On Thu, Dec 22, 2011 at 04:04:48PM -0700, Charlie Martin wrote:
We've got another mystery panic in 7.2-PRE. Upgrading is not an option;
however, if this is familiar to anyone, backporting a patch would be.
The stack trace is:
db_trace_self_wrapper() at 0x8019120a =
On 23/12/2011 02:56, Garrett Cooper wrote:
On Dec 22, 2011, at 3:58 PM, Jeremy Chadwick free...@jdc.parodius.com wrote:
On Fri, Dec 23, 2011 at 12:44:14AM +0100, O. Hartmann wrote:
On 12/21/11 19:41, Alexander Leidinger wrote:
Hi,
while the discussion continued here, some work started at
On Thursday, December 22, 2011 6:58:46 pm Jeremy Chadwick wrote:
On Fri, Dec 23, 2011 at 12:44:14AM +0100, O. Hartmann wrote:
On 12/21/11 19:41, Alexander Leidinger wrote:
Hi,
while the discussion continued here, some work started at some other
place. Now... in case someone here is
On Fri, Dec 23, 2011 at 10:00:05AM -0500, John Baldwin wrote:
On Thursday, December 22, 2011 6:58:46 pm Jeremy Chadwick wrote:
On Fri, Dec 23, 2011 at 12:44:14AM +0100, O. Hartmann wrote:
On 12/21/11 19:41, Alexander Leidinger wrote:
Hi,
while the discussion continued here, some
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
I mean, couldn't this have waited and remained undisclosed until monday ?
I for one do *NOT* relish the idea of updating 50+ boxes this evening
and
On Friday, December 23, 2011 11:07:56 am Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
I mean, couldn't this have waited and remained undisclosed until monday ?
On 12/23/11 5:39 PM, John Baldwin wrote:
On Friday, December 23, 2011 11:07:56 am Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
I mean, couldn't this have waited and
So don't update until Monday? The outcome will be the same :)
Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
I mean, couldn't this have waited and remained undisclosed until
My point (which may or may not be valid) was that if the vulnerabilities
remained *undisclosed*, they would have a much lower chance of being
exploited.
On 12/23/11 5:47 PM, Joe Holden wrote:
So don't update until Monday? The outcome will be the same :)
Damien Fleuriot wrote:
Hey up list,
The serious one (telnetd) is already being exploited in the wild, and if
you're running telnetd anyway then you can always switch to ssh or acl
the port, either way it is a relative non-issue to ignore the update for
now...
Damien Fleuriot wrote:
My point (which may or may not be valid) was
On 12/23/11 5:50 PM, Stephen Montgomery-Smith wrote:
On 12/23/2011 10:07 AM, Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
After receiving the fifth security advisory
On 12/23/2011 11:07 AM, Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
The Security Officer explained it was because one of them was being
actively exploited.
On 12/23/11 5:54 PM, Bas Smeelen wrote:
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
What's the impact for your boxes?
Only the BIND exploit concerns me, means that *potentially* servers for
my projects
Some people (like me) already knew about the vulnerabilities. And
others are already exploiting some of these vulnerabilities.
Thanks,
Shawn Webb
On Fri, Dec 23, 2011 at 9:50 AM, Damien Fleuriot m...@my.gd wrote:
My point (which may or may not be valid) was that if the vulnerabilities
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
What's the impact for your boxes?
I mean, couldn't this have waited and remained undisclosed until monday ?
Best time to exploit is Christmas/holidays
I for one do
I happen to APPLAUD the FreeBSD Security team for doing this.
I WANT security fixes out as soon as reasonably possible. You're NOT
telling the bad guys anything they don't already know, but you ARE
making it possible for the good guys to raise shields.
A remote root problem is about as bad as
On 12/23/2011 10:07 AM, Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
After receiving the fifth security advisory in a few moments, you will
get a Christmas message from
On Fri, Dec 23, 2011 at 11:39 AM, John Baldwin j...@freebsd.org wrote:
On Friday, December 23, 2011 11:07:56 am Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
Thanks, jeremy!
