Re: Cannot compile the Tiny C Compiler
Hi Christian, It needs gmake, not make, which on BSDs is not the same. The README had a note about it *under* the build commands you tried to run: “Notes: For OSX and FreeBSD, gmake should be used instead of make” This happens a lot to me, too, where the information I need is further down in the docs. Typically need to follow the FreeBSD instructions, although not every time. Just be on the lookout for FreeBSD instructions. Good luck, Ben > On Jan 22, 2022, at 9:27 AM, Christian Groessler wrote: > > On 1/22/22 18:18, rem...@tutanota.com wrote: >> Hi everyone! I'm trying out DragonFlyBSD for the first time and I just went >> to compile >> the Tiny C compiler from its official repository and I'm getting errors when >> trying to >> use `Make` to compile it. The command I'm trying is `make -j6` and I'm >> getting a big error >> log but most lines are the same. The errors are the following: >> `Invalid line type` >> `warning: duplication script for target "ifneq" ignored` >> `warning: using previous script for "ifneq" defined here` >> I thought that it may not support DragonFlyBSD as it is not listed in the >> official supported >> Operating Systems but a number of other BSDs are supported including FreeBSD >> so I don't >> know why it should not work on DragonFlyBSD. For anyone that wants to try >> out, the link for >> the source is: https://repo.or.cz/tinycc.git > > > In the README there: > > Notes: For FreeBSD, NetBSD and OpenBSD, gmake should be used instead of > make. > > > You need to use GNU make. > > regards, > chris
Re: ASLR and PIE disabled by default
Hi Carsten, To be fair, their solution allows you to use pledge for source, and vmm for binary. One issue with binary is not *really* knowing what kind of access it should have, not just for security, but also for functionality. It kinda makes sense. Cheers, Ben > On Apr 3, 2017, at 6:34 PM, Carsten Mattnerwrote: > > There's also the consideration that software we have to be most > careful with is those where we cannot modify the source because we'd > have to patch the binary of a closed source application. This is why I > find it perplexing that OpenBSD just removed their old systrace > AppArmor equivalent. > > One thing OpenBSD gets right is marketing. They used to lament the > security implications and uselessness of virtualization only to > implement vmm. They also used to be vocal about clang not being a > viable choice but in light of other alternatives for AARCH64 are on > their way of incorporating it into base. I'm not saying this to > complain about OpenBSD but merely to make the point that investing in > pledge(2) is a hard sell to me personally given their track record. It > doesn't confine binaries and I have a feeling they might replace it in > 4 years, so I'm wary of carrying an #ifdef path in my own code. > With their great marketing, everybody talks about LibreSSL or > pledge(2). Projects can learn from their PR tactics. Capsicum > exists for Linux, FreeBSD, DragonflyBSD, so I'm more open to > the idea of accepting a patch from the FreeBSD ports tree upstream > in my projects' main branches. > > If I had to guess I'd say they will reimplement something like > firejail/systrace as an extension of pledge that doesn't require > patching the source and then use it as an opt-out mechanism where > you have to whitelist your favorite personal application to have free > reign over the machine. Whatever you do, you will inevitably run > into the same design considerations that are well travelled and > can be inspected in SELinux and more radical capability based > kernels. I am of the opinion that security can only work > reasonably if mechanisms are opt-out like grsecurity's > flag to allow JIT binaries. This allows monitoring as well > as knowing your likely open doors for intruders.
Re: What are the difference between the security of HardenedBSD and security of DragonflyBSD?
