DTrace Issues

Hey FreeBSD Stable, I'm having issues printing out the curpsinfo-pr_psargs. Has anyone had any success printing out the arguments passed to a program? Below is the log of what happens when I run my script the source for my script. [root@fbsd-sec ~/dtrace/security]# ./log_exec.d 80 dtrace: buffer

Re: DTrace Issues

Thanks. That's what I'm running into. I've partially fixed walltimestamp. I have walltimestamp in kernel returning to dtrace userland the seconds since epoch. With my patch, dtrace userland shows the value fine if printed with %d, but not with %Y. I'll be moving onto squashing the curpsinfo bug

Re: What about network virtualization for jails?

Yes. You can use VIMAGE/vnet with jails. In fact, I just blogged about how to set it up: http://0xfeedface.org/blog/2011-11-21/lattera/freebsd-vnet-jail-admin-project I'm also writing a php project that will help administer FreeBSD jails: https://github.com/lattera/jailadmin Thanks, Shawn On

Re: What about network virtualization for jails?

accept patches if another use-case needs to be addressed. Thanks, Shawn On Fri, Nov 25, 2011 at 1:32 PM, Denny Schierz linuxm...@4lin.net wrote: hi Shawn, Am 25.11.2011 um 16:54 schrieb Shawn Webb: Yes. You can use VIMAGE/vnet with jails. In fact, I just blogged about how to set it up: http

Re: FLAME - security advisories on the 23rd ? uncool idea is uncool

Some people (like me) already knew about the vulnerabilities. And others are already exploiting some of these vulnerabilities. Thanks, Shawn Webb On Fri, Dec 23, 2011 at 9:50 AM, Damien Fleuriot m...@my.gd wrote: My point (which may or may not be valid) was that if the vulnerabilities

Re: Goo lists to subscribe to hear quickly about vulns ? ( was: Re: FLAME - security advisories on the 23rd ? uncool idea is uncool)

but I don't recall seeing an advisory there ahead of today. On 12/23/11 6:03 PM, Shawn Webb wrote: Some people (like me) already knew about the vulnerabilities. And others are already exploiting some of these vulnerabilities. Thanks, Shawn Webb On Fri, Dec 23, 2011 at 9:50 AM, Damien

Re: FLAME - security advisories on the 23rd ? uncool idea is uncool

As others have mentioned, you don't _have_ to patch this weekend. All of the vulnerabilities have been [semi-]public knowledge for at least a week. What's the harm in waiting till next week? Just pretend like the patches came in on Tuesday. I, for one, am grateful that FreeBSD has provided

Certain Registers in amd64 Unavailable to Developers

Hey stable@, First off, I'm not too sure if this is the right mailing list (maybe freebsd-hackers@?). Sorry if it is. This is just the mailing list I subscribe to, so I thought I'd start here. Anyways, I'm looking at the regs struct (machine/reg.h) on FreeBSD 9-stable amd64. It appears that

Re: Certain Registers in amd64 Unavailable to Developers

Nevermind. It's rdi and rsi that I should use. Sorry for the wasted bandwidth. ;) Thanks, Shawn On Mon, Jan 16, 2012 at 7:41 PM, Shawn Webb latt...@gmail.com wrote: Hey stable@, First off, I'm not too sure if this is the right mailing list (maybe freebsd-hackers@?). Sorry

Re: ZFS / zpool size

The `zpool` command does not show all the overhead from ZFS. The `zfs` command does. That's why the `zfs` command shows less available space than the `zpool` command. Thanks, Shawn On Tue, Jan 17, 2012 at 8:47 AM, Christer Solskogen christer.solsko...@gmail.com wrote: Hi! I have a zpool

Re: ZFS / zpool size

On Tue, Jan 17, 2012 at 9:00 AM, Christer Solskogen christer.solsko...@gmail.com wrote: On Tue, Jan 17, 2012 at 4:52 PM, Shawn Webb latt...@gmail.com wrote: The `zpool` command does not show all the overhead from ZFS. The `zfs` command does. That's why the `zfs` command shows less available space

Re: ZFS / zpool size

shawn@indianapolis:~$ pfexec format Searching for disks...done AVAILABLE DISK SELECTIONS:        0. c1d0 WDC WD30-  WD-WCAWZ084341-0001-2.73TB           /pci@0,0/pci-ide@11/ide@0/cmdk@0,0        1. c1d1 WDC WD30-  WD-WCAWZ087742-0001-2.73TB           /pci@0,0/pci-ide@11/ide@0/cmdk@1,0        2.

