On Tue, Apr 29, 2025 at 08:44:50PM +0200, Dimitry Andric wrote:
> On 29 Apr 2025, at 19:43, Shawn Webb wrote:
> >
> > On Sun, Apr 27, 2025 at 07:42:44PM +0200, Dimitry Andric wrote:
> >> On 27 Apr 2025, at 17:04, Shawn Webb wrote:
> >>>
> >>> O
On Sun, Apr 27, 2025 at 07:42:44PM +0200, Dimitry Andric wrote:
> On 27 Apr 2025, at 17:04, Shawn Webb wrote:
> >
> > On Sat, Apr 26, 2025 at 06:06:54PM +0200, Dimitry Andric wrote:
> ...
> >> Please let me know if you encounter any problems resulting due to this
>
I may have missed some corner case.
Hey Dimitry,
I suspect this may be a problem specific to HardenedBSD, but it looks
like cc occasionally crashes. It hits an assert at
/usr/src/contrib/llvm-project/clang/lib/Driver/Driver.cpp:2702.
I can reproduce this by running `env SHELL=/bin/sh make builde
On Sun, Apr 06, 2025 at 02:52:28PM -0700, Rick Macklem wrote:
> On Sat, Apr 5, 2025 at 5:45 PM Shawn Webb wrote:
> >
> > On Sat, Apr 05, 2025 at 05:36:07PM -0700, Rick Macklem wrote:
> > > On Sat, Apr 5, 2025 at 4:43 PM Shawn Webb
> > > wrote:
> > > &g
On Sat, Apr 05, 2025 at 05:36:07PM -0700, Rick Macklem wrote:
> On Sat, Apr 5, 2025 at 4:43 PM Shawn Webb wrote:
> >
> > On Sat, Apr 05, 2025 at 04:12:15PM -0700, Rick Macklem wrote:
> > > On Sat, Apr 5, 2025 at 9:12 AM Shawn Webb
> > > wrote:
> > > &g
On Sat, Apr 05, 2025 at 04:12:15PM -0700, Rick Macklem wrote:
> On Sat, Apr 5, 2025 at 9:12 AM Shawn Webb wrote:
> >
> > On Sat, Apr 05, 2025 at 08:52:06AM -0700, Rick Macklem wrote:
> > > On Sat, Apr 5, 2025 at 8:50 AM Rick Macklem
> > > wrote:
> > >
On Sat, Apr 05, 2025 at 08:52:06AM -0700, Rick Macklem wrote:
> On Sat, Apr 5, 2025 at 8:50 AM Rick Macklem wrote:
> >
> > On Fri, Apr 4, 2025 at 6:27 PM Shawn Webb
> > wrote:
> > >
> > > On Sat, Apr 05, 2025 at 01:04:25AM +, Shawn Webb wrote:
>
On Sat, Apr 05, 2025 at 01:04:25AM +, Shawn Webb wrote:
> On Fri, Apr 04, 2025 at 05:40:21PM -0700, Rick Macklem wrote:
> > On Fri, Apr 4, 2025 at 10:50 AM Shawn Webb
> > wrote:
> > >
> > > On Thu, Apr 03, 2025 at 06:12:59PM -0700, Rick Macklem wrote:
>
On Sat, Apr 05, 2025 at 01:27:17AM +, Shawn Webb wrote:
> On Sat, Apr 05, 2025 at 01:04:25AM +0000, Shawn Webb wrote:
> > On Fri, Apr 04, 2025 at 05:40:21PM -0700, Rick Macklem wrote:
> > > On Fri, Apr 4, 2025 at 10:50 AM Shawn Webb
> > > wrote:
> > > >
On Fri, Apr 04, 2025 at 05:40:21PM -0700, Rick Macklem wrote:
> On Fri, Apr 4, 2025 at 10:50 AM Shawn Webb wrote:
> >
> > On Thu, Apr 03, 2025 at 06:12:59PM -0700, Rick Macklem wrote:
> > > On Thu, Apr 3, 2025 at 4:52 PM Shawn Webb
> > > wrote:
> > > &g
On Thu, Apr 03, 2025 at 06:12:59PM -0700, Rick Macklem wrote:
> On Thu, Apr 3, 2025 at 4:52 PM Shawn Webb wrote:
> >
> > On Wed, Apr 02, 2025 at 01:51:26PM -0700, Rick Macklem wrote:
> > > The commit 2ec2ba7e232d just hit main. I do not think it will
> > > cause
y Rick,
The patch review test plan mentions a patch to ZFS itself to support
named attributes. Is that patch available somewhere?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://g
On Sat, Mar 29, 2025 at 01:04:08PM -0700, Rick Macklem wrote:
> On Sat, Mar 29, 2025 at 12:50 PM Shawn Webb
> wrote:
> >
> > On Sat, Mar 29, 2025 at 12:39:02PM -0700, Rick Macklem wrote:
> > > > I had added filesystem extended attribute support to libarchive, which
(hbsdcontrol)
was recently taught about the user namespace. The kernel side only
supports system namespace. So the user namespace support in
