Re: nginx + php = system() not working?

set, the default user's group ; will be used. user = www group = www -dan

Re: nginx + php = system() not working?

It can even help to run nginx in "unsecure mode" if you want to stay not chrooted: nginx_flags="-u -p /home/mytests" man nginx ; while php-fpm.conf should remain with the default values ; in this case.. -dan Mike Fischer wrote: > > > Am 17.05.2024 um 03:

Re: nginx + php = system() not working?

May 17, 2024 11:30:25 Souji Thenria : > -u   By default nginx will chroot(2) to the home > directory of the user running the daemon, typically > "www", or to the home directory of user in > nginx.conf.  The -u option

Re: OpenBSD 7.5: xfce-4.18.1: missing Special Characters utility

Reinstalled manually after the upgrade to 7.5 with: pkg_add gucharmap -dan Dan wrote: > > Hello, > > In my OpenBSD 7.5, xfce-4.18.1 is missing the Characters Map / Special > Characters utility both graphically, in the menu, and on the disk. > > Thanks! > > -dan

Re: Errata: OpenBSD 7.5: high temperature spotted different times

Correction: CPU: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz, 06-45-01, patch 0026 (year 2014) Dan wrote: > Hello, > > In my OpenBSD 7.5 stable temperature incrises timtotime remaining on > 64-65°C; an old quad cores I5 cpu. > > Thanks, > > -dan

OpenBSD 7.5: xfce-4.18.1: missing Special Characters utility

Hello, In my OpenBSD 7.5, xfce-4.18.1 is missing the Characters Map / Special Characters utility both graphically, in the menu, and on the disk. Thanks! -dan

OpenBSD 7.5: high temperature spotted different times

Hello, In my OpenBSD 7.5 stable temperature incrises timtotime remaining on 64-65°C; an old quad cores I5 cpu. Thanks, -dan

Re: Why /var/www/run instead of /var/run for web services

> I suspect that it is because a web service might change its root > directory to /var/www using chroot(2), > Can anyone confirm or deny my assumption? right, www is chrooted. -Dan

Re: Guidance for booting NanoPi R6S?

A1, and SHA2 are only ~clock-speed faster, and not Using ARMv8 > ISA faster. > > Thanks again for the reply. > > s. If I remember correctly, both the NanoPi R5 and R6 require that you manually set the MAC address for the rge interface via 'ifconfig lladdr etheraddr'. This is at least what I needed to do on my R5S. Best, Dan

Re: Upgraded to 7.5: vfs.ffs.dirhash_dirsize no longer exists and large directory ere veeery slow

Thanks for the answer, it seems I'm not missing dirhashes after all.. :) -Dan Apr 12, 2024 16:25:51 Otto Moerbeek : > On Fri, Apr 12, 2024 at 12:21:43PM +0200, Dan wrote: > >> >> Really, I fear this value is due to a wrong tweak.. > > > Fear is a bad advisor

Universal screen mirroring from mobile devices

mirroring functionalities embedded in our favorit desktop environemnt under OpenBSD? I imagine a more *flexible* desk environment where sort of universal screen mirroring is allowed among devices exacly how today we can do in our livingroom on Samsung or other brand TVs.. -Dan

Re: Upgraded to 7.5: vfs.ffs.dirhash_dirsize no longer exists and large directory ere veeery slow

Really, I fear this value is due to a wrong tweak.. -Dan Apr 12, 2024 09:09:06 Dan : > >> Yes, that fixes it for me: >> >> $ sysctl vfs.ffs >> vfs.ffs.dirhash_dirsize=2560 >> vfs.ffs.dirhash_maxmem=5242880 >> vfs.ffs.dirhash_mem=767359

Re: Upgraded to 7.5: vfs.ffs.dirhash_dirsize no longer exists and large directory ere veeery slow

> Yes, that fixes it for me: > > $ sysctl vfs.ffs > vfs.ffs.dirhash_dirsize=2560 > vfs.ffs.dirhash_maxmem=5242880 > vfs.ffs.dirhash_mem=767359 I have this value in 7.4 stable: vfs.ffs.dirhash_mem=1412837 is it correct? or how to fix it? -Dan

