FreeBSD 11.3 has been released, OpenBSD workstation, write your own fuzzer for the NetBSD kernel, Exploiting FreeBSD-SA-19:02.fd, streaming to twitch using OpenBSD, 3 different ways of dumping hex contents of a file, and more.
Headlines
FreeBSD 11.3-RELEASE Announcement (https://www.freebsd.org/releases/11.3R/announce.html)
The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE. This is the fourth release of the stable/11 branch.
Some of the highlights:
The clang, llvm, lld, lldb, and compiler-rt utilities as well as libc++ have been updated to upstream version 8.0.0.
The ELF Tool Chain has been updated to version r3614.
OpenSSL has been updated to version 1.0.2s.
The ZFS filesystem has been updated to implement parallel mounting.
The loader(8) has been updated to extend geli(8) support to all architectures.
The pkg(8) utility has been updated to version 1.10.5.
The KDE desktop environment has been updated to version 5.15.3.
The GNOME desktop environment has been updated to version 3.28.
The kernel will now log the jail(8) ID when logging a process exit.
Several feature additions and updates to userland applications.
Several network driver firmware updates.
Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.
Warnings have been added for IPSec algorithms deprecated in RFC 8221.
Deprecation warnings have been added for weaker algorithms when creating geli(8) providers.
And more...
OpenBSD Is Now My Workstation (https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/)
Why OpenBSD? Simply because it is the best tool for the job for me for my new-to-me Lenovo Thinkpad T420. Additionally, I do care about security and non-bloat in my personal operating systems (business needs can have different priorities, to be clear).
I will try to detail what my reasons are for going with OpenBSD (instead of GNU/Linux, NetBSD, or FreeBSD of which I’m comfortable using without issue), challenges and frustrations I’ve encountered, and what my opinions are along the way.
Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while.
A Bit About Me and OpenBSD
I’m not new to OpenBSD, to be clear. I’ve been using it off and on for over 20 years. The biggest time in my life was the early 2000s (I was even the Python port maintainer for a bit), where I not only used it for my workstation, but also for production servers and network devices.
I just haven’t used it as a workstation (outside of a virtual machine) in over 10 years, but have used it for servers. Workstation needs, especially for a primary workstation, are greatly different and the small things end up mattering most.
News Roundup
Write your own fuzzer for NetBSD kernel! [Part 1] (https://blog.netbsd.org/tnf/entry/write_your_own_fuzzer_for)
How Fuzzing works? The dummy Fuzzer.
The easy way to describe fuzzing is to compare it to the process of unit testing a program, but with different input. This input can be random, or it can be generated in some way that makes it unexpected form standard execution perspective.
The simplest 'fuzzer' can be written in few lines of bash, by getting N bytes from /dev/rand, and putting them to the program as a parameter.
Coverage and Fuzzing
What can be done to make fuzzing more effective? If we think about fuzzing as a process, where we place data into the input of the program (which is a black box), and we can only interact via input, not much more can be done.
However, programs usually process different inputs at different speeds, which can give us some insight into the program's behavior. During fuzzing, we are trying to crash the program, thus we need additional probes to observe the program's behaviour.
Additional knowledge