[20060829]
|
Catching up
There were a number of interesting items in the past week or so
that I didn't manage to put here so far. Instead of putting them
into seperate entries, I'll take the liberty to assemble them
into one entry here:
- The Newsforge article
"Which distro should I choose?"
refers us to a
Comparison between NetBSD and OpenBSD,
the website apparently allows other comparisons.
- Parallels
is a
``powerful, easy to use, cost effective desktop virtualization solution that empowers PC users with the ability to create completely networked, fully portable, entirely independent virtual machines on a single physical machine.''
In other words "something like VMware".
In contrast to the leading(?) product in that area,
Parallels supports NetBSD as guest OS officially.
- PC-98
is a PC-like computer from NEC that has a Intel CPU and that was
only sold in Japan. Due to some subtle differences from
the "original" (IBMesque) PC architecture, it can't run
NetBSD/i386 and was so far supported e.g. by FreeBSD/PC98.
Now, Kiyohara Takashi has made patches and a floppy image
available for a NetBSD/pc98 port - see
Kiyohara's mail to tech-kern for more details,
and also some discussion about further abstraction of the
current x86 architecture to support machines with Intel
CPUs that can't run NetBSD/i386.
- Staying on the technical side, David Young has a need to tunnel
packets through consumer-grade (and consumer-intelligence)
devices, which are unlikely to cope with anything outside of
the IP protocol. As such, he has posted patches to
tunnel gre(4) over UDP.
Now let's hope this works as a foundation for
Teredo (tunneling IPv6 over UDP)... :-)
- Verified Exec
is a security subsystem inside NetBSD that verified
fingerprints of binaries before loading them. This prevents
binaries from being changed unnoticed, e.g. by trojan horses.
Now when NetBSD runs such a system and memory becomes tight,
only the process' data is paged to disk, the executables text
is simply discarded with the assumption that it can be paged
in from the disk again when needed.
Of course this assumes that the binary won't change, which
may not be true in a networked scenario with NFS or a
disk on a fiber channel SAN that may be beyond control of the
local system administrator. To prevent attacks of this kind,
Brett Lymn has worked to generate per-page fingerprints that
are kept in memory even when the executable pages are freed,
for later verification when they are paged in from storage
again.
The code is currently under review and available as a patch
set - see
Brett's mail to tech-kern
for all the details!
- While talking about security subsystems, Elad Efrat, who also
worked on veriexec previously continued his work to factor out
authentication inside the kernel: After introducing the
kauth(9)
framework and replacing all manual checks for
"am I running as root" or "does the current secure level allow
this operating" with calls to it, the next step is to
seperate the the place where those calls are made from
a back-end implementation that will determine what is allowed
and what is not, who is privileged and what is not, etc.
While these questions are traditionally answered via special
user ids (0, root), group membership or secure levels,
other methods like capability databases could be imagined.
Elad has been working along these lines, and he has posted
the next step in his work, outlining the upcoming
security model abstraction - see
Elad's mail to tech-security
for details & code references.
- NetBSD 3.1 is around the corner, which will be an update to
NetBSD 3.0 with lots of bugfixes and some minor feature enhancements
like new drivers and also support for Xen 3 DomainU.
There's a
NetBSD 3.1 Release Candidate 1
available - be sure to have a look!
- FWIW, I've also updated the
overview of NetBSD release branches
a few days ago, as I still see a lot of people that are
confused over NetBSD's three lines of release branches
(well, counting the development branch NetBSD-current as release
branch :), and the differences between what a branch and what
a release is.
With NetBSD 3.0, 3.0.1 and 3.1 this sure makes my little head spin...
- But there's more than NetBSD 3.x! If you've watched the above
link, you will understand that the next release after the
NetBSD 3.x set of releases is NetBSD 4.x.
The release cycle for NetBSD 4.0 has started a few days
ago, and there's also
an announcement about the start of the NetBSD 4.0 release process
by the NetBSD 4.0 release engineer Jef Rizzo which has information
on schedule, how YOU can help and getting beta binaries and sources.
- The working period of the Google Summer of Code is over, and
while mentors are still evaluating the code submitted by students,
there are some public status reports:
Alwe MainD'argent about the status of the 'ipsec6' project
and
Sumantra Kundu about the 'congest' project
- Sysjail 1.0 has been released!
Includes some interesting
overhead benchmarks.
- As reported in the #NetBSD Community Blog,
an alpha version of
sBSD
was released: It's a NetBSD-based system for easy installation
on USB sticks and CF cards.
So much for now. Enjoy!
[Tags: Articles, google-soc, gre, kauth, networking, openbsd, parallels, pc98, releases, sbsd, Security, sysjail, veriexec, vmware]
|
|