Issue 129
Published November 16, 2022

FreeBSD RC plus all the latest news and tutorials from the BSD world.


FreeBSD 12.4-RC2 Available: The second RC build for the FreeBSD 12.4 release cycle is now available. ISO images for the amd64, armv6, armv7, arm64, i386, powerpc, powerpc64, powerpcspe, and sparc64 architectures are FreeBSD mirror sites.


OpenBSD Errata: November 15, 2022 (pixman): Errata patches for X11 pixman library have been released for OpenBSD 7.1 and 7.2. Binary updates for the amd64, i386 and arm64 platform are available via the syspatch utility.

FreeBSD Security Advisory FreeBSD-SA-22:12.lib9p: The implementation of lib9p’s handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve’s Capsicum sandbox.

FreeBSD Errata Notice A backwards-incompatible change to the CAM ioctl interface was made. Partial compatibility support for the old version of the interface was provided, but it was incomplete. In particular, CAM periph drivers did not handle the old version of the CAMGETPASSTHRU ioctl. Software applications which make use of the CAM ioctl(2) interface may fail to work following an upgrade to FreeBSD 13.1.

FreeBSD Security Advisory FreeBSD-SA-22:10.aio: FreeBSD’s aio(4) subsystem implements asynchronous I/O. II. Problem Description The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).

FreeBSD Errata Notice FreeBSD-EN-22:24.zfs: A kernel regression caused all dataset snapshot directories to become inaccessible over NFS. Any attempt to access individual snapshots would return an error message mentioning a stale file handle. Workflows which rely on ZFS snapshots being accessible over NFS are broken.

FreeBSD Security Advisory FreeBSD-SA-22:11.vm: A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

FreeBSD Errata Notice FreeBSD-EN-22:19.pam_exec: When pam_exec(8) is used for authentication with the ‘expose_authtok’ option and an application calls pam_setcred(3), it attempts to expose an already stored authentication token. It is incorrectly assumed that there always is such a token stored, which leads to dereferencing a NULL pointer if this isn’t the case. It is impossible to reliably use pam_exec(8) for authentication with the ‘expose_authtok’ option, that is necessary to have the external program check credentials. In most scenarios, authentication will fail because of a crash caused by the NULL pointer dereference.

FreeBSD Errata Notice FreeBSD-EN-22:27.loader: As of FreeBSD 13.1, the UEFI loader on amd64 systems will detect if the kernel it loaded is capable of being relocated to a different physical address than the historical load address. This detection relied on an ELF symbol lookup that was not correctly filtering symbols based on their type, which caused a false positive result for older amd64 kernels. The UEFI loader would relocate the kernel to a different physical address than expected, and the resulting kernel would fail to boot.

FreeBSD Errata Notice FreeBSD-EN-22:25.tcp: A change made to make TCP more resilient and effective when handling loss recovery by SACK, could lead to connection interruption when incoming ACKs suddenly no longer contain SACK blocks. This can lead to correct data being placed at the wrong offset in the stream in a non-deterministic manner. This can result in termination of the TCP connection by the application or in the worst case silent data corruption.

As always, it’s worth following BSDSec. RSS feed and Twitter account available.


EuroBSDCon 2022 Trip Report: Muhammad Moinur Rahman: This trip was sponsored by The FreeBSD Foundation.

BSD Now 480: OpenBSD 7.2: OpenBSD 7.2 and FuguIta have been released, Learn the Whys and Hows with the FreeBSD Sec Team, how to get notified about FreeBSD updates, using unbound for ad blocking on OpenBSD, further memory protections on OpenBSD current, and more.

mmap(2), munmap(2), and mprotect(2) unlocked: Martin Pieuchot (mpi@) has committed a change unlocking the mmap(2), munmap(2), and mprotect(2) system calls. Accesses to data structures used by these syscalls are serialized by the VM map lock with the exception of file mappings which are still protected by the KERNEL_LOCK(). Unlocking this set of syscalls improves most of userland workloads.


Virtualization showdown – FreeBSD’s bhyve vs. Linux’s KVM Virtualization: The bhyve hypervisor makes it easy to run reliable, high-performance virtual machines on a FreeBSD host system. In this article, we test the performance of virtual machines running Windows, Linux, and FreeBSD itself under bhyve—and we compare and contrast with performance of the same virtual machines running under Linux’s well-known KVM hypervisor. Understanding the pros and cons of each hypervisor helps you make confident, informed decisions when deciding how to set up your virtualization hosts.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.