Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020-05-29, Christopher Turkel wrote: > > On Friday, May 29, 2020, Stuart Henderson wrote: > > > >> On 2020/05/29 08:30, Luke Small wrote: > >> > You mention a lot of files that need to be read, but a program like > >> pkg_add can make it the > >> > _pkgfetch (57)

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Stuart Henderson
On 2020-05-29, Christopher Turkel wrote: > On Friday, May 29, 2020, Stuart Henderson wrote: > >> On 2020/05/29 08:30, Luke Small wrote: >> > You mention a lot of files that need to be read, but a program like >> pkg_add can make it the >> > _pkgfetch (57) user which has no directory and I’m

Re: EFI boot on Dell PowerEdge R610

2020-05-29 Thread Johan Hattne
> On May 28, 2020, at 20:38, YASUOKA Masahiko wrote: > > Hi, > > On Thu, 28 May 2020 09:46:23 -0700 > Johan Hattne wrote: >>> On May 28, 2020, at 06:42, Nick Holland wrote: >>> >>> On 2020-05-28 05:15, Johan Hattne wrote: On 2020-05-28 00:56, Johan Hattne wrote: > On 2020-05-28

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Bryan Steele
On Fri, May 29, 2020 at 11:41:43AM -0400, Christopher Turkel wrote: > On Friday, May 29, 2020, Stuart Henderson wrote: > > > On 2020/05/29 08:30, Luke Small wrote: > > > You mention a lot of files that need to be read, but a program like > > pkg_add can make it the > > > _pkgfetch (57) user

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Peter Nicolai Mathias Hansteen
> 29. mai 2020 kl. 19:23 skrev Walter Alejandro Iglesias : > Could you summarize here which part of these articles of yours answer my > original question, please? > > For example, this list you share (linked in your article): > > https://home.nuug.no/~peter/pop3gropers_full.txt > > It would

Re: TLSv1.3 no SNI for relayd?

2020-05-29 Thread Theo Buehler
On Wed, May 27, 2020 at 09:17:45AM -0400, Matrix Dactylopodite wrote: > Using the protocol defaults (tlsv1.3 and tlsv1.2) in latest relayd has > regressed to not supporting SNI? Thanks for the helpful and detailed report. This issue (in libssl) has just been fixed in -current:

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Walter Alejandro Iglesias
Hello Peter, In article Peter Nicolai Mathias Hansteen wrote: > > 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger : > > > > > > You can save the list of IPs in a table and reload it after a reboot as > > described here: https://www.bsdhowto.ch/savepftables.html > > > I have a similar setup

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Christopher Turkel
On Friday, May 29, 2020, Stuart Henderson wrote: > On 2020/05/29 08:30, Luke Small wrote: > > You mention a lot of files that need to be read, but a program like > pkg_add can make it the > > _pkgfetch (57) user which has no directory and I’m guessing not in > interactive mode. At the > > very

Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

2020-05-29 Thread Kapetanakis Giannis
On 28/05/2020 07:16, Quantum Robin wrote: Hi, While surfing on the Google to learn more about OpenBSD, I encountered this one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure ( https://aboutthebsds.wordpress.com/2013/01/25/20/) Is the author telling the truth? Or just yet another

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Stuart Henderson
On 2020/05/29 08:30, Luke Small wrote: > You mention a lot of files that need to be read, but a program like pkg_add > can make it the > _pkgfetch (57) user which has no directory and I’m guessing not in > interactive mode. At the > very least, in noninteractive mode you could unveil(“/“, “rx”);

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Sebastian Benoit
Luke Small(lukensm...@gmail.com) on 2020.05.29 08:30:05 -0500: > You mention a lot of files that need to be read, but a program like pkg_add > can make it the _pkgfetch (57) user which has no directory and I???m guessing > not in interactive mode. At the very least, in noninteractive mode you >

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Theo de Raadt
you are wasting everyone's time if you don't write a diff, which you've tested. Luke Small wrote: > You mention a lot of files that need to be read, but a program like pkg_add > can make it the _pkgfetch (57) user which has no directory and I’m guessing > not in interactive mode. At the very

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Luke Small
You mention a lot of files that need to be read, but a program like pkg_add can make it the _pkgfetch (57) user which has no directory and I’m guessing not in interactive mode. At the very least, in noninteractive mode you could unveil(“/“, “rx”); and change the specified output file discover the

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Peter Nicolai Mathias Hansteen
> 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger : > > > You can save the list of IPs in a table and reload it after a reboot as > described here: https://www.bsdhowto.ch/savepftables.html I have a similar setup at bsdly.net , only I dump the tables to file and run expiry

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Bruno Flueckiger
On 29.05., Walter Alejandro Iglesias wrote: > In article <20200528165448.ga22...@flueckiger.lan> Bruno Flueckiger > wrote: > > On 26.05., Walter Alejandro Iglesias wrote: > > > I understand that this command: > > > > > > # pfctl -t spam -T expire > > > > > > Takes in care the "Cleared" date:

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Walter Alejandro Iglesias
In article <20200528165448.ga22...@flueckiger.lan> Bruno Flueckiger wrote: > On 26.05., Walter Alejandro Iglesias wrote: > > I understand that this command: > > > > # pfctl -t spam -T expire > > > > Takes in care the "Cleared" date: > > > > # pfctl -t spam -vT show > > ___.___.22.65 >

Re: Source address selection algorithm w/ bgp

2020-05-29 Thread Pierre Emeriaud
Le jeu. 28 mai 2020 à 17:19, Denis Fondras a écrit : > > I have a pf.conf with : > pass out on $if_ix from $ip_ix to !$subnet_ix nat-to $ip_router > > Not a definitve solution but does the work on a low-traffic bgp router :/ Thanks Denis, this is what I'm currently doing, but this is more a

Re: Source address selection algorithm w/ bgp

2020-05-29 Thread Pierre Emeriaud
Le jeu. 28 mai 2020 à 16:09, Theo de Raadt a écrit : > > A few tools have options like -s, but it is a problem. > > I'm also frustrated by this solution, and working on a better method. thanks for acknowledging this issue Theo. Just wanted to check if I hadn't missed anything obvious.

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Stuart Henderson
On 2020-05-29, Luke Small wrote: > unveil is nowhere to be found in the ftp program source code. There’s > probably another way to do it, but I wrote a program and searched all files > in /usr/src/usr.bin/ftp/ contain no mention of “unveil”, but It mentions > “pledge” > > It could take 3 lines at