Security: sudo
A (potentially malicious) program run by a user with sudo access may be able to bypass the “tty_ticket” constraints. In order for this to succeed there must exist on the machine a terminal device that...
View ArticleSecurity: PERL
Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically...
View ArticleSecurity: puppet
Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and...
View ArticleHow to compile a FreeBSD kernel/module
This afternoon i had some problems when i wanted to add a network kernel driver to my Raspberry PI (using FreeBSD 10.0 -current). When i ask some ideas to FreeBSD ARM list, i have learnt how to compile...
View ArticleNRPE sensors for OpenBGPd
BGP is a sensible process/protocol. We must monitor it very finely For efficient monitoring on bgpd, there are some NRPE sensors. Prérequisites For monitor bgpd, we must allow _nrpe user to use bgpctl...
View ArticleContribute to FreeBSD port Tree
Following a recent need (on owncloud port), i want to update the FreeBSD port in the tree. Here we take owncloud example When we look on google, that seems not to be simple but, it’s weak ! Diff...
View ArticleClik here to view.
IPv4/IPv6 performances comparison
Following our recent BGPv4 peering on Renater (french network for research and universities), and our demand on IPv6, i have done a little performance benchmark. I would share you the results....
View ArticleFreeBSD: nfs remote DoS
A security hole is present on FreeBSD NFS implementation. Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory....
View ArticleManage DragonFlyBSD dports
Introduction DragonFlyBSD was based on NetBSD’s pkgsrc. Since DragonFlyBSD 3.4, FreeBSD port tree has been ported to DragonFly, and renamed it dports. Ports tree The ports tree containt all softwares....
View ArticleClik here to view.
Comparative benchmark: PostgreSQL 9.1
This afternoon i want to test DragonFly dports. Then i got an idea, why not compare PostgreSQL performances between BSD and Linux ? I have done a little benchmark to see the performances gap between...
View ArticleR&D: OpenOSPF improvements
Because we are installing a new intersite link, with new border routers (BGP+OSPF) on OpenBSD, i have realized that OpenOSPF has some technical limitations. Indeed my routers to distribute routes via...
View ArticleClik here to view.
Tip: install and use samba4 on a ZFS volume
A little article which can save you Samba needs ACLs support. With samba 3.5-3.6 it’s possible to ignore this, but with samba4 it’s quite difficult. When you have installed samba4, you would see that...
View ArticleSecurity: mod_security
When ModSecurity receives a request body with a size bigger than the value set by the “SecRequestBodyInMemoryLimit” and with a “Content-Type” that has no request body processor mapped to it,...
View ArticleSécurité: puppet
When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the...
View ArticleSecurity: PHPMyAdmin
The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged...
View ArticleOpenOSPF6d patch: routing priority and breaking routing loops
Hi all, Here is a patch to add two new functions to OpenOSPF6d. The first function is the new keyword fib-routing-priority. This keyword allows to choose a custom routing priority. this function is...
View ArticleHow to resolve “tar: Unrecognized archive format” on FreeBSD < 8.3
On recent FreeBSD, the tar binary has been replaced by bsdtar util. On old FreeBSD’s (8.2, 7.2 and more), the classic tar util is used. The problem is simple, tar cannot open lzma archives. To resolve...
View ArticleSecurity: puppet
By using the `resource_type` service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node’s file system. While this behavior is not enabled by default, `auth.conf`...
View Article