Re: Cannot compile the Tiny C Compiler

[Ben Woolley]

Hi Christian,

It needs gmake, not make, which on BSDs is not the same. The README had a note 
about it *under* the build commands you tried to run:

“Notes: For OSX and FreeBSD, gmake should be used instead of make”

This happens a lot to me, too, where the information I need is further down in 
the docs. 

Typically need to follow the FreeBSD instructions, although not every time. 
Just be on the lookout for FreeBSD instructions.

Good luck,

Ben

> On Jan 22, 2022, at 9:27 AM, Christian Groessler  wrote:
> 
> On 1/22/22 18:18, rem...@tutanota.com wrote:
>> Hi everyone! I'm trying out DragonFlyBSD for the first time and I just went 
>> to compile
>> the Tiny C compiler from its official repository and I'm getting errors when 
>> trying to
>> use `Make` to compile it. The command I'm trying is `make -j6` and I'm 
>> getting a big error
>> log but most lines are the same. The errors are the following:
>> `Invalid line type`
>> `warning: duplication script for target "ifneq" ignored`
>> `warning: using previous script for "ifneq" defined here`
>> I thought that it may not support DragonFlyBSD as it is not listed in the 
>> official supported
>> Operating Systems but a number of other BSDs are supported including FreeBSD 
>> so I don't
>> know why it should not work on DragonFlyBSD. For anyone that wants to try 
>> out, the link for
>> the source is: https://repo.or.cz/tinycc.git
> 
> 
> In the README there:
> 
>   Notes: For FreeBSD, NetBSD and OpenBSD, gmake should be used instead of 
> make.
> 
> 
> You need to use GNU make.
> 
> regards,
> chris

Re: ASLR and PIE disabled by default

[Ben Woolley]

Hi Carsten,

To be fair, their solution allows you to use pledge for source, and vmm for 
binary. One issue with binary is not *really* knowing what kind of access it 
should have, not just for security, but also for functionality. It kinda makes 
sense. 

Cheers,

Ben

> On Apr 3, 2017, at 6:34 PM, Carsten Mattner  wrote:
> 
> There's also the consideration that software we have to be most
> careful with is those where we cannot modify the source because we'd
> have to patch the binary of a closed source application. This is why I
> find it perplexing that OpenBSD just removed their old systrace
> AppArmor equivalent.
> 
> One thing OpenBSD gets right is marketing. They used to lament the
> security implications and uselessness of virtualization only to
> implement vmm. They also used to be vocal about clang not being a
> viable choice but in light of other alternatives for AARCH64 are on
> their way of incorporating it into base. I'm not saying this to
> complain about OpenBSD but merely to make the point that investing in
> pledge(2) is a hard sell to me personally given their track record. It
> doesn't confine binaries and I have a feeling they might replace it in
> 4 years, so I'm wary of carrying an #ifdef path in my own code.
> With their great marketing, everybody talks about LibreSSL or
> pledge(2). Projects can learn from their PR tactics. Capsicum
> exists for Linux, FreeBSD, DragonflyBSD, so I'm more open to
> the idea of accepting a patch from the FreeBSD ports tree upstream
> in my projects' main branches.
> 
> If I had to guess I'd say they will reimplement something like
> firejail/systrace as an extension of pledge that doesn't require
> patching the source and then use it as an opt-out mechanism where
> you have to whitelist your favorite personal application to have free
> reign over the machine. Whatever you do, you will inevitably run
> into the same design considerations that are well travelled and
> can be inspected in SELinux and more radical capability based
> kernels. I am of the opinion that security can only work
> reasonably if mechanisms are opt-out like grsecurity's
> flag to allow JIT binaries. This allows monitoring as well
> as knowing your likely open doors for intruders.

Re: What are the difference between the security of HardenedBSD and security of DragonflyBSD?

[Ben Woolley]

I suggest searching for the difference between HardenedBSD and FreeBSD (on 
which I presume it is based), and then see what the status of each of those is 
in DragonFly. 

That might lead to a fruitful discussion of which is desired in DragonFly. 
Plus, if you want to see some features be adopted across the BSDs, then 
increasing the number of BSDs with each feature seems to help. The first step 
is visibility into differences that are important to users. 

> On Nov 7, 2016, at 11:52 AM, Renato dos Santos  wrote:
> 
> Do you searched before asking?
> 
> 
> --
> 
> Renato dos Santos
> 
> 2016-11-07 16:41 GMT-02:00 SOUL_OF_ROOT 55 :
>> What are the difference between the security of HardenedBSD and security of 
>> DragonflyBSD?
> 

Re: Traffic accounting per port

[Ben Woolley]

I have used ntop for similar things. Check that out?