hbsdcontrol is somewhat meaningless. I do plan to eventually get to
the kernel side, but my TODO list continues growing. :-)
Thanks,
--
Shaw
. Certainly it was using ZFS but not the ZFS that we
> > can use or "zfs send" anywhere. The botched up stuff that is totally not
> > compatible with OpenZFS of any flavour. This means that I had to do a
> > blunt force medieval tarball backup. Nothing else would ever be usabl
couple of problems here.
> 1 - You and Cedric are the only ones that have spoken up with support for
> this.
> (Having said that, no one has spoken up against it.)
> 2 - Someone needs to do the "userspace" lifting at some point.
> I haven't yet asked, so I do
dbsd.org/hardenedbsd/HardenedBSD/-/blob/hardened/current/master/usr.sbin/hbsd-update/hbsd-update-build?ref_type=heads
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
r: version script assignment of 'FBSD_1.5' to symbol 'getentropy'
> failed: symbol not defined
> cc: error: linker command failed with exit code 1 (use -v to see invocation)
> Building
> /space/system/usr_obj/space/system/usr_src/amd64.amd64/lib/libc/libc_nossp_pic.a
me sharenfs settings with the other datasets.)
All is well now.
Thanks a bunch, Alan! I really appreciate the help. :-)
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/r
do here. I'm not sure if the issue lies in
ZFS or mountd or something else entirely.
`uname -a` shows:
FreeBSD hbsd-os-build-01 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD #0
hardened/current/master-n194236-a8e5e4e37b03: Thu Oct 24 19:49:31 UTC 2024
root@hbsd-os-build-01:/usr/obj/u
provided to handbook/cutting-edge.
I had the same issue. I rebuilt/reinstalled the graphics/gpu-firmware-kmod and
graphics/drm-515-kmod ports. After a reboot, all was well.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1
ick.img, mount a tmpfs and a /dev under that, chroot
and bring up networking, then pkg install.
Simple process, but certainly more steps than having the tools
pre-installed on the install media.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 3
...now 950|televideo950
...now televideo950
nedbsd.org/hardenedbsd/hbsdmon/-/blob/master/usr.bin/hbsdmon/zfs.c?ref_type=heads
So to answer your question of whether there are any libzfs_core
consumers: yes, but only the C headers. My use case seems quite
different than yours, so the information presented in this email might
not be applicable.
3.x and 14.x releases.
Hey Ed,
I hope I don't sound pathetically verbose here, but I just wanted to
make sure to remove any sense of ambiguity.
Would the "netmask " option still work? For example:
# ifconfig em0 inet 192.168.0.1 netmask 255.255.255.0
I suspect the an
On Wed, Aug 30, 2023 at 06:55:14AM +0200, Alexander Leidinger wrote:
> Am 2023-08-29 21:02, schrieb Shawn Webb:
>
> > Back in 2019, I had a similar issue: I needed access to be able to
> > read/write to the system extended attribute namespace from within a
> > jailed c
On Tue, Aug 29, 2023 at 09:31:46PM +0200, Felix Palmen wrote:
> * Shawn Webb [20230829 15:25]:
> > On Tue, Aug 29, 2023 at 09:15:03PM +0200, Felix Palmen wrote:
> > > * Kyle Evans [20230829 14:07]:
> > > > On 8/29/23 14:02, Shawn Webb wrote:
> > > >
On Tue, Aug 29, 2023 at 09:15:03PM +0200, Felix Palmen wrote:
> * Kyle Evans [20230829 14:07]:
> > On 8/29/23 14:02, Shawn Webb wrote:
> > > Back in 2019, I had a similar issue: I needed access to be able to
> > > read/write to the system extended attribute namespace
please.