I suggest searching for the difference between HardenedBSD and FreeBSD (on which I presume it is based), and then see what the status of each of those is in DragonFly. That might lead to a fruitful discussion of which is desired in DragonFly. Plus, if you want to see some features be adopted across the BSDs, then increasing the number of BSDs with each feature seems to help. The first step is visibility into differences that are important to users. > On Nov 7, 2016, at 11:52 AM, Renato dos Santoswrote: > > Do you searched before asking? > > > -- > > Renato dos Santos > > 2016-11-07 16:41 GMT-02:00 SOUL_OF_ROOT 55 : >> What are the difference between the security of HardenedBSD and security of >> DragonflyBSD? >
Re: Traffic accounting per port
I have used ntop for similar things. Check that out? > On Apr 5, 2016, at 8:28 AM, Konrad Neuwirthwrote: > > Hello, > > I was not able to figure out something from the documentation for myself yet > again. We need to monitor traffic on a server by port and IP number, ideally > in a way that can quickly be graphed. What are the steps required to set that > up? > > Thank you kindly, > Konrad
ifconfig tun0 create
Hi users, I have a GENERIC kernel: DragonFly thinkpad 3.7-DEVELOPMENT DragonFly 5afb5bd-DEVELOPMENT #2: Tue Apr 8 19:04:02 PDT 2014 ben@thinkpad:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64 I have if_tun in the kernel. [root@thinkpad /etc]# kldload if_tun kldload: can't load if_tun: module already loaded or in kernel I try to create a tun device: [root@thinkpad /etc]# ifconfig tun0 create ifconfig: SIOCIFCREATE2: Invalid argument [root@thinkpad /etc]# ifconfig tun create ifconfig: SIOCIFCREATE2: Invalid argument [root@thinkpad /etc]# However, I can create a gif and a tap device just fine. I can do `ifconfig tun0 create` on a pfsense (FreeBSD) firewall just fine. There is a device not configured error in the attached kdump output. Am I missing a step? I have not done this kind of thing before. I would just like to try an ssh -w VPN, and I believe I am following what the tutorials are saying to use for any other BSD system, and I have not found anything in the man pages, or in the rc subroutines that indicate some other method. Thank you, Ben 4013 ktrace RET ktrace 0 4013 ktrace CALL execve(0x7fffed90,0x7350,0x7370) 4013 ktrace NAMI /sbin/ifconfig 4013 ifconfig RET execve 0 4013 ifconfig CALL break(0x6f48c0) 4013 ifconfig RET break 0 4013 ifconfig CALL set_tls_area(0,0x7510,0x10) 4013 ifconfig RET set_tls_area 0 4013 ifconfig CALL set_tls_area(0,0x7550,0x10) 4013 ifconfig RET set_tls_area 0 4013 ifconfig CALL mmap(0,0x8,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,0x,0,0) 4013 ifconfig RET mmap 7159808/0x6d4000 4013 ifconfig CALL munmap(0x8006e,0x74000) 4013 ifconfig RET munmap 0 4013 ifconfig CALL mmap(0,0x8,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,0x,0,0) 4013 ifconfig RET mmap 7208960/0x6e 4013 ifconfig CALL munmap(0x8006d4000,0xc000) 4013 ifconfig RET munmap 0 4013 ifconfig CALL issetugid 4013 ifconfig RET issetugid 0 4013 ifconfig CALL kldnext(0) 4013 ifconfig RET kldnext 1 4013 ifconfig CALL kldfirstmod(0x1) 4013 ifconfig RET kldfirstmod 22/0x16 4013 ifconfig CALL modstat(0x16,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x16) 4013 ifconfig RET modfnext 23/0x17 4013 ifconfig CALL modstat(0x17,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x17) 4013 ifconfig RET modfnext 24/0x18 4013 ifconfig CALL modstat(0x18,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x18) 4013 ifconfig RET modfnext 25/0x19 4013 ifconfig CALL modstat(0x19,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x19) 4013 ifconfig RET modfnext 26/0x1a 4013 ifconfig CALL modstat(0x1a,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x1a) 4013 ifconfig RET modfnext 27/0x1b 4013 ifconfig CALL modstat(0x1b,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x1b) 4013 ifconfig RET modfnext 28/0x1c 4013 ifconfig CALL modstat(0x1c,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x1c) 4013 ifconfig RET modfnext 29/0x1d 4013 ifconfig CALL modstat(0x1d,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x1d) 4013 ifconfig RET modfnext 30/0x1e 4013 ifconfig CALL modstat(0x1e,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x1e) 4013 ifconfig RET modfnext 31/0x1f 4013 ifconfig CALL modstat(0x1f,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x1f) 4013 ifconfig RET modfnext 32/0x20 4013 ifconfig CALL modstat(0x20,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x20) 4013 ifconfig RET modfnext 33/0x21 4013 ifconfig CALL modstat(0x21,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x21) 4013 ifconfig RET modfnext 34/0x22 4013 ifconfig CALL modstat(0x22,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x22) 4013 ifconfig RET modfnext 35/0x23 4013 ifconfig CALL modstat(0x23,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x23) 4013 ifconfig RET modfnext 36/0x24 4013 ifconfig CALL modstat(0x24,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x24) 4013 ifconfig RET modfnext 37/0x25 4013 ifconfig CALL modstat(0x25,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x25) 4013 ifconfig RET modfnext 38/0x26 4013 ifconfig CALL modstat(0x26,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x26) 4013 ifconfig RET modfnext 39/0x27 4013 ifconfig CALL modstat(0x27,0x7fffec50) 4013 ifconfig RET modstat 0 4013 ifconfig CALL modfnext(0x27) 4013 ifconfig RET modfnext 40/0x28 4013 ifconfig CALL modstat(0x28,0x7fffec50) 4013 ifconfig RET modstat