This is a talk (MP3) about sudo and ssh by Matthew Burnside (New York BSD User Group - NYC*BUB)

Two tools which have become the norm in Linux- and Unix-based environments are SSH for secure communications, and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this talk, I describe a flaw in their interaction, and then present our solution called public-key sudo.

Public-key sudo is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. I describe our implementation of a generic SSH authentication module and the sudo modifications required to use this module.

Download mp3 or view previous talks.

(German language) guide on installing a CF-card and NetBSD on your EeePC 

Issue 5/2008 of the German FreeX magazine has an article by Ulrich Habel titled “Festspeicher statt Festplatte” (”hard storage instead of hard disk”). It illustrates how to replace your EeePC’s 1.8″ harddisk with a CF-card adapter, and install NetBSD on it.

BTW, FreeX is always looking for (german language) authors, too!

Some new things came up recentrly, I’ve added some code from NetBSD and commented out the decr_init() in cpu_startup(). Now, during the boot I’ve rached subsystem 3800000 , as last time w/o decr_init(), but this time it seems it entered the newbus!

==========================================

[thread pid 0 tid 100000 ]

Breakpoint at 0×4930d8: stwu r1, r1, -0×20

db>

nexus0: registered as a time-of-day clock (resolution 1000us)

nexus0: , type (unknown) (no driver attached)

nexus0: , type (unknown) (no driver attached)

nexus0: , type (unknown) (no driver attached)

nexus0: , type (unknown) (no driver attached)

nexus0: , type (unknown) (no driver attached)

nexus0: , type memory (no driver attached)

nexus0: , type (unknown) (no driver attached)

nexus0: , type (unknown) (no driver attached)

nexus0: , type serial (no driver attached)

nexus0: , type builtin (no driver attached)

nexus0: , type pci (no driver attached)

sc0: no video adapter found.

nexus0: , type syscons (no driver attached)

done.

  ofw_bus_gen_get_name(0)… cpu_exception:

SRR0 0×01035CFC SRR1 0×00003030 MSR 0×00003030

LR 0×0103E1E4 CTR 0×0101A5F0 CR 0×44002042 XER 0×20000000

DAR 0xD0004DDE DSISR 0×42000000 Type 3

GPR[] 0×00000007 0×00559EB4 0×00000000 0×00000000 0×07C05323 0×00000005 0×0000000D 0×0058EBB8

…

============================================

And again, the old friend. I can’t spot the cause of those crashes. They always look the same, with the same content of SRR0,1 and MSR. Adding some stuff from NetBSD helped, but it only took it just a few steps further. Thus it must be something wih the OF, but what? This time it’s nothing about the stack, because the registers contains some crazy addresses, neither form kernel, nor from the OF stack… During some previous tests I’ve encountered some crashes on instructions reading/writing to SPRG0 and IBAT4, in  ofw_sprg_prepare(); and in

===========

from: src/sys/powerpc/aim/ofw_machdep.c

 __asm __volatile( “\t”

  ”sync\n\t”

  ”mfmsr %0\n\t”

  ”mtmsr %1\n\t”

  ”isync\n”

  : “=r” (oldmsr)

  : “r” (ofmsr[0])

  );

============

both in openfirmware()…

The daemon for handing bluetooth PAN that was proposed last week is imported in NetBSD-current now, and will be part of the upcoming NetBSD 5.0 release. Ian Hibbert has also updated the Bluetooth chapter in the NetBSD Guide with examples of a PANU (Personal Area Networking User) client. Ian will also continue to work on NAP (Network Access Protocol) and/or GN (Group ad-hoc Network), but that’s some work todo. If anyone wants to help Ian out, feel free to contact him - see his posting for more details on the basic setup.

