#openbsd
![[?]](https://billboard.bsd.cafe/assets/uploads/profile/uid-35/35-profileavatar-1775124275144.png){kind=avatar}
[Dr Brian R. Callahan]
(06/10) ⇒ A Final Return for OpenBSD Anti-Return-Oriented Programming Mitigations Return-Oriented Programming (ROP) continues to be a serious attack taking advantage of flaws in memory unsafe languages, particularly buffer overflows, to launch arbitrary code execution attacks by chaining together pieces of already existing code in loaded binaries and shared libraries, called gadgets. [...] [SENSITIVE CONTENT]
(06/10)
⇒ A Final Return for OpenBSD Anti-Return-Oriented Programming Mitigations
Return-Oriented Programming (ROP) continues to be a serious attack taking advantage of flaws in memory unsafe languages, particularly buffer overflows, to launch arbitrary code execution attacks by chaining together pieces of already existing code in loaded binaries and shared libraries, called gadgets. With the continued reliance on x86_64 CPUs in cloud and personal servers, mitigations that can meaningfully reduce the success of ROP attacks without significant overhead continue to be attractive. We propose the porting of one such software-based anti-ROP mitigation proposed by OpenBSD: compile-time instruction rewriting to avoid opportunities for ROP exploitation. We bring this mitigation, originally developed for the custom OpenBSD implementation of the LLVM compiler suite, to GCC by way of a standalone utility that sits in between the compiler and the assembler and rewrites potential gadget instructions before assembly into object code. Our utility provides a minimal reduction in gadgets with some penalties in binary sizes and performance impacts. We compare our GCC-ported standalone utility to the original OpenBSD LLVM mitigation and discovered that our standalone utility is weaker compared to the original LLVM-based mitigation. However, due to the overall weak reduction in gadgets for both the LLVM-based and GCC-based implementations, we conclude that seemingly obvious mitigations may prove to be anything but, and caution providing security improvements without significant testing and evaluation.
ping: https://bsd.network/@bcallah/116725877009964245
It seems to be my 200th post here… 
[Kirill's journal]
⇒ OpenBSD under QEMU Architecture specific notes for OpenBSD guests under QEMU, with working command lines where installation succeeds and failure points where it does not. https://kirill.korins.ky/articles/openbsd-under-qemu/ [SENSITIVE CONTENT]
⇒ OpenBSD under QEMU
Architecture specific notes for OpenBSD guests under QEMU, with working command lines where installation succeeds and failure points where it does not.
![[?]](https://hostux.social/system/accounts/avatars/109/522/659/464/681/502/original/48b730630e294115.jpg)
Here is your last #OpenBSD story before the summer break: that one time OpenSSH was used in a supply-chain attack, before that expression was even coined.
![[?]](https://media.bsd.network/accounts/avatars/000/001/285/original/f9255f9b1a538310.jpg)
By the way, our first two publications on evaluating #OpenBSD mitigations are out. Both of these papers evaluate some amd64 anti-ROP mitigations: specifically changing the register selection order and semantically equivalent rewriting of instructions that may produce a potential polymorphic gadget instruction. This tracks a paper by mortimer@ back in 2019 at AsiaBSDCon.
The TL;DR is "OpenBSD can shrink binaries a little and gain a little performance without any security loss simply by reverting these mitigations." The mitigations did not hold up to independent evaluation.
The first paper did an exact 1:1 port of these mitigations to FreeBSD and found that register reallocation eliminates only about 0.3% of unique gadgets, for a 0.5% increase in binary size (mortimer@ claimed 6% reduction and "entirely free"). It is useless at best but more likely actively detrimental, as it produces a false sense of security. It also found the instruction rewriting reduces unique gadgets by about 3.5% with a binary size increase of about 1.8% (mortimer@ claimed 5% reduction with 0.15% binary size increase).
We then did a separate implementation of the instruction rewriting mitigation to GCC in the second paper. Our GCC implementation does the older <xchg; op; xchg> dance, as that's what mortimer@'s paper described. This is way worse; producing about a 3% performance hit for no security benefit at all.
