted patches to tunnel gre(4) over UDP.

    Now let's hope this works as a foundation for Teredo (tunneling IPv6 over UDP)... :-)

  • Verified Exec is a security subsystem inside NetBSD that verified fingerprints of binaries before loading them. This prevents binaries from being changed unnoticed, e.g. by trojan horses. Now when NetBSD runs such a system and memory becomes tight, only the process' data is paged to disk, the executables text is simply discarded with the assumption that it can be paged in from the disk again when needed. Of course this assumes that the binary won't change, which may not be true in a networked scenario with NFS or a disk on a fiber channel SAN that may be beyond control of the local system administrator. To prevent attacks of this kind, Brett Lymn has worked to generate per-page fingerprints that are kept in memory even when the executable pages are freed, for later verification when they are paged in from storage again.

    The code is currently under review and available as a patch set - see Brett's mail to tech-kern for all the details!

  • While talking about security subsystems, Elad Efrat, who also worked on veriexec previously continued his work to factor out authentication inside the kernel: After introducing the kauth(9) framework and replacing all manual checks for "am I running as root" or "does the current secure level allow this operating" with calls to it, the next step is to seperate the the place where those calls are made from a back-end implementation that will determine what is allowed and what is not, who is privileged and what is not, etc. While these questions are traditionally answered via special user ids (0, root), group membership or secure levels, other methods like capability databases could be imagined.

    Elad has been working along these lines, and he has posted the next step in his work, outlining the upcoming security model abstraction - see Elad's mail to tech-security for details & code references.

  • NetBSD 3.1 is around the corner, which will be an update to NetBSD 3.0 with lots of bugfixes and some minor feature enhancements like new drivers and also support for Xen 3 DomainU. There's a NetBSD 3.1 Release Candidate 1 available - be sure to have a look!

  • FWIW, I've also updated the overview of NetBSD release branches a few days ago, as I still see a lot of people that are confused over NetBSD's three lines of release branches (well, counting the development branch NetBSD-current as release branch :), and the differences between what a branch and what a release is. With NetBSD 3.0, 3.0.1 and 3.1 this sure makes my little head spin...

  • But there's more than NetBSD 3.x! If you've watched the above link, you will understand that the next release after the NetBSD 3.x set of releases is NetBSD 4.x. The release cycle for NetBSD 4.0 has started a few days ago, and there's also an announcement about the start of the NetBSD 4.0 release process by the NetBSD 4.0 release engineer Jef Rizzo which has information on schedule, how YOU can help and getting beta binaries and sources.

  • The working period of the Google Summer of Code is over, and while mentors are still evaluating the code submitted by students, there are some public status reports: Alwe MainD'argent about the status of the 'ipsec6' project and Sumantra Kundu about the 'congest' project

  • Sysjail 1.0 has been released! Includes some interesting overhead benchmarks.

  • As reported in the #NetBSD Community Blog, an alpha version of sBSD was released: It's a NetBSD-based system for easy installation on USB sticks and CF cards.

So much for now. Enjoy!

[Tags: , , , , , , , , , , , , , ]


[20060516] PaX, kauth(9), and beyond
Elad Efrat has been working on kauth(9) in the past, and he has committed it to NetBSD-current now. See his original proposal of all the details about the framework, which basically can be used to authorize access to various kernel mechanisms. After kauth(9) is now committed, the implementation of secure levels is the first thing that will be re-implemented based on kauth(9), see Elad's mail to tech-security for an analysis of the current secure levels, and a way to map them onto the kauth(9) framework.

In the mean time while this is hashed out, Elad has also committed his work on PaX MPROTECT, which offers mprotect(2) restrictions used to strengthen W^X mappings. More information on PaX is available in Elad's initial proposal and at the grsecurity site.

[Tags: , , ]



[20060419] Kernel authorization (kauth) progress
Elad Efrat has continued his work on bringing kauth to the NetBSD kernel. Currently the code is on a branch and needs testing before the pending merge into NetBSD-current. When kauth is in the kernel, it will be used as a base to replace the existing implementation of secure levels, and can also be used to implement facilities like capabilities and ACLs later on.

See Elad's mail to tech-security@ for a lot more details!