Re: newfs fast, but newfs_msdos and newfs_ext2fs very slow

As last resort, if you are one that lives with usb sticks indipendent hardware duplicators like those from startech.com have a quick format option (almost my old version of it has) further than other useful functionalities. -Dan Apr 10, 2024 10:34:38 Stuart Henderson : >> How can I

Re: Upgrade 7.5 /usr full

If you are by usb sticks you can find maybe useful one of old thread: https://marc.info/?l=openbsd-misc=169896854913334=2 Please remember to update /etc/fstab accordingly to the new layout of the final system before to reboot. -Dan Apr 9, 2024 18:37:39 Stuart Henderson : > Some opti

Re: TLS handshake failure at pkg_update

lete pkg_add operations. I suggest to go for the superuser by chance. -Dan

Re: need help to access my machine after upgrade -- system immediately logs me out

ith xterm and sysupgrade. -Dan

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

If I'm explaining security or lack of security, or saying things like "this is not enough", it's not as part of a speech that's meant to whine. I'll explain: I could've just asked, in my first message, whether OpenBSD has a mechanism like Ctrl-Alt-Delete on Windows, and whether it has sandboxing

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

On Sunday, March 31, 2024, Jose Maldonado wrote: > El Sun, 31 Mar 2024 01:10:15 + > Dan escribió: > > On Wednesday, March 27, 2024, Dan wrote: > > > > Hi @list! > > Lots of discussion and useless talk when the solution is in your hands > @Dan: >

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

On Wednesday, March 27, 2024, Dan wrote: > Hello, I have 3 security-related questions: > (1) Does OpenBSD have a mechanism like Ctrl-Alt-Delete on Windows (Secure > Attention Key, or SAK) to prevent malware (or a website in fullscreen, for > example) from faking a logout process a

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

On Saturday, March 30, 2024, hahahahacker2009 wrote: > Vào Th 7, 30 thg 3, 2024 vào lúc 11:19 Dan đã > viết: > > >> > >> > >> > I've looked at the > >> > source code and issue tracker of upstream Firefox in the past and it >

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

On Saturday, March 30, 2024, hahahahacker2009 wrote: > Vào Th 6, 29 thg 3, 2024 vào lúc 07:40 Dan đã > viết: > > > This only lists third-party packages that have an OpenBSD > ports-originated addition of pledge/unveil configuration files; packages > that use

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

point seems having a purpose, wrong. -Dan Mar 30, 2024 18:23:38 James Huddle : > I live in post-2016 USA and have essentially given up hope of any sort of > computer security.

Re: qwx0 / QCNFA765 Does 802.11g Only

4 : > dear, why didn't you write about it in man? Thanks 4, to support the wide community of who still remain surprised about the scarsity of the doc. I personally have subscribed also "Then, why the man in XXI century interested group". But probably having roman numbers I have been the

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

Replying now to cho...@jtan.com: >[…] any >application which uses the X server (ie. can access the tcp port >or unix socket and has the correct xauth key […] The default PF configuration blocks access to the ports, but only on non-loopback interfaces.

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

(Note for everyone: This message is intended to shame a troll; if you're here to follow the technical discussion only, feel free to skip reading this message.) ~ | ~ | ~ | ~ | ~ | ~ On Friday, March 29, 2024, Jan Stary wrote: > > > > (The person > > > > you're replying to should be in the To

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

ut what about other > programs? > > That's a very general question. > Look at the program you care about (if there is one) > and grep the source/port for pledge. Duh. > > It's indeed a general question. What's the use of you mentioning the generality of my question? Are general questions not

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

You didn't "Reply All", so I didn't get your reply in my inbox. (The person you're replying to should be in the To field, and the mailing list in the Cc field.) >Even on windows; this has nothing to do with intercepting ctrl-alt-del. False. Ctrl-Alt-Delete cannot be intercepted on Windows without

Re: One more thought about security..

Awesome, blacklists are still affordable at time word of mouth! We got up too eatly today, take a nap like everyone do and care about your dears.. -Dan Mar 27, 2024 11:51:32 hahahahacker2009 : > -- Forwarded message - > From: Mihai Popescu > Date: Th 7, 24 thg 2,

Security questions: Login spoofing, X11 keylogging, and sandboxed apps

Hello, I have 3 security-related questions: (1) Does OpenBSD have a mechanism like Ctrl-Alt-Delete on Windows (Secure Attention Key, or SAK) to prevent malware (or a website in fullscreen, for example) from faking a logout process and/or faking a login prompt? On Windows the kernel ensures that

One more thought about security..