The only part of both mitigations worth saving is for basic arithmetic, OpenBSD LLVM now takes advantage of the fact that basic arithmetic has two forms. For example, the newer instruction rewriting mitigation turns
addq %rax, %rbx (48 01 c3)
into
{load} addq %rax, %rbx (48 03 d8)
The new instruction rewriting mitigation is genuinely free in terms of binary size and execution speed, but doesn't move the security needle, so this one can stay as it is harmless. Other rewritings still have the flaw of increasing binary size and reducing performance for no security benefit.
Anyhow feel free to read the papers:
https://ieeexplore.ieee.org/abstract/document/11458911
https://www.researchgate.net/publication/405728967_A_Final_Return_for_OpenBSD_Anti-Return-Oriented_Programming_Mitigations
#BSD #FreeBSD #NetBSD #DragonFlyBSD #Linux #Unix #security #cybersecurity
![[?]](https://snac.bsd.cafe/bpl/s/avatar-b605f1db31dc57fe49b6eb2033dc306c.jpg){kind=avatar}
- small screen, max 10 inch
- runs #OpenBSD or #NetBSD
- has a keyboard
- can connect to Internet
- it works
- price is reasonable
- MNT Reform Pocket (if I will be super rich one day, then I will take entire stock)
- HP Jornada (especially 720, but availability is not great)
- Zaurus machines (availability is almost zero and might not fill condition "it works")
![[?]](https://files.mastodon.social/accounts/avatars/000/030/499/original/2bb90117774f85af.jpg)
The #OpenBSD Foundation's 2026 Fundraising Campaign pages are now live. The foundation raised $513,251 total in 2025. ☺️
The total smaller donations from the #OpenBSD community to the OpenBSD Foundation has already reached Iridium tier again for 2026 and it's only June! Very cool! 😎
https://www.openbsdfoundation.org/campaign2026.html
https://github.com/bob-beck/foundation-web/commit/1f8a54b
https://mastodon.social/@canadianbryan/116456574385228308
The #OpenBSD Foundation's 2026 Fundraising Campaign pages are now live. The foundation raised $513,251 total in 2025. ☺️
![[?]](https://media.bsd.network/accounts/avatars/000/002/222/original/3b0d179672e3b16e.png)
A new (alpha stage) release of IndieRunner is out, v0.3. IndieRunner is a "one-stop-shop" for launching a fairly large number of indie games on #OpenBSD with native binaries. A number of new engines and fixes to Godot module, as well as some general streamlining and code fixes.
https://github.com/IndieRunner/IndieRunner/releases/tag/v0.3
The list of compatible games keeps growing, at:
https://github.com/IndieRunner/IndieRunner/blob/main/share/Status-Tracker.md
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/624/951/211/230/919/original/24a7cba07c4e2534.png)
New disclosure: CL.TE HTTP request smuggling in OpenBSD relayd.
Latent in relay_http.c since 2012 (OpenBSD 5.2). The body was parsed as chunked but a co-present Content-Length header wasn't stripped before forwarding to backend, contrary to RFC 9112 §6.1.
Found by a targeted source-review pass against the RFC framing rules. Fixed in -current 2026-06-03 in a single commit.
https://stuart-thomas.com/research/relayd-cl-te-smuggling/
#infosec #OpenBSD #vulndisclosure
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/753/691/400/011/788/original/7decba5a2514dda4.png)
Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟲/𝟬𝟴 (Valuable News - 2026/06/08) available.
https://vermaden.wordpress.com/2026/06/08/valuable-news-2026-06-08/
Past releases: https://vermaden.wordpress.com/news/
#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday
![[?]](https://media.bsd.network/accounts/avatars/110/037/496/070/316/553/original/ded09a624a7ff99d.jpg)
🚨 Hotel Discount Expires 🚨
The block booking for the hotel is expiring soon!
https://2026.eurobsdcon.org/accomodation.html
If you were planning to book your hotel early now is your chance!