> On Apr 5, 2016, at 8:28 AM, Konrad Neuwirth  wrote:
> 
> Hello, 
> 
> I was not able to figure out something from the documentation for myself yet 
> again. We need to monitor traffic on a server by port and IP number, ideally 
> in a way that can quickly be graphed. What are the steps required to set that 
> up? 
> 
> Thank you kindly,
> Konrad

ifconfig tun0 create

[Ben Woolley]

Hi users,

I have a GENERIC kernel:
DragonFly thinkpad 3.7-DEVELOPMENT DragonFly 5afb5bd-DEVELOPMENT #2: Tue
Apr  8 19:04:02 PDT 2014 ben@thinkpad:/usr/obj/usr/src/sys/X86_64_GENERIC
x86_64

I have if_tun in the kernel.
[root@thinkpad /etc]# kldload if_tun
kldload: can't load if_tun: module already loaded or in kernel

I try to create a tun device:
[root@thinkpad /etc]# ifconfig tun0 create
ifconfig: SIOCIFCREATE2: Invalid argument
[root@thinkpad /etc]# ifconfig tun create
ifconfig: SIOCIFCREATE2: Invalid argument
[root@thinkpad /etc]#

However, I can create a gif and a tap device just fine. I can do `ifconfig
tun0 create` on a pfsense (FreeBSD) firewall just fine.

There is a device not configured error in the attached kdump output.

Am I missing a step? I have not done this kind of thing before. I would
just like to try an ssh -w VPN, and I believe I am following what the
tutorials are saying to use for any other BSD system, and I have not found
anything in the man pages, or in the rc subroutines that indicate some
other method.

Thank you,

Ben
 4013 ktrace   RET   ktrace 0
 4013 ktrace   CALL  execve(0x7fffed90,0x7350,0x7370)
 4013 ktrace   NAMI  /sbin/ifconfig
 4013 ifconfig RET   execve 0
 4013 ifconfig CALL  break(0x6f48c0)
 4013 ifconfig RET   break 0
 4013 ifconfig CALL  set_tls_area(0,0x7510,0x10)
 4013 ifconfig RET   set_tls_area 0
 4013 ifconfig CALL  set_tls_area(0,0x7550,0x10)
 4013 ifconfig RET   set_tls_area 0
 4013 ifconfig CALL  
mmap(0,0x8,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,0x,0,0)
 4013 ifconfig RET   mmap 7159808/0x6d4000
 4013 ifconfig CALL  munmap(0x8006e,0x74000)
 4013 ifconfig RET   munmap 0
 4013 ifconfig CALL  
mmap(0,0x8,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,0x,0,0)
 4013 ifconfig RET   mmap 7208960/0x6e
 4013 ifconfig CALL  munmap(0x8006d4000,0xc000)
 4013 ifconfig RET   munmap 0
 4013 ifconfig CALL  issetugid
 4013 ifconfig RET   issetugid 0
 4013 ifconfig CALL  kldnext(0)
 4013 ifconfig RET   kldnext 1
 4013 ifconfig CALL  kldfirstmod(0x1)
 4013 ifconfig RET   kldfirstmod 22/0x16
 4013 ifconfig CALL  modstat(0x16,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x16)
 4013 ifconfig RET   modfnext 23/0x17
 4013 ifconfig CALL  modstat(0x17,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x17)
 4013 ifconfig RET   modfnext 24/0x18
 4013 ifconfig CALL  modstat(0x18,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x18)
 4013 ifconfig RET   modfnext 25/0x19
 4013 ifconfig CALL  modstat(0x19,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x19)
 4013 ifconfig RET   modfnext 26/0x1a
 4013 ifconfig CALL  modstat(0x1a,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x1a)
 4013 ifconfig RET   modfnext 27/0x1b
 4013 ifconfig CALL  modstat(0x1b,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x1b)
 4013 ifconfig RET   modfnext 28/0x1c
 4013 ifconfig CALL  modstat(0x1c,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x1c)
 4013 ifconfig RET   modfnext 29/0x1d
 4013 ifconfig CALL  modstat(0x1d,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x1d)
 4013 ifconfig RET   modfnext 30/0x1e
 4013 ifconfig CALL  modstat(0x1e,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x1e)
 4013 ifconfig RET   modfnext 31/0x1f
 4013 ifconfig CALL  modstat(0x1f,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x1f)
 4013 ifconfig RET   modfnext 32/0x20
 4013 ifconfig CALL  modstat(0x20,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x20)
 4013 ifconfig RET   modfnext 33/0x21
 4013 ifconfig CALL  modstat(0x21,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x21)
 4013 ifconfig RET   modfnext 34/0x22
 4013 ifconfig CALL  modstat(0x22,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x22)
 4013 ifconfig RET   modfnext 35/0x23
 4013 ifconfig CALL  modstat(0x23,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x23)
 4013 ifconfig RET   modfnext 36/0x24
 4013 ifconfig CALL  modstat(0x24,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x24)
 4013 ifconfig RET   modfnext 37/0x25
 4013 ifconfig CALL  modstat(0x25,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x25)
 4013 ifconfig RET   modfnext 38/0x26
 4013 ifconfig CALL  modstat(0x26,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x26)
 4013 ifconfig RET   modfnext 39/0x27
 4013 ifconfig CALL  modstat(0x27,0x7fffec50)
 4013 ifconfig RET   modstat 0
 4013 ifconfig CALL  modfnext(0x27)
 4013 ifconfig RET   modfnext 40/0x28
 4013 ifconfig CALL  modstat(0x28,0x7fffec50)
 4013 ifconfig RET   modstat