Hello, Just adding a simple evidence: dark mode is difficult to print. If you are dedicating time to web browser and email client development in OpenBSD.. I suggest to point antennas on dark mode too.. -Dan

Re: securelevel=2 and mount hardening

Thanks for the reply.. Good one, try to think I was sure it was meaning many western right wingers (cats) vs 1 jelly fish (cattle). Then, when I have time I explain what is coudardy.. -Dan Mar 26, 2024 11:06:17 Alexis : > Dan writes: > >> I'm curious John Doe.. yo

Re: securelevel=2 and mount hardening

I'm curious John Doe.. you said cloud but not firewall, and cattle but not pets, right? You are a strange anglophon western toddler.. -Dan Mar 25, 2024 23:41:44 jslee : > On Tue, 26 Mar 2024, at 04:30, Dan wrote: >> Eventually, having the kernel possibility to customize the co

Re: securelevel=2 and mount hardening

Eventually, having the kernel possibility to customize the config path from /etc in eg /heroxyz could be helpful for a firewall, what do you think? :-) -Dan Mar 25, 2024 18:06:10 Dan : >> /etc is always going to be problematic.  I've been experimenting >> to see if I can cre

Re: securelevel=2 and mount hardening

Lyndon Nerenberg (VE7TFX/VE6BBM) : > /etc is always going to be problematic.  I've been experimenting > to see if I can create a viable firewall config with a read-only > root filesystem. I do not know what do you mean by "experimenting if", and if you finally realized your purpose.. but

Re: Request for a check 'relinking in progress' before a reboot

xec/reorder_kernel after your edit. -Dan

Re: Request for a check 'relinking in progress' before a reboot

Brian Conway : >> To avoid prbs with the relinking of the kernel happening in background >> I propose to set a little check during the shutdown to avoid to interrup it.. >> >> Thnx! >> >> -Dan > > I have frequently rebooted or shut down shortly after b

Re: Request for a check 'relinking in progress' before a reboot

ss. > We should also disable panic(9) in the kernel while reorder_kernel is > running. Maybe a sysctl? -Dan

Re: Got bsd.re-config apparently disabled

After three-four retries I confirm my station doesn't digest more the bsd.re-config file -Dan Mar 22, 2024 18:57:07 Dan : > It is from some weeks that I noticed bsd.re-config has no effect on my > OpenBSD: > > disable ucc > disable ugen > > Webcam and Blutooth

Request for a check 'relinking in progress' before a reboot

Hello, To avoid prbs with the relinking of the kernel happening in background I propose to set a little check during the shutdown to avoid to interrup it.. Thnx! -Dan

Got bsd.re-config apparently disabled

t any luck. I wonder if there is the possibility to disable the whole use of /etc/bsd.re-config or any recent update could have affected it. Thxs! -Dan

Solution to keystroke injection

injection kind of attacks one time for all? Thnx! -Dan

Re: New asset

rocknroll. In alternative cheergirls do not function, neither. NB: for a general convinience I can't send a private pigeon.. If everything look hilarious is absolutely wanted. -Dan Brodey Dover : > Progress looks great. > > Keep up the great work!

Re: rpc

facilities like within a star cascade :-) Otherwise.. -Dan Mar 20, 2024 06:50:39 Gustavo Rios : >> NFS/NIS/AMD are very old technology and are not robust. > > How to replace NIS ? >   >> Each OS implements different and only somewhat interoperable versions. >> >> You

Re: From Xfce to Mate

ges. Strange, I started from mate-1.26, the meta package.. However, thanks for this one. Anyway, just to mention.. Mate is the desktop environm. of choise of OpenIndiana. -Dan

From Xfce to Mate

nd utility doesnt pop up); 4) the context menu by right clicking anywhere on the desktop has no application menu apparently.. this the latest problem.. I passed a full night with Mate (..) but for now I was happy to come back to my steps and restore Xfce, although performances seem very interesting. -Dan

