FreeBSD About Blog

FreeBSD today released a core (kernel) patched to plug "arc4random predictable sequence vulnerability" security hole in its operating systems version 6.x and 7.x stable release. When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator. All security-related kernel subsystems that rely on a quality random number generator are subject to a wide range of possible attacks. This update has been rated as having important security impact.

More about arc4random

arc4random(9) is a generic-purpose random number generator based on the key stream generator of the RC4 cipher. It is expected to be cryptographically strong, and used throughout the FreeBSD kernel for a variety of purposes, some of which rely on its cryptographic strength. arc4random(9) (more…)

Renai LeMay, ZDNet Australia

A project to bring one of the most advanced features of Sun Microsystems’ Solaris operating system to the FreeBSD platform has started bearing fruit.

Sun’s Dynamic Tracing (DTrace) tool provides advanced performance analysis and debugging features, primarily for server software. Work began porting the tool to FreeBSD after DTrace was released under an open source licence last year.