Re: Fighting with vnet / jails epair and so on

I've done a bit of research about vnet jails: http://archive.0xfeedface.org/blog/2011-11-21/lattera/freebsd-vnet-jail-admin-project On Wed, Jan 18, 2012 at 6:59 AM, Denny Schierz linuxm...@4lin.net wrote: hi, after most parts works with my bridge setups works, I want to get vnet for my jails

Re: Text relocations in kernel modules

Let's all calm down here. No need to make this personal. Let's please try to keep this conversation professional and respectful to all parties involved. Richard, I suggest that if you think the current implementation is less secure than other implementations, you could write a patch and submit it

Re: Text relocations in kernel modules

If there is malicious code in a kernel module, then discussions of relocations become moot. Sent from my Android 4.0 device. Please forgive any spelling or grammatical errors. On Apr 4, 2012 11:35 AM, jb jb.1234a...@gmail.com wrote: Peter Wemm peter at wemm.org writes: ... There is no way

IPv6 Tunnel Shared With Jails via epair Devices

Hey All, I've been working on sharing a 6in4 IPv6 tunnel (via a gif device) I have with Hurricane Electric (tunnelbroker.net) to my jails via epair devices. My setup is a bit unique in that the IPv6 tunnel is behind an OpenVPN connection. I've had varying degrees of success. I might have a bug to

Re: IPv6 Tunnel Shared With Jails via epair Devices

On Tue, Jan 15, 2013 at 12:29 AM, Ben Morrow b...@morrow.me.uk wrote: Quoth Shawn Webb latt...@gmail.com: I've been working on sharing a 6in4 IPv6 tunnel (via a gif device) I have with Hurricane Electric (tunnelbroker.net) to my jails via epair devices. My setup is a bit unique

Re: IPv6 Tunnel Shared With Jails via epair Devices

On Tue, Jan 15, 2013 at 2:54 PM, Ben Morrow b...@morrow.me.uk wrote: Quoth Shawn Webb latt...@gmail.com: On Tue, Jan 15, 2013 at 12:29 AM, Ben Morrow b...@morrow.me.uk wrote: Quoth Shawn Webb latt...@gmail.com: # ifconfig bridge0 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX

Re: IPv6 Tunnel Shared With Jails via epair Devices

Somehow there ended up a typo in the CC to freebsd-stable@freebsd.org. Last email below: On Tue, Jan 15, 2013 at 5:53 PM, Shawn Webb latt...@gmail.com wrote: On Tue, Jan 15, 2013 at 4:52 PM, Ben Morrow b...@morrow.me.uk wrote: Quoth Shawn Webb latt...@gmail.com: On Tue, Jan 15, 2013 at 2:54

Generating ISO With Pre-Installed Packages

Hey All, I'm looking to generate a FreeBSD 9-stable (and maybe 10-current) ISO that has certain packages pre-installed. I'd like to create my own installation media that will have certain things installed, like a web management UI that I'm actively working on. It'd be like what pfSense does. I

Re: virtualbox crashes r254557

On Tue, Aug 27, 2013 at 10:41 AM, Marko Cupać marko.cu...@mimar.rs wrote: On Tue, 27 Aug 2013 15:59:19 +0200 David Demelier demelier.da...@gmail.com wrote: Yes you can paste the dump here kaa.mimar.rs dumped core - see /var/crash/vmcore.1 Tue Aug 27 12:34:13 CEST 2013 FreeBSD

Re: [CFT] Call for testing pkg 1.5.0

On Tue, 2015-03-31 at 21:03 +0200, Baptiste Daroussin wrote: Hi all, We just released pkg 1.5.0 beta1 (in ports-mgmt/pkg-devel), Hey Baptiste, Great work to you and all those involved in this project! I'm grateful to have such an awesome tool. For those of us who run our own package repos

unionfs or tmpfs Kernel Panic on 10.2-BETA1

= 0x156d6ae08ca, rsp = 0x7be2c988, rbp = 0x7be2c9b0 --- === End Log === If there's anything you need from me, please let me know. It's 100% reproducible at bootup on one of my systems. -- Shawn Webb HardenedBSD GPG Key ID:0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486

Re: unionfs or tmpfs Kernel Panic on 10.2-BETA1

On Saturday, 18 July 2015 09:12:52 David Wolfskill wrote: On Sat, Jul 18, 2015 at 11:54:59AM -0400, Shawn Webb wrote: Looks like there's some locking issues in 10.2-BETA1/amd64. I'm at revision bf2d0b176566519b95f21d01cc101f4b60247ab8 in this repo: https://github.com/HardenedBSD