On 12/22/2011 05:07 PM, Jeremy Chadwick wrote:
On Thu, Dec 22, 2011 at 04:04:48PM -0700, Charlie Martin wrote:
We've got another mystery panic in 7.2-PRE. Upgrading is not an
option; however, if this is familiar to anyone, backporting a patch
would be.
The stack trace is:
On 12/23/2011 10:56 AM, Mike Tancsa wrote:
Also, the chroot issue has been public for some time along with sample
exploits. Same with BIND which was fixed some time ago. Judgment call,
and I think they made the right call at least from my perspective.
It is this chroot issue that bothers me.
On topic, where do you guys subscribe to know of these vulns ahead of
their release on the ML ?
I'm subscribed to the BIND ML but I don't recall seeing an advisory
there ahead of today.
On 12/23/11 6:03 PM, Shawn Webb wrote:
Some people (like me) already knew about the vulnerabilities. And
On 12/23/11 16:24, Jeremy Chadwick wrote:
On Fri, Dec 23, 2011 at 10:00:05AM -0500, John Baldwin wrote:
On Thursday, December 22, 2011 6:58:46 pm Jeremy Chadwick wrote:
On Fri, Dec 23, 2011 at 12:44:14AM +0100, O. Hartmann wrote:
On 12/21/11 19:41, Alexander Leidinger wrote:
Hi,
while the
I usually hear about them from other people. I also subscribe to the
full-disclosure mailinglist.
On Fri, Dec 23, 2011 at 10:25 AM, Damien Fleuriot m...@my.gd wrote:
On topic, where do you guys subscribe to know of these vulns ahead of
their release on the ML ?
I'm subscribed to the BIND ML
These vulnerabilities are known many days before in other distributions .
Thank you very much .
Mehmet Erol Sanliturk
you're right, these were discussed on the mailinglists also
_but_ FreeBSD is not a distribution
It is *a complete operating system*
Happy holidays
Disclaimer:
On Fri, Dec 23, 2011 at 7:25 PM, Stephen Montgomery-Smith
step...@missouri.edu wrote:
On 12/23/2011 10:56 AM, Mike Tancsa wrote:
Also, the chroot issue has been public for some time along with sample
exploits. Same with BIND which was fixed some time ago. Judgment call,
and I think they made
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/23/11 11:53, Karl Denninger wrote:
I happen to APPLAUD the FreeBSD Security team for doing this.
I WANT security fixes out as soon as reasonably possible. You're NOT
telling the bad guys anything they don't already know, but you ARE
On topic, where do you guys subscribe to know of these vulns ahead of
their release on the ML ?
security, stable and questions
it has been discussed here and there
Disclaimer: http://www.ose.nl/email
___
freebsd-stable@freebsd.org mailing list
On 12/23/2011 12:25 PM, Stephen Montgomery-Smith wrote:
It is this chroot issue that bothers me. From my reading of the ftpd
man page, if I have anonymous ftp to my server, it seems that I am using
chroot with ftpd, and there is no way to stop this happening.
Am I correct, or have I
On 23/12/2011 17:25, Damien Fleuriot wrote:
I'm subscribed to the BIND ML but I don't recall seeing an advisory
there ahead of today.
The BIND vulnerability was discussed on bind-users last month, and
updates were pushed to the ports and RELENG_7 and RELENG_8 pretty much
straight away.
On Dec 23, 2011, at 11:25 AM, Stephen Montgomery-Smith wrote:
On 12/23/2011 10:56 AM, Mike Tancsa wrote:
Also, the chroot issue has been public for some time along with sample
exploits. Same with BIND which was fixed some time ago. Judgment call,
and I think they made the right call at
On Fri, Dec 23, 2011 at 7:55 PM, Mike Tancsa m...@sentex.net wrote:
On 12/23/2011 12:25 PM, Stephen Montgomery-Smith wrote:
It is this chroot issue that bothers me. From my reading of the ftpd
man page, if I have anonymous ftp to my server, it seems that I am using
chroot with ftpd, and
On 23/12/2011 18:05, George Kontostanos wrote:
Are all cvs mirror servers updated regarding these changes ?