[Tags: ]



Tags: , 2bsd, 3com, 501c3, 64bit, acl, acls, acm, acorn, acpi, acpitz, adobe, Advocacy, advocacy, advogato, aes, afs, aiglx, aio, airport, alereon, alex, alix, alpha, altq, am64t, amazon, amd64, anatomy, ansible, apache, apm, apple, arkeia, arla, arm, art, Article, Articles, ascii, asiabsdcon, asterisk, asus, atf, ath, atheros, atmel, audio, audiocodes, autoconf, avocent, avr32, aws, axigen, backup, banners, basename, bash, bc, beaglebone, benchmark, bigip, bind, blackmouse, bldgblog, blog, blogs, blosxom, bluetooth, bonjour, books, boot, boot-z, bootprops, bozohttpd, bs2000, bsd, bsdca, bsdcan, bsdcertification, bsdcg, bsdforen, bsdfreak, bsdmac, bsdmagazine, bsdnexus, bsdstats, bsdtalk, bsdtracker, bug, build.sh, busybox, buttons, bzip, c-jump, c99, cafepress, callweaver, camera, candy, capabilities, card, carp, cars, cauldron, ccc, ccd, cd, cddl, cdrom, cdrtools, cebit, centrino, cephes, cert, certification, cfs, cgd, cgf, checkpointing, china, cisco, cloud, clt, cobalt, coccinelle, codian, colossus, common-criteria, community, compat, compiz, compsci, concept04, config, console, contest, copyright, core, cortina, coverity, cpu, cradlepoint, cray, crosscompile, crunchgen, cryptography, csh, cu, cuneiform, curses, curtain, cuwin, cvs, cvs-digest, cvsup, cygwin, daemon, daemonforums, daimer, danger, darwin, data, date, dd, debian, debugging, dell, desktop, devd, devfs, devotionalia, df, dfd_keeper, dhcp, dhcpcd, dhcpd, dhs, diezeit, digest, digests, dilbert, dirhash, disklabel, distcc, dmesg, Docs, Documentation, donations, draco, dracopkg, dragonflybsd, dreamcast, dri, driver, drivers, drm, dsl, dst, dtrace, dvb, ec2, eclipse, eeepc, eeepca, ehci, ehsm, eifel, elf, em64t, Embedded, embedded, emips, emulate, encoding, envsys, eol, espresso, etcupdate, etherip, euca2ools, eucalyptus, eurobsdcon, eurosys, Events, exascale, ext3, f5, facebook, falken, fan, fatbinary, features, fefe, ffs, filesystem, fileysstem, firefox, firewire, fireworks, flag, flash, flashsucks, flickr, flyer, fmslabs, force10, fortunes, fosdem, fpga, freebsd, freedarwin, freescale, freex, freshbsd, friendlyAam, friendlyarm, fritzbox, froscamp, fsck, fss, fstat, ftp, ftpd, fujitsu, fun, fundraising, funds, funny, fuse, fusion, g4u, g5, galaxy, games, gcc, gdb, gentoo, geode, getty, gimstix, git, gnome, google, google-soc, gpio, gpl, gprs, gracetech, gre, groff, groupwise, growfs, grub, gumstix, guug, gzip, hackathon, hackbench, hal, hanoi, happabsd, Hardware, haze, hdaudio, heat, heimdal, hf6to4, hfblog, hfs, history, hosting, hp, hp700, hpcarm, hpcsh, hpux, html, httpd, hubertf, hurd, i18n, i386, i386pkg, ia64, ian, ibm, ids, ieee, ifwatchd, igd, iij, image, images, imx233, information, init, initrd, install, intel, interix, internet2, io, ioccc, iostat, ipbt, ipfilter, ipmi, ipplug, ipsec, ipv6, irbsd, irc, irix, iscsi, isdn, iso, isp, itojun, jail, jails, japanese, java, javascript, jibbed, jihbed, jobs, jokes, journaling, kame, kauth, kde, kerberos, kergis, kernel, keyboardcolemak, kirkwood, kitt, kmod, kolab, kylin, l10n, landisk, laptop, laptops, law, ld.so, ldap, lehmanns, lenovo, lfs, libc, license, licensing, links, linksys, linux, linuxtag, live-cd, lkm, localtime, locate.updatedb, logfile, logging, logo, logos, lom, lte, lvm, m68k, macmini, macppc, macromedia, magicmouse, mahesha, mail, makefs, malo, mame, manpages, marvell, matlab, maus, mbr95, mbuf, mca, mdns, mediant, mediapack, meetbsd, mercedesbenz, mercurial, mesh, meshcube, mfs, mhonarc, microkernel, microsoft, midi, mini2440, miniroot, minix, mips, mirbsd, missile, mit, mobile-ip, modula3, modules, money, mouse, mp3, mpls, mtftp, mult, multics, multilib, multimedia, music, mysql, named, nas, nat, ncode, ndis, nec, nemo, neo1973, netbook, netboot, netbsd, netbsd.se, nethack, nethence, netksb, netstat, netwalker, networking, neutrino, nforce, nfs, nis, npf, npwr, nroff, nslu2, nspluginwrapper, ntfs-3f, ntp, nullfs, numa, nvi, nvidia, nycbsdcon, office, ofppc, ohloh, olimex, olinuxino, olpc, onetbsd, openat, openbgpd, openblocks, openbsd, opencrypto, opengrok, openmoko, openoffice, openpam, openrisk, opensolaris, openssl, or1k, oracle, oreilly, oscon, osf1, osjb, packages, pad, pae, pam, pan, panasonic, parallels, pascal, patch, patents, pax, paypal, pc532, pc98, pcc, pci, pdf, pegasos, penguin, performance, pexpect, pf, pfsync, pgx32, php, pike, pinderkent, pkg_install, pkg_select, pkgin, pkglint, pkgmanager, pkgsrc, pkgsrc.se, pkgsrcCon, pkgsrccon, Platforms, plathome, pocketsan, podcast, pofacs, politics, polls, polybsd, portability, posix, postinstall, power3, powernow, powerpc, powerpf, pppoe, precedence, preemption, prep, presentations, prezi, Products, products, proplib, protectdrive, proxy, ps, ps3, psp, pthread, ptp, ptyfs, Publications, puffs, pxe, qemu, qnx, qos, qt, quality-management, quine, quote, quotes, r-project, radio, radiotap, raid, raidframe, rants, raptor, raq, raspberrypi, rc.d, readahead, realtime, record, refuse, reiserfs, Release, Releases, releases, releng, reports, resize, restore, ricoh, rijndael, rip, riscos, rng, roadmap, robopkg, robot, robots, roff, rootserver, rotfl, rox, rs6k, rss, ruby, rump, rzip, sa, safenet, san, savin, sbsd, scampi, scheduling, schmonz, sco, screen, script, sdf, sdtemp, secmodel, Security, security, sed, segvguard, seil, sendmail, sfu, sge, sgi, sgimips, sh, sha2, shark, sharp, shisa, shutdown, sidekick, size, slackware, slashdot, slit, smbus, smp, sockstat, soekris, softdep, software, solaris, sony, source, source-changes, spanish, sparc, sparc64, spider, spreadshirt, squid, ssh, sshfs, ssp, stereostream, stickers, studybsd, subfile, sudbury, sudo, summit, sun, sun2, sun3, sunfire, sunpci, support, sus, suse, sushi, susv3, svn, swcrypto, symlinks, sysbench, sysinst, sysjail, syslog, syspkg, systat, systrace, sysupdate, t-shirt, tabs, tanenbaum, tape, tcp, tcp/ip, tcpdrop, tcpmux, tcsh, teamasa, teredo, termcap, terminfo, testdrive, testing, tetris, tex, TeXlive, thecus, theopengroup, thin-client, thinkgeek, thorpej, threads, time, time_t, timecounters, tip, tme, tmp, tmpfs, tnf, toaster, todo, toolchain, top, torvalds, toshiba, touchpanel, training, translation, tso, ttyrec, tulip, tun, tuning, uboot, udf, ufs, ukfs, ums, unetbootin, unicos, unix, updating, upnp, uptime, usb, usenix, useradd, userconf, userfriendly, usermode, usl, utc, utf8, uucp, uvc, uvm, valgrind, vax, vcfe, vcr, veriexec, vesa, video, videos, virtex, vm, vmware, vnd, vobb, voip, voltalinux, vpn, vpnc, vulab, w-zero3, wallpaper, wapbl, wargames, wasabi, webcam, webfwlog, wedges, wgt624v3, wiki, willcom, wimax, window, windows, winmodem, wireless, wizd, wlan, wordle, wpa, wscons, wstablet, X, x.org, x11, x2apic, xbox, xcast, xen, xfree, xfs, xgalaxy, xilinx, xkcd, xlockmore, xmms, xmp, xorg, xscale, youos, youtube, zaurus, zdump, zfs, zlib

'nuff. Grab the RSS-feed, index, or go back to my regular NetBSD page

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 17530103
Copyright (c) Hubert Feyrer