Hotel Barsey by Warwick
Louizalaan 381-383, 1050 Brussel
Located near the Flagey area, know for its restaurants and bars.
#RUNBSD #FreeBSD #NetBSD #OpenBSD #EuroBSDCon #EuroBSDCon2026 #BSD
Alt...
Cutout of the EuroBSDCon 2026 banner.
Comic like drawing.
First panel has a butler serving a nice Belgium beer. There are two speech bubbles. 1. ...we find this? 2. Etterbeek, Sir.
The second panel has Manneken Pis doing his thing.
![[?]](https://social.laylo.nl/fileserver/01BHP9JPTJA83YB53QNV9HF4N9/attachment/original/01K3R9R5DV7MCGM2K72CPMSCBE.png)
After thorough testing, we are in the process of upgrading our mailservers (plural) to the latest OpenBSD 7.9 snapshots.
This helps us to keep our clients safer. OpenSMTPD was already way ahead when it comes to exploit mitigations - especially on OpenBSD. The developers have taken it even further with splitting the daemon into six parts which all are now randomly relinked on reboot.
If that is too technical, the short version is: the mailboxes of our clients are now even better protected against baddies :)
#OpenSMTPD #OpenBSD #Mail #Security
Alt...
OpenSMTPD banner featuring a friendly Pufferfish (the OpenBSD mascot) dressed up as a mail delivery person, delivering letters to other fish
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/407/688/140/177/903/original/de6c43fbc2be3c55.jpg)
TIL that #OpenBSD's #pf doesn't whinge about using variables in CIDR notation:
wan_if="ixv0"
dmz_if="ixv1"
dmz_cidr="24"
pass in on $wan_if to ($dmz_if:network)/$dmz_cidr
I haven't tested to see if it does what I *intended*, but at least
$ pfctl -nvf test.pf
doesn't spew errors… 😆
(even if it feels kinda dirty)
![[?]](https://media.exquisite.social/exquisite/accounts/avatars/113/006/592/642/228/678/original/76471c04a44af244.png)
I discovered that #vdirsyncer has a successor, #pimsync https://pimsync.whynothugo.nl/index.html
I have yet to build it and try it on #OpenBSD but it seems like an easier tool to work with.
![[?]](https://media.exquisite.social/exquisite/accounts/avatars/109/491/199/486/260/631/original/fd8523256a635901.png)
[Nice! We have played a (minor) part into getting it ready for #OpenBSD, by giving the devs access to some compute - which resulted in a commit spree that I hadn't seen before.
They are incredibly kind, humble and knowledgeable.
![[?]](https://files.mastodon.social/accounts/avatars/111/353/140/540/749/247/original/b151d60377ae2be6.jpg)
![[?]](https://snac.bsd.cafe/passthejoe/s/avatar-3095aef94f222e1594810481e9365920.jpg){kind=avatar}
![[?]](https://media.hachyderm.io/accounts/avatars/110/492/347/627/948/632/original/8406f576d65296da.png)
Straight on, it looks like a sun. #openBSD
Alt...
OpenBSD logo in Bic pen
Alt...
OpenBSD logo in Bic pen
![[?]](https://media.exquisite.social/exquisite/accounts/avatars/110/400/867/009/423/093/original/2ef280e7a798256b.jpg)
Mastodon Update 
We have completed the update to Mastodon v4.5.11 which contains some security fixes. Protecting our community is paramount to us - so we'd rather not wait until the wee little hours.
![[?]](https://fe.upload.disroot.org/media/a425240a8f0cdc48308a95c9b243228f25e574b3b6f61c366346b78fe26c46f8.png)
I wrote this graphical wireless script for OpenBSD’s ifconfig(8) using xmessage(1) and xterm(1) for prompts in ksh(1) only using base utilities available on #OpenBSD:
https://codeberg.org/Izder456/utils/src/branch/main/scripts/wireless
(comes with a manual page if you make install it with the rest of the handy utilities i wrote in this project)
I mostly use pclean and readme in day to day use, but the rest are useful too!