Re: USB peripherals hang, nothing in messages

suggestable to have, question ( ? ) -Dan Chris Bennett : > On Fri, Mar 15, 2024 at 01:40:56PM +0100, Dan via misc wrote: >> >> Interesting.. >> >> Laurence Tratt via misc : >> >>> This sounds to me like it might be due to USB stack performance problem

Re: DMARC/DKIM and OpenBSD Mailinglists

I notice date an time of your reply. You are quite ridiculus all. Hoping to find any "indipendent head" around OpenBSD or leave.. -Dan Mar 15, 2024 17:13:52 Dan : > Todd C. Miller : > >> I've disabled the From: rewriting > > Indeed it appeared too secure for OpenBSD...

Re: DMARC/DKIM and OpenBSD Mailinglists

Todd C. Miller : > I've disabled the From: rewriting Indeed it appeared too secure for OpenBSD...

Re: DMARC/DKIM and OpenBSD Mailinglists

Todd C. Miller wrote: > I've just added support to our majordomo for rewriting the From: > header when the sender's domain has a DMARC policy.  Messages from > domains using DMARC will now have a From: header like: > >     From: "John Connor via misc" I want to thank you for the From rewriting.

Re: USB peripherals hang, nothing in messages

ferences in USB performance on nominally > similar hardware with OpenBSD. Do you suggest to phisically (hub) separate peripherals from eg. storage devices for who is working in this kind of fashion? -Dan

Re: [TUHS] Re: SunOS 4 in 2024

Prepare yourself,I feel Jan is around searching to bit anyone.. :-/ "Alexis via misc" wrote: > > Sorry for accidentally sending this here, rather than to the TUHS > list. :-/ > > Alexis writes: > [snip] >

Re: Badwolf and LC_CTYPE

For the same reason.. Looking to my dev env tcl/tk utilities..also tcl/tk renders textbox's text in different way causing text or windows'objects to overlap too. Dan wrote: > Hello, > > Setting LC_CTYPE to zh_CN.UTF-8 in .xinitrc makes Badwolf (webkit) > opening website

Badwolf and LC_CTYPE

Hello, Setting LC_CTYPE to zh_CN.UTF-8 in .xinitrc makes Badwolf (webkit) opening websites in chinese language by default while Firefox remains in English. Thxs! -Dan

webGL viewer, networkload without proper session, burning bun..

expect to get a silicon burned sandwich inside my station like being under Windows.. -Dan

Re: browser titlebar doesn't support emoji

Thnx again for the more replies.. Страхиња Радић wrote: > On 24/03/08 11:37PM, Dan wrote: > > * depending on one general font for text, often a > > monospaced one, they will have no luck to display emoji anyway. > > No, this depends on fontconfig[1] configurati

Re: browser titlebar doesn't support emoji

t hex representation of the emoji. * depending on one general font for text, often a monospaced one, they will have no luck to display emoji anyway. -Dan Dan wrote: > > Tested in 7.4 Xfce, Firefox and Badwolf titlebar don't support > emojicon (tested: flags) like from the picture attached.

browser titlebar doesn't support emoji

Hello, Tested in 7.4 Xfce, Firefox and Badwolf titlebar don't support emojicon (tested: flags) like from the picture attached. Thxs! -Dan

Re: wsmouse, synaptics, xorg.conf, and Touchpad versus Touchscreen

First, did you try to disable AutoAddDevices before any change? Section "ServerFlags" Option "AutoAddDevices" "off" -Dan Philippe Meunier wrote: > Hi, > > I have a Thinkpad T14g3 (dmesg below), which has both a touchpad and a > touchscreen (an

Re: Fwd: install74.iso

On Mon, 23 Oct 2023, at 22:33, Theo de Raadt wrote: > In the next few snapshots, an ISO file will start to show up. Thank you. May I ask that the team also start building the bootstrapping cd74.iso, not just the full install74.iso? Regards, Dan >> >> Am 21. Okt. 2023,

Re: Installation Media Self Integrity Check

Thank you for responding, Theo :) On Thu, Aug 13, 2020 at (...):59 AM Theo de Raadt wrote: > > the FAQ is wrong. > > Those images don't contain signatures because my build & sign > procedure does not have a way to sign something, then continue > building, then sign the result. > > > If you

Installation Media Self Integrity Check

Hello, the FAQ states this: "The installXX.iso and installXX.fs images do not contain an SHA256.sig file, so the installer will complain that it can't check the signature of the included sets [...] This is because it would make no sense for the installer to verify them. If someone were to make a

Got hits Job offering in the mail

Got approached by a head hunter. If anyone in the community is interested and read it as is, I am just copy pasting, and I know NOTHING about this job or the head hunter that sent me the bellow email: Hii There! Greetings of the day!! I found your resume from one of the job portal and just

hyper-threading...

