All the latest news and tutorials from the BSD world.
Releases
OPNsense 22.7.5 released: This release is fixing a security issue involving the “installer” user and kernel-based TCP panics that some have been fighting with since FreeBSD 13. Some ports and plugins have also been updated now that the holiday season is coming to its inevitable end.
BSDSec
NetBSD Security Advisory 2022-004: procfs(5) missing permission checks: Due to missing permission checks it was possible to reuse open descriptors which are exposed in the procfs(5) pid /fd/ directory. It might allow malicious user to bypass permission checks and read data from opened descriptor under some circumstances.
NetBSD Security Advisory 2022-003: Race condition in mail.local(8): A race condition exists in the mail.local(8) (/usr/libexec/mail.local) program which is setuid root. That may be exploited in order to change the ownership of or append arbitrary data to an arbitrary file. A malicious local user may exploit the race condition to acquire write permissions to a critical system file, and leverage the situation to acquire escalated privileges. This was originally addressed in NetBSD-SA2016-006 and has been assigned CVE-2016-6253. The fix proved inefficient and had to be fixed again, which is the reason for this new advisory.
NetBSD Security Advisory 2022-002: Coredump credential reference count leak: The coredump handling code always leaks a reference to the dumped processes cred structure. An attacker may cause the reference count to overflow, leading to a use after free (UAF).
As always, it’s worth following BSDSec. RSS feed and Twitter account available.
News
Meet the 2022 FreeBSD Google Summer of Code Students: Koichi Imai: The FreeBSD Project is proud to have participated in the Google Summer of Code program since its inception in 2005. At the completion of the 2022 season, the Foundation asked a few of our GSoC students to share more about themselves and their experience working with the Project.
BSDNow 475: Prompt Injection Attacks : Prompt injection attacks against GPT-3, the History of Package Management on FreeBSD, A fresh look at FreeBSD, File Management Tools for Your Favorite Shell, Quick Guide about Video Playback on FreeBSD, and more.
LibreSSL 3.6.0 released: This is a development release for the 3.6.x branch, and they appreciate additional testing and feedback before the final release coming soon with OpenBSD 7.2.
Tutorials
Automatic mounting of volumes on FreeBSD: There are several solutions for automatically mounting volumes. This article will introduce you to 2 solutions, automount and DSBMD.
Basic settings for FuguIta (OpenBSD-based Live System): This video shows the steps involved in automatically saving files on FuguIta until it can be reloaded on subsequent automatic boot. FuguIta in this video is demonstrated on OpenBSD’s virtualization monitor vmm/vmd.
Ads blocking with OpenBSD unbound(8): The Internet is full of Ads and Trackers. And a way to avoid those is to simply not reach the stinky servers. This can be partially done using a local DNS resolver.
Part 3: Building Your Own FreeBSD-based NAS with ZFS : This part concentrates on exposing the data on your NAS to the network using NFS, Samba, and iSCSI shares. Network File System (NFS) is a commonly used protocol for accessing NAS systems, especially with Linux or FreeBSD clients. Article provides an overview of each type of share to help guide you in deciding which is most suited to the clients that will be accessing the NAS.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!