Back in 2019, I had a similar issue: I needed access to be able to
read/write to the system extended attribute namespace from within a
jailed context. I wrote a rather simple patch that provides that
support on a per-jail basis:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit
On Thu, Apr 13, 2023 at 06:48:14PM -0400, Charlie Li wrote:
> Shawn Webb wrote:
> > Does the ZFS project have some sort of automated testing to catch
> > data-gobbling, pool killing bugs? It seems like this would have been
> > caught with some CI/CD stress testing automat
t;>>> =3D3D3D=3D3D3D=3D3D3D
> > >> >>>>>> Mark Millard
> > >> >>>>>> marklmi at yahoo.com
> > >> >>>>>> =3D20
> > >> >>>>> =3D20
> > >> >>>>> L
On Mon, Feb 27, 2023 at 03:40:41PM -0500, Shawn Webb wrote:
> On Mon, Feb 27, 2023 at 08:57:19PM +0100, Dimitry Andric wrote:
> > On 27 Feb 2023, at 19:19, FreeBSD User wrote:
> > >
> > > Running recent CURRENT as host (FreeBSD 14.0-CURRENT #23
> > > m
t; specific make.conf or src.conf settings for that?
FWIW, HardenedBSD is also impacted by this. We set
WITH_SYSTEM_COMPILER and WITH_SYSTEM_LINKER by default, which I think
might be a contributing factor.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
build I kicked off yesterday for
HardenedBSD is experiencing the same exact failure. Nearly 12,000
ports skipped:
http://ci-08.md.hardenedbsd.org/build.html?mastername=hardenedbsd-current_amd64-local&build=2022-08-17_20h01m01s
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBS
interface=wlan0
ctrl_interface=/var/run/hostapd-wlan0
ctrl_interface_group=wheel
ssid=[redacted]
wpa=2
wpa_passphrase=[redacted]
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
end hostapd-wlan0.conf
On Sat, Aug 13, 2022 at 09:49:34PM +0100, Nuno Teixeira wrote:
> Hello Shawn!
>
> I've
vm
[27] iwlwifi0: Detected Intel(R) Wi-Fi 6 AX201 160MHz, REV=0x351
[28] iwlwifi0: Detected RF HR B3, rfid=0x10a100
[28] iwlwifi0: base HW address: [redacted]
end dmesg.boot
Hopefully this helps. But this is all the info I've got. Please let me
know if you have any questions or comments.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
---
>
> Any ideas of what's wrong?
> BTW, no kernel dump and I have dumpdev="AUTO" in /etc/rc.conf...
When I last talked to bz@, the combination of iwlwifi and lagg was
reported as not supported. bz@ might need/want some help in that area.
Than
On Thu, Dec 09, 2021 at 12:05:30PM -0500, Mark Johnston wrote:
> On Thu, Dec 09, 2021 at 10:20:10AM -0500, Shawn Webb wrote:
> > Hey all,
> >
> > It looks like there's a potential deadlock in some networking code,
> > specifically with ipv4 jails. I can reproduc
is kind of
kernel panic.
I've uploaded the crash.txt file here:
https://hardenedbsd.org/~shawn/2021-12-09_crash-01.txt
`uname -a`: FreeBSD ci-08 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD #0
hardened/current/master-n191216-7474f245a83: Wed Dec 8 22:44:04 EST 2021
shawn@ci-08:/usr/ob
On Fri, Dec 03, 2021 at 11:03:54AM +0100, Stefan Esser wrote:
> Am 02.12.21 um 17:46 schrieb Shawn Webb:
> > Hey Stefan,
> >
> > On Thu, Dec 02, 2021 at 05:26:55PM +0100, Stefan Esser wrote:
> >> I have created
> >>
> >>https://reviews.freebsd
something similar? Kernel would use BIT_* and userland
would use USERLAND_BIT_* (just spitballing, not actually advocating
for "USERLAND_BIT_*" but rather just the idea of it.)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardened
gt; jump into it).