An update on NYCBSDCon 2008 with Isaac Levy and Steven Kreuzer. More information on the conference can be found at http://www.nycbsdcon.org/

You can listen to it on your phone by calling: +1 (210) 957-5481

File Info: 15Min, 7MB

Ogg Link:

http://cisx1.uma.maine.edu/~wbackman/bsdtalk/bsdtalk156.ogg

Over the last couple day’s I have been working on the Bordeaux for FreeBSD 7 port. We now have everything compiling and running but a lot more testing needs to be done before it’s ready for a final release. Internet Explorer, Steam and Office 2003 are the only applications ive gotten around to testing thus far. The good news is everything that I have tested works fairly well on FreeBSD.

If you’re a FreeBSD user and need to run any of the software that we currently support on the Linux client you might be interested in helping beta test this build and future builds up to the final stable release. At this time we cant give out beta builds, but what we can do is if you purchase a license from the store for a Linux build then send a mail to support. This email is provided once you purchase a licence, and ask for a FreeBSD build I can send it to you.

If we get enough interest in beta testing we could start a beta testing mailing list as well.. So if your interested in helping out head over to the store and purchase a license and send us a mail. If you have a friend or know of someone interested in this please send them our way.

Today we learned that George Neville-Neil leaves the FreeBSD Security team due to lack of time. It’s sad that George leaves the team, but he leaves a lot of good work behind and he was a great asset to our Security Team. Therefor “Thank you for working with us George!”

The second issue of the BSD Magazine (September 2008) is out now.

More than 60 pages full of news, great articles, tutorials, how-tos and extras. This is the table of contents:

06 BSD News

08 DVD contents description

10 OpenBSD 4.3 installation & configuration

18 You have installed it? Now what? Packages!!

22 OpenBSD

26 BSD Certification

30 Building an OpenBSD SAMP server with content filtering proxy

38 OpenBSD as an Desktop

40 Inside the PBI system

44 Connecting to other IM networks

50 Kernel File system - development in userspace

54 Securing IM using Jabber/XMPPP and TLS

58 OpenBSD and making money

61 Absolute FreeBSD 2nd edition

62 PC-BSD in schools

64 Interview with OpenBSD developer Damien Bergamini

For more information and subscriptions visit the BSD Magazine website.

Summer of Code has now officially finished. Well, at least the coding part of it has. This is my final GSoC report, but hopefully will not be my last post here. As it stands at the moment, I have not managed to get sending and receiving working, but I am very close to it. I honestly am unsure as to why it is not working,  but I believe it may be to do with how I have tied my code into the kernel, and I dont think it is getting initialized or compiled with the right preprocessor defines or something. However, I will still be working on getting this going, as not only is it my dissertation for university this year to do this, but it has become somewhat of a personal challenge to prove to myself that I can do it.

With that in mind I will keep on working on this at every oppurtunity I get, and will definately have at least sending/receiving working by October, which is when the dissertation is due. So here is a run down of what I have accomplished so far for the GSoC, and what I plan to implement in the future.

Accomplished:

MPLS-needle - this is a small tool I built for testing of MPLS. It takes a configuration file and uses that to define and build an MPLS packet, which is then inserted onto the networking stack using a BPF device.

Basic port of OpenBSD/Ayame code - I have been working solidly for the last few months on porting the OpenBSD code, which is based on Ayame, to FreeBSD. This was a much bigger task than I orginally intended. As I have had no previous experience with kernel coding this has involved a huge learning curve, not only in just kernel coding itself, but in how the FreeBSD networking code works, and how it differs to OpenBSD (by the way, it is a lot more than I thought it would be). The code has been ported over and changed accordingly, but still does not work. However, the kernel does compile and run, it just appears that the MPLS code does not run when a packet is received. I think this is because of incorrect #defines, as I’m not entirely sure where I need to define these (in the Makefile or somewhere in my code). I will continue to work on this and attempt to get it working asap.

Hi, it’s nearing the end of GSoC 2008 and I’ve updated my wiki ( http://wiki.freebsd.org/AndersNore/pkg_improved ) about the pkg_improved project and there are testing instructions for those brave enough. Please test and please report bugs. There are several new features to the pkg-tools and there are some speed improvements made. Lately I’ve been cleaning some of the code mostly fixing bugs and writing documentation in the form of man-pages.