norbert's weblog

OpenBSD Hackathon 2005

Jeremy Andrews from KernelTrap interviewed several OpenBSD developers during the OpenBSD Hackathon 2005 in Calgary.

Part 1: http://kerneltrap.org/node/5186
Part 2: http://kerneltrap.org/node/5190

It's good to read some Hackathon reports like this. This news gave me a chance to see things that will happen on OpenBSD, like improved kernel threading, pf extensions, interface groups, and many more.

OpenSSH 4.1 released!

OpenSSH 4.1 has been released! This release does not include new features since OpenSSH 4.0. This is just a bugfix release notably bugzilla numbers 896, 996, 950, 997, 998, 999, 1005, 1006, 1024, 1038, and other minor fixes.

For more information, visit the OpenSSH website.

RIP : Pinky, the chick!

We have a neighboor named Duday or sometime, her fsck'ng mom call her Betchay (yes, it's very obvious that we are her mom's number one enemy for some reasons hehehe). Last week, we saw Duday carrying a pink chick. One day, after arriving from work, Pampam (our cat) went inside our house carrying a dead pink chick on her mouth. "WTF! This is Duday's chick!" I immediately wrapped the dead chick on a "pandesal" paper bag and threw it on a drainage, leaving no evidence of what really happened to Pinky, the chick.

I feel guilty, but we can't do nothing about it. Duday's pet is already dead. Honestly, I want to tell Duday what really happen but we prefer to remain silent for obvious reason - her mom!

I remember a phrase on the Discovery channel about cats - "Cats, big or small - are natural born killers".

OpenBSD trunking support

An initial support for trunking of network interfaces was commited by Reyk Floeter in OpenBSD-current. This will allow aggregation (or clustering) of multiple interface into one virtual interface.

CVSROOT: /cvs
Module name: src
Changes by: reyk@cvs.openbsd.org 2005/05/23 20:45:18

Modified files:
 sys/conf : GENERIC files 
 sys/net : if.c if.h if_ethersubr.c 
 share/man/man4 : Makefile 
 sbin/ifconfig : ifconfig.8 ifconfig.c 
Added files:
 sys/net : if_trunk.c if_trunk.h 
 share/man/man4 : trunk.4 

Log message:
initial import of a trunking (link aggregation and link failover)
implementation. it currently supports round robin mode with link state
checking, additional modes will be added later.

ok brad@, deraadt@

OpenBSD 3.7 released

OpenBSD 3.7 has been officially released! There are many noticeable changes on this release like additional and improved support for a wide variety of wireless network adapters, OSPF daemon, support for Zaurus and SGI platforms, and many more. See the release notes and the detailed list of changes for more information. You can order the official official CD set (with cool stickers) and the awesome "Wireframe Puffy" tshirt on the project's order page. Nice variety of OpenBSD posters for your room are also available.

Danger of Hyperthreading?

A security flaw on hyperthreading that can lead to information disclosure was discovered by Colin Percival. This affect servers that are using Intel's hyperthreading technology (or any server using a processor that mimics the Hyperthreading way when sharing resources). The flaw uses the threads' shared access to memory caches to allow an attacker perform timing based attacks and steal sensitive informations on the system (e.g. crypto keys). In some cases, the disclosed informations gained by an attacker can also be used to escalate his/her privileges from the system.

Many software vendors that uses hyperthreading are affected - Microsoft, UNIX, *BSD, Linux, etc. The FreeBSD project already addressed this vulnerability on their SA-05:09 advisory. OpenBSD does not really support hyperthreading, so OpenBSD users can simply disable hyperthreading feature on their BIOS. Linux has no published advisory yet, but the issue is already being discussed on the Linux kernel mailing list.

According to Colin, Linus Torvalds doesn't seem to understand the problem clearly, but in his defense to Linus, he said that Linus is not a security guy anyway, and he is hoping that other Linux developers who understands security will talk to Linus about the issue. However, in my opinion, even other vendors and Intel Corp. do acknowledge the issue, and according to Infoword, Intel is currently coordinating with other software vendors to fix the problem. Though Intel does not consider this flaw as critical, it will still be fixed on subsequent updates.

More information is available on Colin Percival's paper at:

http://www.daemonology.net/papers/htt.pdf

In my understanding on Colin's paper, this kind of attack does not directly read actual memory values to disclose some information. But there can be possible chances of timing based attacks. Feel free to correct me if I'm wrong :-)

Another PhilBSD BoF

The Philippine BSD Group will be having a BoF meeting on Saturday, May 14, 2005 2:00 pm at CSSP Computer Lab, Palma Hall, Room 115-119 University of the Philippines, Diliman, Quezon City

We will discuss some BSD topics (of course!), watch some movies of last year's HITB conference, and of course, coffee :-)

Possible SSH Worm?

According to Bruce Schneier, there is a potential for a SSH worm.

A paper from MIT explains the idea of the possible risk:

http://nms.csail.mit.edu/projects/ssh/sshworm.pdf

This is a good and valid point. Assuming a certain machine is compromised. The remote hosts listed in the known_hosts file and access to passwordless/unencrypted keys on the compromised machine are good factors for a worm like task. Weak passwords and reusable passwords (e.g. users who conviniently uses a single password to access his/her account on other remote machines) can also make the job of the possible ssh worm much easier.

Unfortunately, passwordless/unencrypted keys are needed for automating some remote task, so a possible workaround described in the MIT paper is to hash the host files. Fortunately for the OpenSSH users, hashing of host names is supported since the release of OpenSSH 4.0:

* ssh(1) and ssh-keyscan(1) now support hashing of host names and addresses added to known_hosts files, controlled by the ssh(1) HashKnownHosts configuration directive. This option improves user privacy by hiding which hosts have been visited. At present this option is off by default, but may be turned on once it receives sufficient testing.

But let's also think about the other possible loopholes aside from the host files, like the shell's history file, the log files, the [w/u]tmp databases, etc. The possibilities are vast.

Net Center Opening

We have opened our new Internet shop (named Net Center) in Fairview, Quezon City (near FEU-NRMF).

Of course, the router is powered by OpenBSD :-)

FreeBSD 5.4 released!

From FreeBSD freebsd-announce@:

Date: Mon, 9 May 2005 17:01:58 -0400
From: Ken Smith [kensmith@FreeBSD.org]
To: freebsd-announce@FreeBSD.org
Subject: [FreeBSD-Announce] FreeBSD 5.4-RELEASE Announcement

The Release Engineering Team is happy to announce the
availability of FreeBSD 5.4-RELEASE, the latest release
of the FreeBSD Stable development branch. Since FreeBSD
5.3-RELEASE in November 2004 we have made many improvements
in functionality, stability, performance, and device driver
support for some hardware, as well as dealt with known
security issues and made many bugfixes.

...

FreeBSD 5.4-RELEASE has been officially released! The inclusion of CARP from the OpenBSD project is one of the many noticeable changes on this release. Please read the release errata for any late-breaking issues.

Mother's Day

I just called my mom on Bicol and greeted her a "Happy Mother's day!" I missed her so much!

Happy Mother's day Ma!