> Not now. Randomizing shared page location is not too hard, but there are
> some ABI issues to sort out. We live with fixed-mapped shared page for
> more than 10 years.
As a point of reference, HardenedBSD's PaX-inspired ASLR
implementation has randomized the sha
On Fri, Oct 29, 2021 at 11:59:40AM +0100, David Chisnall wrote:
> On 28/10/2021 16:26, Shawn Webb wrote:
> > I wonder if providing a 9pfs client would be
> > a good step in helping deprecate smbfs.
>
> Note: WSL2 uses 9p-over-VMBus, but most of the Linux world is moving away
ding a 9pfs client would be
a good step in helping deprecate smbfs.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
_amd64/pool/home/ohartmann/Projects/router/router/apu2c4/src/amd64.amd64/tmp/obj-tools/lib/clang/libllvmminimal/libllvmminimal.a
>
Anyone else still hitting this? I am.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
efer removing it outright.)
HardenedBSD recently removed toor. No one has complained (yet?). A
small Twitter poll[0] showed that 85% of people who responded do not
use toor.
[0]: https://twitter.com/HardenedBSD/status/1415781911063056389
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
kick off meeting that's open to everybody who can respectfully contribute.
>
> Looking forward to hearing from you.
Hey Warner,
I'd be happy to talk about HardenedBSD's switch from GitHub to Gitea
and finally to GitLab. We had a lot of troubles with Gitea and
On Fri, May 07, 2021 at 03:49:00PM +0200, Hans Petter Selasky wrote:
> Time has come that I make a patch for the most central patching tool in
> FreeBSD, patch :-)
>
> https://reviews.freebsd.org/D30160
As stupid as it sounds, '*' is a valid filename.
--
Shawn Web
me to fruition, but I'm pretty skeptical.
https://potabi.fivnex.co/development
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
of ASLR known as ASR and a W^X
implementation, FreeBSD can move on to other exploit mitigations, such
as CFI and SafeStack (both of which are already integrated in some
form in HardenedBSD.)
This is likely to be my only response to this thread as I'm incredibly
tired of rehashing the same arg
ecisely how
> > each
> > of the git commands populates or repopulated the directories in /usr???
> >
>
> It is in the mini primer I wrote, along with how to bisect and other useful
> things. This will migrate into the handbook once the doc tree converts to
> ascii
On Sat, Jan 02, 2021 at 08:37:14AM +0800, Li-Wen Hsu wrote:
> On Sat, Jan 2, 2021 at 4:25 AM Christian Weisgerber
> wrote:
> >
> > On 2021-01-01, Shawn Webb wrote:
> >
> > > This is why I asked FreeBSD to provide anonymous read-only ssh://
> > > suppo
even in the USA.
One thing that I need to do with the HardenedBSD infrastructure is
publish on our site the ssh pubkeys of the server (both RSA and
ed25519). I plan to do that sometime this coming week. I wonder if it
would be a good idea for FreeBSD to do the same (note: I'm not trying
to comm
12msec)
>
> with aesni.ko loaded:
> write: IOPS=2824, BW=2825MiB/s (2962MB/s) (166GiB/60002msec)
>
>
> Does anyone have a compelling reason to deny our users the 5x speedup?
Note: HardenedBSD has had AESNI enabled on amd64 for nearly six years.
Not a single complaint.
For reference,
ardenedBSD user would do this:
fetch -o ports.tar.gz \
https://git-01.md.hardenedbsd.org/HardenedBSD/hardenedbsd-ports/archive/master.tar.gz
mkdir -p /usr/ports
tar -xf ports.tar.gz --strip-components 1 -C /usr/ports
Something similar could be done in FreeBSDlandia.