Linux part-time. It could also be useful for updating processor microcode, which can't be done under Windows. Thanks, Dan

Re: AuthorizedKeyCommand ldap

On Mon, Dec 11, 2017 at 7:13 PM, Paulm <pa...@tetrardus.net> wrote: > On Mon, Dec 11, 2017 at 03:49:24PM -0700, Dan Becker wrote: > > I am reading a blog proposing to use the AuthorizedKeyCommand to hook > into > > another authentication mechanism by calling a sh

AuthorizedKeyCommand ldap

of authentication ? -- --Dan

iwm fatal firmware error on - current

On 6.2 current shortly after boot iwm fails with the error: iwm0: fatal firmware error iwm0: could not remove MAC context (error 35) The device is able to initially connect get an address and connect for a few minutes. Output from ifconfig and dmesg are below. Let me know what other

Re: strict separation base system and third party software

On Fri, 28 Oct 2016 01:21:13 -0600 "Theo de Raadt" wrote: > > > > Different design, different philosophy, and different goals [1] but the > > > > same BSD heritage. > > > > > > There is no philosophy involved. > > > > > > England and the US and Canada are not differences in

Re: strict separation base system and third party software

On Thu, Oct 27, 2016 at 23:16:50 -0600, Theo de Raadt wrote: > > Different design, different philosophy, and different goals [1] but the > > same BSD heritage. > > There is no philosophy involved. > > England and the US and Canada are not differences in philosophy. > > They are just different.

Re: [pf] NAT64 rule for *outgoing* packets

for the gateway itself which validates but does not translate. Thanks for the clarification regarding pass out rules and af-to. Dan > On 19 Jun 2016, at 22:53, Sebastian Benoit <benoit-li...@fb12.de> wrote: > > Dan L??dtke(m...@danrl.com) on 2016.06.07 19:14:24 +020

OpenBSD on SBC?

on-board wifi (hostapd). Cheers, Dan

Re: [pf] NAT64 rule for *outgoing* packets

kernel for this issue? Cheers, Dan > On 7 Jun 2016, at 14:48, Dan Lüdtke <m...@danrl.com> wrote: > > Hi, > > my setup: [host]--[router]--[internet] > > [Host] can ping legacy internet hosts via NAT64. Works fine. Corresponding > line in pf.conf reads: &g

[pf] NAT64 rule for *outgoing* packets

NAT64. It can, of course, reach legacy internet hosts natively. How to push outgoing traffic addressed to 64:ff9b::/96 through pf's NAT64 engine? Cheers, Dan Some outputs FYI: router# route get 64:ff9b::/96 route: writing to routing socket: No such process router# ping6 64:ff9b::8.8.8.8 PING6

Re: help with kshrc

On Mon, 18 Apr 2016 16:42:56 +0200 Marko =?ISO-8859-1?Q?Cupa=3F?= wrote: > Hi, > > in tcsh on FreeBSD, I use the following line in .tcshrc in order to > start xfce when looging on ttyv3: > > if ($tty == ttyv3) then > startxfce4 --with-ck-launch > logout > endif > >

Re: Post pkg_delete messages, change message format?

