In this talk, we will present a project that aims at allowing controlled process credentials transitions without using setuid executables but instead leveraging FreeBSD's MAC framework.
Traditional credentials-changing programs, such as sudo(8), have a non-negligible attack surface as they often include a lot of infrequently used features and mechanisms that can be dangerous from a security...
The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our...
It's possible to do some 3d printing related things on an OpenBSD machine, but there are a bunch of popular tools that aren't available in the ports tree. We will talk about some of the different classes of software and what things are popular and whether they are currently available on OpenBSD and what the blockers are from getting those into the ports tree.
With security vulnerabilities [rapidly rising each year][1], program security is more important than ever. One solution to keeping your program from being the victim of the next big CVE is FreeBSD's Capsicum.
Originally developed at the University of Cambridge Computer Laboratory, Capsicum is a lightweight capability and sandbox framework built into the FreeBSD base system. It is designed...
Hardware-accelerated program tracing on FreeBSD
Hardware tracing facilities are designed to capture various metrics and information about software execution with a minimal performance overhead, making them a valuable tool for performance analyses and debugging. FreeBSD recently gained a new in-kernel framework for hardware-accelerated tracing technologies (hwt(8) [1]) with support for ARM64...
FreeBSD's audio subsystem, sound(4), is one of the fastest out there, but is rather unknown and until recently was largely unmaintained. This talk will go through the various components of sound(4) that make sound possible on FreeBSD, that is:
- The generic driver's structure, control flow and interaction with the device drivers.
- The audio processing chain.
- The user-facing interfaces...
A walkthrough of a packet's journey through (FreeBSD's) pf, concentrating on the big picture and its implications.
We'll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we'll cover what DTrace probes can show us, what some of pfctl's counters mean and just how many times pf can look at a single packet.
This talk is intended for firewall...
In a world ruled by expect(1) and TCL, we discuss an alternative that was developed based on scripting with lua instead. porch(1) was developed with a language already available and used in FreeBSD base in mind, with the aim of TTY testing via pts(4).
The overall aim of this project is to provide a simple subset of expect(1) functionality specifically aimed at developer and sysadmin...
One of the main things still missing in FreeBSD for it to be usable on modern laptops is the ability to go to sleep. In the past, this was done using ACPI S3, but newer laptops have removed this in favour of S0ix, leaving FreeBSD without support for suspend on those machines.
This talk aims to get the casual user familiar enough with the terms and concepts behind power management, such that...