Th
On Tue, Sep 29, 2020 at 05:36:15PM -0400, Shawn Webb wrote:
> On Tue, Sep 29, 2020 at 11:20:44PM +0200, Kristof Provost wrote:
> >
> >
> > On 28 Sep 2020, at 16:44, Alexander Leidinger wrote:
> >
> > > Quoting Kristof Provost (from Mon, 28 Sep 2020 13:53:1
ctly disabled again on all interfaces.
> >
> I think I see why you had issues with the promiscuous setting. I???ve
> updated the patch to be even more horrific than it was before.
>
> I can???t explain the panic, and the backtrace also doesn???t appear to be
> directly rela
On Mon, Sep 21, 2020 at 09:57:40AM +0200, Kristof Provost wrote:
> On 21 Sep 2020, at 2:52, Shawn Webb wrote:
> >> From latest HEAD on a Dell Precision 7550 laptop:
> >
> > https://gist.github.com/lattera/a0803f31f58bcf8ead51ac1ebbc447e2
> >
> > The last work
>From latest HEAD on a Dell Precision 7550 laptop:
https://gist.github.com/lattera/a0803f31f58bcf8ead51ac1ebbc447e2
The last working boot environment was 14 Aug 2020. If I get some time to
bisect commits, I'll try to figure out the culprit.
Thanks,
Shawn Webb
(Sorry for the brevi
Hey all,
It appears the Handbook and the nfsv4 manpages don't really agree,
leading to some confusion as to how to properly set up an NFSv4 server
on FreeBSD.
Any guidance would be appreciated.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG K
On Thu, Sep 10, 2020 at 12:46:45PM -0400, Ryan Moeller wrote:
>
> On 9/10/20 12:33 PM, Shawn Webb wrote:
> > I used to be able to run `zfs list` as an unprivileged user. Now I
> > can't, even when my user is in the operator group.
> >
> > BEGIN LOG ==
I used to be able to run `zfs list` as an unprivileged user. Now I
can't, even when my user is in the operator group.
BEGIN LOG
hbsd-current-01[shawn]:/home/shawn $ zfs list
Operation not permitted
hbsd-current-01[shawn]:/home/shawn (1) $ id
uid=1001(shawn) gid=1001(shawn) groups
or read-only access over ssh.
Trusting FreeBSD's ssh key material is likely easier than trusting
HTTPS in certain regions.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8
-01 kernel: [2395] ZFS WARNING: Unable to create ZVOL
tank/bhyve/productname/dev/users/username/username-shortened_productname-dev-01/disk-01
(error=63).
So I'm left wondering, does devfs have a smaller limit than ZFS for
node paths?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
H
On Fri, Jul 10, 2020 at 09:43:59AM -0400, Shawn Webb wrote:
> On Fri, Jul 10, 2020 at 04:36:41PM +0300, Toomas Soome wrote:
> >
> >
> > > On 10. Jul 2020, at 16:25, Shawn Webb wrote:
> > >
> > > Hey all,
> > >
> > > I just go
On Fri, Jul 10, 2020 at 04:36:41PM +0300, Toomas Soome wrote:
>
>
> > On 10. Jul 2020, at 16:25, Shawn Webb wrote:
> >
> > Hey all,
> >
> > I just got in a new Dell Precision 7550 laptop. Tried booting FreeBSD
> > on it and UEFI boot failed. The scree
zero
experience in this area, but would love to learn. Can someone punish
me with ideas on how to debug this? ;P
I'll try to get whatever patches/fixes that come out of this effort
upstreamed.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG Key ID: 0xFF2E67A277
Thanks for maintaining one-true-awk in the tree! I was planning on
publishing a new binary update of 13-CURRENT for HardenedBSD users.
Should I hold off until the dust settles?
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:
how to set it up in
> memory on a bare-metal system and start execution)
>
Reach out to 3mdeb (feel free to CC me, if you'd like). See what
they'd like help with. There's certainly a lot more work that could be
done.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
On Thu, Mar 21, 2019 at 09:55:15AM -0600, Alan Somers wrote:
> On Thu, Mar 21, 2019 at 9:49 AM Shawn Webb wrote:
> >
> > Hey Alan,
> >
> > Thank you very much for your work in maintaining fusefs. I only use
> > fusefs in very limited circumstances, so take what
x27;m curious if the security impacts of removing the toggle to disable
mmap support for fusefs. Is there a per-fusefs replacement for
mmap_enable? From a security perspective, it would be nice to keep the
ability to disable mapping of files mounted on a fusefs.