ANYBODY
Should have by now. Commits usually take about an hour to propagate to
the official cvsup servers.
Easy enough to tell though -- the advisories have all the version
On Fri, Dec 23, 2011 at 8:40 PM, Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 23/12/2011 18:05, George Kontostanos wrote:
Are all cvs mirror servers updated regarding these changes ?
ANYBODY
Should have by now. Commits usually take about an hour to propagate to
the
Quoting Mike Tancsa m...@sentex.net:
On 12/23/2011 11:07 AM, Damien Fleuriot wrote:
Hey up list,
Look, just a rant here.
Who in *HELL* thought it would be a cool idea to release no less than
FOUR security advisories today ?
The Security Officer explained it was because one of them
On Fri, Dec 23, 2011 at 06:30:59PM +0100, Bas Smeelen wrote:
These vulnerabilities are known many days before in other distributions .
Thank you very much .
Mehmet Erol Sanliturk
you're right, these were discussed on the mailinglists also
_but_ FreeBSD is not a distribution
It is *a
On Thu, Dec 22, 2011 at 04:23:29PM -0800, Adrian Chadd wrote:
On 22 December 2011 11:47, Steve Kargl s...@troutmask.apl.washington.edu
wrote:
There is the additional observation in one of my 2008
emails (URLs have been posted) that if you have N+1
cpu-bound jobs with, say, job0 and job1
On Fri, Dec 23, 2011 at 9:06 PM, Lars Engels lars.eng...@0x20.net wrote:
On Fri, Dec 23, 2011 at 06:30:59PM +0100, Bas Smeelen wrote:
These vulnerabilities are known many days before in other distributions .
Thank you very much .
Mehmet Erol Sanliturk
you're right, these were discussed on
On Fri, Dec 23, 2011 at 2:06 PM, Lars Engels lars.eng...@0x20.net wrote:
On Fri, Dec 23, 2011 at 06:30:59PM +0100, Bas Smeelen wrote:
These vulnerabilities are known many days before in other distributions .
Thank you very much .
Mehmet Erol Sanliturk
you're right, these were discussed on
On 2011-Dec-23 20:06:10 +0100, Lars Engels lars.eng...@0x20.net wrote:
On Fri, Dec 23, 2011 at 06:30:59PM +0100, Bas Smeelen wrote:
_but_ FreeBSD is not a distribution
It is *a complete operating system*
Happy holidays
And the D in BSD is for? ;-)
FreeBSD is a complete operating system
On Fri, Dec 23, 2011 at 2:38 AM, Vincent Hoffman vi...@unsane.co.uk wrote:
On 23/12/2011 02:56, Garrett Cooper wrote:
On Dec 22, 2011, at 3:58 PM, Jeremy Chadwick free...@jdc.parodius.com
wrote:
On Fri, Dec 23, 2011 at 12:44:14AM +0100, O. Hartmann wrote:
On 12/21/11 19:41, Alexander
On Fri, Dec 23, 2011 at 08:55:35PM +0200, George Kontostanos wrote:
On Fri, Dec 23, 2011 at 8:40 PM, Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 23/12/2011 18:05, George Kontostanos wrote:
Are all cvs mirror servers updated regarding these changes ?
ANYBODY
Should
On Fri, Dec 23, 2011 at 10:48 PM, Gary Palmer gpal...@freebsd.org wrote:
On Fri, Dec 23, 2011 at 08:55:35PM +0200, George Kontostanos wrote:
On Fri, Dec 23, 2011 at 8:40 PM, Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 23/12/2011 18:05, George Kontostanos wrote:
Are all cvs
As others have mentioned, you don't _have_ to patch this weekend. All
of the vulnerabilities have been [semi-]public knowledge for at least
a week. What's the harm in waiting till next week? Just pretend like
the patches came in on Tuesday.
