498: Dropping Privileges
BSD Now
English - March 16, 2023 07:00 - 42 minutes - 39.3 MB - ★★★★★ - 86 ratingsTech News News Education How To berkeley freebsd openbsd netbsd dragonflybsd trueos trident hardenedbsd tutorial howto Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
OpenZFS auditing for storage Performance, Privilege drop; privilege separation; and restricted-service operating mode in OpenBSD, OPNsense 23.1.1 release, Cloning a System with Ansible, FOSDEM 2023, BSDCan 2023 Travel Grants
NOTES
This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow)
Headlines
OpenZFS auditing for storage Performance (https://klarasystems.com/articles/openzfs-auditing-for-storage-performance/)
Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD (https://sha256.net/privsep.html)
News Roundup
OPNsense 23.1.1 released (https://forum.opnsense.org/index.php?topic=32484.0)
Cloning a System with Ansible (https://kernelpanic.life/software/cloning-a-system-with-ansible.html)
FOSDEM 2023 (http://blog.netbsd.org/tnf/entry/fosdem_2023)
BSDCan 2023 Travel Grant Application Now Open (https://freebsdfoundation.org/blog/bsdcan-2023-travel-grant-application-now-open/)
The Undeadly Bits
Game of Trees milestone (http://undeadly.org/cgi?action=article;sid=20230120073530)
Game of Trees Daemon - video and slides (May make the older game of trees obsolete) (http://undeadly.org/cgi?action=article;sid=20230210065830)
amd64 execute-only committed to -current (http://undeadly.org/cgi?action=article;sid=20230121125423)
Using /bin/eject with USB flash drives (http://undeadly.org/cgi?action=article;sid=20230214061952)
Tunneling vxlan(4) over WireGuard wg(4) (http://undeadly.org/cgi?action=article;sid=20230214061330)
Console screendumps (http://undeadly.org/cgi?action=article;sid=20230128183032)
Execute-only status report (http://undeadly.org/cgi?action=article;sid=20230130061324)
OpenBSD in Canada (http://undeadly.org/cgi?action=article;sid=20230226065006)
Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD (http://undeadly.org/cgi?action=article;sid=20230219234206)
Theo de Raadt on pinsyscall(2) (http://undeadly.org/cgi?action=article;sid=20230222064027)
Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Feedback/Questions
Kevin - PLUG (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/498/feedback/Kevin%20-%20PLUG.md)
Luna - FOSDEM (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/498/feedback/Luna%20-%20FOSDEM.md)
***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected] (mailto:[email protected])
***
OpenZFS auditing for storage Performance, Privilege drop; privilege separation; and restricted-service operating mode in OpenBSD, OPNsense 23.1.1 release, Cloning a System with Ansible, FOSDEM 2023, BSDCan 2023 Travel Grants
NOTES
This episode of BSDNow is brought to you by Tarsnap and the BSDNow Patreon
Headlines
OpenZFS auditing for storage Performance
Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD
News Roundup
BSDCan 2023 Travel Grant Application Now Open
The Undeadly Bits
Game of Trees milestone
Game of Trees Daemon - video and slides (May make the older game of trees obsolete)
amd64 execute-only committed to -current
Using /bin/eject with USB flash drives
Tunneling vxlan(4) over WireGuard wg(4)
Console screendumps
Execute-only status report
OpenBSD in Canada
Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD
Theo de Raadt on pinsyscall(2)
Tarsnap
This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
Feedback/Questions
Kevin - PLUG
Luna - FOSDEM
***
Send questions, comments, show ideas/topics, or stories you want mentioned on the show to [email protected]
***