Thanks,
--
Shawn Webb
Cofounder and S
: linker command failed with exit code 1 (use -v to see invocation)
> *** [clang] Error code 1
>
> make[4]: stopped in /usr/src/usr.bin/clang/clang
> [...]
>
> I tried to rebuild world from a fresh /usr/src and /usr/obj but the host gets
> always stuck at
> the same error.
Do
01:00 init 1 - - /bin/sh on /etc/rc terminated
> abnormally, going
> to single user mode Enter root password, or ^D to go multi-user
> Password:
>
>
> Running
>
> FreeBSD 12.0-STABLE #36 r343871: Thu Feb 7 17:34:44 CET 2019 amd64
>
> Doesn't show this phenomen
On Tue, Feb 12, 2019 at 11:44:42AM -0200, Renato Botelho wrote:
> On 12/02/19 11:03, Shawn Webb wrote:
> > Hey all,
> >
> > I have net.inet6.ip6.use_tempaddr and net.inet6.ip6.prefer_tempaddr
> > both set to 1. Yet, I'm not seeing temporary addresses crea
nt RFC3041 from working in FreeBSD HEAD?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F
so.0: Undefined symbol "environ"
> grahamperrin@momh167-gjp4-8570p:~ % pkg query '%o %v %R' iridium-browser
> www/iridium 2018.5.67_6 FreeBSD
> grahamperrin@momh167-gjp4-8570p:~ %
>
> Any ideas?
I can confirm that I'm getting this, too, on my Pinebook ru
Matt,
Thank you for your detailed and informative post. It really helps
downstream consumers of FreeBSD.
I'm curious what this means for OpenZFS. I was under the impression
that OpenZFS was the upstream for all the ZFS implementations (sans
Oracle).
Thanks,
--
Shawn Webb
Cofounder and Sec
trauma
> analysis
>
> make core dumps.
> devd core dumps.
> init core dumps.
> cc core dumps.
> c++ core dumps.
>
> Something seems to be broken.
There have been (and still are) issues with the introduction of ifunc
in libc (r339898). The symptoms you're describing so
Hey All,
Looks like the RTLD is segfaulting apps for me in 13-CURRENT/amd64
both on bare metal and in bhyve. I don't have the time right now to
bisect the commit.
On a related note: I love ZFS boot environments. Thanks, FreeBSD, for
making ZFS a first-class citizen.
Thanks,
--
Shawn
to mean something
> with bfd)?
I noticed the same issues. I reverted parts of recent work by upstream
FreeBSD in HardenedBSD's Cross-DSO CFI branch since that branch uses
clang/llvm/lld 7.0.0.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-
loghost /jail/loghost
>
> storm~;jexec 9 env | grep -i ssh
> SSH_CLIENT=203.0.113.70 59076 22
> SSH_CONNECTION=203.0.113.70 59076 203.0.113.50 22
> SSH_TTY=/dev/pts/2
> SSH_AUTH_SOCK=/tmp/ssh-ZfvZOatcsu/agent.60492
> storm~;
>
> Any ideas?
Hey Mi
On Fri, Aug 24, 2018 at 06:19:55PM -0400, Shawn Webb wrote:
> Hey All,
>
> Somewhere in the last month or so, a use after free was introduced. I
> don't have the time right now to bisect the commits and figure out
> which commit introduced the breakage. Attached is the cor
FreeBSD recently introduced a new ELF auxiliary vector, AT_EHDRFLAGS.
procstat(1) needs to be updated to reflect the new auxvec. Patch is up
for review here: https://reviews.freebsd.org/D17067
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546
/freebsd/commit/2f2449cc1cdfc19ae34b2317e792af489418a01a
So my src tree is at this commit:
https://github.com/HardenedBSD/hardenedBSD/commit/98f90fadab000b818a731be4650ac1a47144501c
I've not yet studied the swap pager's code and plan to start learning
it soon.