I, for one, am grateful that FreeBSD has provided
On Fri, Dec 23, 2011 at 11:45 PM, Shawn Webb latt...@gmail.com wrote:
As others have mentioned, you don't _have_ to patch this weekend. All
of the vulnerabilities have been [semi-]public knowledge for at least
a week. What's the harm in waiting till next week? Just pretend like
the patches
On 2011-Dec-23 23:40:10 +0200, George Kontostanos gkontos.m...@gmail.com
wrote:
In any case, and IMHO this was not the proper time for this kind of
advisories considering the fact that many companies are in a freeze
period.
My honeypot logs suggest that the black hats aren't taking a holiday.
As
In the course of looking at Jeremy's reponse to my query about a mystery
panic, I noted his recommendation that PRINTF_BUFR_SIZE be set to 256.
Ever-obedient, I went to set the value, and discovered instead that the
conf file already has it set to 4096.
As he says below, there are concerns
on 24/12/2011 00:21 Charlie Martin said the following:
In the course of looking at Jeremy's reponse to my query about a mystery
panic,
I noted his recommendation that PRINTF_BUFR_SIZE be set to 256.
Ever-obedient,
I went to set the value, and discovered instead that the conf file already
On Sat, Dec 24, 2011 at 12:02 AM, Peter Jeremy peterjer...@acm.org wrote:
On 2011-Dec-23 23:40:10 +0200, George Kontostanos gkontos.m...@gmail.com
wrote:
In any case, and IMHO this was not the proper time for this kind of
advisories considering the fact that many companies are in a freeze
On 23 December 2011 11:11, Steve Kargl s...@troutmask.apl.washington.edu
wrote:
Ah, so goods news! I cannot reproduce this problem that
I saw 3+ years ago on the 4-cpu node, which is currently
running a ULE kernel. When I killed the (N+1)th job,
the N remaining jobs are spread across the N
On Fri, Dec 23, 2011 at 03:21:06PM -0700, Charlie Martin wrote:
In the course of looking at Jeremy's reponse to my query about a
mystery panic, I noted his recommendation that PRINTF_BUFR_SIZE be
set to 256. Ever-obedient, I went to set the value, and discovered
instead that the conf file
Thanks, Jeremy, I really was trying to keep you from needing to dig this
out. This is inherited code with some very peculiar intermittent
panics, so you can imagine that I would be interested in specifics of
the odd behavior. Sadly, I don't think we're seeing any stack overflows.
On
on 24/12/2011 00:49 Adrian Chadd said the following:
Does ULE care (much) if the nodes are hyperthreading or real cores?
Would that play a part in what it tries to schedule/spread?
An answer to this part from the theory.
ULE does care about physical topology of the (logical) CPUs.
So, for
On Fri, Dec 23, 2011 at 02:49:51PM -0800, Adrian Chadd wrote:
On 23 December 2011 11:11, Steve Kargl s...@troutmask.apl.washington.edu
wrote:
One difference between the 2008 tests and today tests is
the number of available cpus. ?In 2008, I ran the tests
on a node with 8 cpus, while
On Fri, Dec 23, 2011 at 04:02:26PM -0700, Charlie Martin wrote:
Thanks, Jeremy, I really was trying to keep you from needing to dig
this out. This is inherited code with some very peculiar
intermittent panics, so you can imagine that I would be interested
in specifics of the odd behavior.
On 23/12/2011 20:23, Garrett Cooper wrote:
On Fri, Dec 23, 2011 at 2:38 AM, Vincent Hoffman vi...@unsane.co.uk wrote:
On 23/12/2011 02:56, Garrett Cooper wrote:
snip
There is a wiki page http://wiki.freebsd.org/SystemTuning which is
currently more or less tuning(7) with some annotations, the
55 matches
Mail list logo