Re: unionfs or tmpfs Kernel Panic on 10.2-BETA1

On Saturday, 18 July 2015 12:24:37 Shawn Webb wrote: On Saturday, 18 July 2015 09:12:52 David Wolfskill wrote: On Sat, Jul 18, 2015 at 11:54:59AM -0400, Shawn Webb wrote: Looks like there's some locking issues in 10.2-BETA1/amd64. I'm at revision bf2d0b176566519b95f21d01cc101f4b60247ab8

Re: 10.2-RELEASE-p2 lost ability to bootstrap pkg with signature_type="pubkey"

ig I can't find any documentation in neither Poudriere's manpage nor in poudriere.conf.sample on how toadd a post bulk hook. Is the signing_command option to `pkg repo` really only used in generating pkg.txz.sig? Is there any formal documentation about the cryptography design and architecture in relation to pkg's repositories? Thanks, -- Shawn Webb HardenedBSD GPG Key ID:0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: This is a digitally signed message part.

Re: Release notes and handbook changes for identifying wireless adapters

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On August 1, 2016 7:02:05 PM EDT, Ben Woods wrote: >Hi, > >FreeBSD wireless users who are upgrading to FreeBSD 11.0 will likely >get a >surprise when they try and identify which wireless adapters are >available >in their

Re: NanoBSD install phase failing for releng/11

tree to a chroot directory. Here's the log (granted, -s was added to make): http://ix.io/1fN3 Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: How's 11.0-RELEASE coming?

oll hasn't completed, and I don't want to send a possibly-false > date on when 11.0-RC3 will happen. > > I am hoping Saturday, but this is not yet definitive. > > Glen > Hey Glen, I'm just checking in to see if you saw this bug report I filed: https://bugs.freebsd.org/bugzilla/s

Cannot build 11-STABLE from 12-CURRENT due to missing lint

Now that `lint` was removed from 12-CURRENT base, 12-CURRENT now cannot build 11-STABLE. Building usr.bin/xlint/llib in 11-STABLE depends on `lint`. https://github.com/freebsd/freebsd/blob/stable/11/usr.bin/xlint/llib/Makefile Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD

Re: Cannot build 11-STABLE from 12-CURRENT due to missing lint

On Sun, Nov 26, 2017 at 05:33:26PM -0500, Shawn Webb wrote: > Now that `lint` was removed from 12-CURRENT base, 12-CURRENT now > cannot build 11-STABLE. Building usr.bin/xlint/llib in 11-STABLE > depends on `lint`. > > https://github.com/freebsd/freebsd/blob/stable/11/usr.bin/xlin

Re: stable/11 r329462 - Meltdown/Spectre MFC questions

ne of which is to toggle IBRS. Vendors like Dell have started issuing firmware updates that also applies the new CPU microcode. Check with your vendor to see if they've shipped such firmware updates. Having the CPU microcode applied is not enough. The OS needs to support the new MSRs. FreeBSD 11-STAB

Re: stable/11 r329462 - Meltdown/Spectre MFC questions

eger > >- Default value: unsure. Variable declaration has 1 but > > SYSCTL_PROC() macro has 0. > > > > > Strange thing is that tweaking `hw.ibrs_disable` has no effect on > `hw.ibrs_active` on my side. Did you install the latest Intel microcode update?

Re: building 11.2-STABLE on CURRENT is broken

uld have done this back when I added it to > legacy, I think, but it seems to fix this for me. Hey Kyle, Thank you very much for looking into this issue. HardenedBSD was affected as well. I've tested the patch and am happy to report success. Thanks, -- Shawn Webb Cofound

Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-19:05.kqueue

FreeBSD 11.2 > Corrected: 2019-11-24 17:11:47 UTC (stable/11, 11.2-STABLE) Corrected November of 2018 or 2019? ;) -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658

Documentation regarding NFSv4

Hey all, It appears the Handbook and the nfsv4 manpages don't really agree, leading to some confusion as to how to properly set up an NFSv4 server on FreeBSD. Any guidance would be appreciated. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID

Re: bhyve and multiple network devices

fortunately, bhyve doesn't support renamed tap devices. You'll need to keep the original tapN name. What you might want to experiment with is setting a description for the tap device. For example: ifconfig tapN description "private vNIC" Thanks, -- Shawn Webb Cofounder / Security Engineer