Thanks,
--
Shawn Webb
Cofounder and Secu
c repo because I was doing
some offensive research against GNU's RTLD way back in 2011-2012. The
repo hasn't been updated since.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hack
3 r337364: Mon Aug 6 07:01:42 +07 2018 amd64
I'm seeing the same issue.
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD
; >
> > > Warner
> >
> > Fixed by r336837
> >
>
> Yea, I thought I'd pushed all my in-flight src/stand branches yesterday,
> but I had one on a different machine that wasn't, and it was this one.
> Sorry for the hassle, it had been ready to go
On Sat, Jul 28, 2018 at 08:34:31PM +0200, Emmanuel Vadot wrote:
> On Sat, 28 Jul 2018 20:28:30 +0200
> Emmanuel Vadot wrote:
>
> > On Sat, 28 Jul 2018 13:17:45 -0400
> > Shawn Webb wrote:
> >
> > > It appears with the latest 12-CURRENT/arm64, booting is
key for command prompt.
Booting [/boot/kernel/kernel]...
Using DTB provided by EFI at 0x801fe0.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is
On Wed, Jun 20, 2018 at 07:31:21PM -0400, Ed Maste wrote:
> On 20 June 2018 at 18:25, Shawn Webb wrote:
> >
> > Would you like me to quantify the compilation breakages due to the
> > full llvm toolchain switch? If so, I can do that after July 12th.
>
> Thanks Shaw
at runtime due to a full llvm
toolchain, but compile just fine.
Would you like me to quantify the compilation breakages due to the
full llvm toolchain switch? If so, I can do that after July 12th.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified S
{JEVENTS}
${JEVENTS} ${EVENT_ARCH} ${.CURDIR}/pmu-events/arch libpmc_events.c
SRCS+= libpmc_events.c
.endif
Why perform the conditionals for aarch64 and powerpc when it can't be
those? "Am I missing something?
I'm looping in Matt Macy, who was the last person to touch the file.
On Tue, Apr 17, 2018 at 10:52:40PM +, Beeblebrox wrote:
> My proposed plan did not work anyway, as both MINIMAL and GENERIC fail to
> build.
> I'll have to clone the FreeBSD repo unless Shawn has something to comment on
> this.
Due to our changing of certain kernel st
On Tue, Apr 17, 2018 at 11:13:51AM -0400, Beeblebrox wrote:
> Hey Shawn,
>
> > What happens when you set vm.pmap.pti=0 at the loader prompt?
> Yep, that fixed it. Booted into MYKERN without problem.
> Assuming Page Table Isolation still a bit buggy?
>
> FreeBSD 12.
ail
> it (or download link) to developers (at FreeBSD.org) if needed though.
What happens when you set vm.pmap.pti=0 at the loader prompt?
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
76 Dec 30 12:37 /usr/bin/lint
> -r-xr-xr-x 1 root wheel 4976 Dec 29 21:13 /usr/bin/true
I had filed[1] a bug report about this a little over a month ago and
FreeBSD was disinterested in even discussing it. HardenedBSD worked
around the issue by disabling the build of lint in its 11-STABLE an
On Fri, Dec 29, 2017 at 02:36:34PM -0500, Shawn Webb wrote:
> On Fri, Dec 29, 2017 at 08:33:15PM +0100, Michael Gmelin wrote:
> >
> >
> > > On 29. Dec 2017, at 20:15, Shawn Webb wrote:
> > >
> > > Hey All,
> > >
> > > It looks like
On Fri, Dec 29, 2017 at 08:33:15PM +0100, Michael Gmelin wrote:
>
>
> > On 29. Dec 2017, at 20:15, Shawn Webb wrote:
> >
> > Hey All,
> >
> > It looks like evdev support in the kernel is broken.
> > sys/dev/kbdmux/kbdmux.c contains various unresol
>>>
ld: error: undefined symbol: evdev_scancode2key
e
> best approach, and best alternatives?
Both HardenedBSD and TrueOS use LibreSSL in base.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
1 - 100 of 280 matches
Mail list logo