On Fri, 25 Mar 2016 12:47:01 -0500 Chris Bennett wrote: > After I delete packages, especially pkg_delete -X, I get a long list of > instructions like: > > > -2.1.3 --- > You should also run rm -rf /etc/cups/*.conf.O /var/log/cups > You

Re: how to mount encription volume

On Sat, 12 Mar 2016 12:19:59 + freeu...@ruggedinbox.com wrote: > hi, I use the bioctl encryption on boot volume. > > example A: > fdisk -iy sd0 > echo -n "a a\n64\n\nRAID\np\nw\nq\n\n" |disklabel -E sd0 > bioctl -c C -l /dev/sd0a softraid0 > > then, OpenBSD detect sd1 and I install the

radius authentication support for httpd

Hello, Using the built-in httpd I'm wondering if it is possible to use RADIUS authentication. I did not see a mention in the man page nor in google searches (thought my google foo could be part of that problem). Thank-you, Dan Farrell

Re: some problems with disks

On Tue, 8 Mar 2016 00:20:08 +0100 arrowscr...@mail.com wrote: > I'm having some problems with disks. Probably because I still don't > understand enough of how BSD manage them: > > 1. I was going to install -current on a USB flash drive. I did the > install media using install59.fs and booted. I

Re: e-commerce framework suggestion? medoc?

> On Feb 25, 2016, at 1:28 AM, li...@wrant.com wrote: > > Don't fall for regulation scare talks, there should be no reason to > put something outside local premises except payment processing which > is a well developed monetary system service from banks etc. > Since I deal with credit card

elite smtpd control

i caught this in a process listing, and did a double take. $ ps ax|grep control 31337 ?? I 0:00.09 smtpd: control (smtpd) $ ps auxw|grep control _smtpd 31337 0.0 0.0 1592 4 ?? I 21Jan160:00.09 smtpd: control (smtpd) i thought it was interesting enough to share given the

Lenovo Ideapad 100s Boot Failure

Getting back to testing with a Lenovo Ideapad 100S-11. Using the February 1 amd64 snapshot I am able to complete the install. Upon first reboot at the initial boot prompt I receive the following messages: probing: pc0 mem[572K 56L 511M 1391M 61M 9M 2M 124K 36K] disk: hd0* hd1* hd2* >>

Re: Lanp equivalent web server working on OpenBSD no Apache

Except that you state it as something people should include as part of their proper configuration. Really? They should give Ted Unangst's account access to procmap? Dan On Mon, Feb 1, 2016 at 7:19 PM, bruce <bruc...@laernu.com> wrote: > I didn't, that's direct from the man page for

Re: piping stderr to tee log (so I can have my log and watch it, too)

On Mon, 18 Jan 2016 10:09:14 +0900 Joel Rees wrote: > Trying to put some scripts together so I can set an update going one > night, check it in the morning, reboot, and finish the update while > I'm at work. > > So I want to do something like > >cd /usr/src && cvs

Re: tsort: pledge: invalid agument (building -current)

i ran into this myself the other day. you already got good advice, so i will just make one comment. On Sat, 9 Jan 2016 18:54:22 +0900 Joel Rees wrote: > Do I need to backup my data, wipe the OS, and re-install from a snapshot > kernel? > it's unlikely you will ever have

Re: Add Bay Trail EHCI controller to pcidevs

: PC-AT compat [skipping cpu0] ioapic0 at mainbus0: amid 2 ps 0xfed0, version 20, 87 pins ioapic0: misconfigured as apic 1, remapped at apid 2 acpiprt0 at acpi0: bus 0 (PC10) pci0 at mainbus0 bus 0 0:2:0: mem address conflict 0x9000/0x40 0:2:0: mem address conflict 0x8000/0x1000 Regards, Dan

Re: the location of openbsd.pbr

On Wed, 30 Dec 2015 22:50:08 -0700 "Jack J. Woehr" wrote: > Brian McCafferty wrote: > > Are you referring to the file you need to create for dual booting with the > > windows ntldr? Check the FAQ: > > http://www.openbsd.org/faq/obsd-faq.txt > > Just out of curiousity, I dd'ed

Re: Add Bay Trail EHCI controller to pcidevs

>From: tuta.io> >Subject: Re: Add Bay Trail EHCI controller to pcidevs >Newsgroups: gmane.os.openbsd.misc >Date: 2015-12-17 09:58:44 GMT (2 weeks, 4 hours and 34 minutes ago) >>> Doesn't work, but at least it makes the dmesg look better.>What doesn't >>> work?Hi Martin, >Can't speak for Callum

Re: owncloud and php5-libsmbclient / occ

On Tue, 29 Dec 2015 20:43:49 -0500 Johan Huldtgren wrote: > > Also, if one would like to use occ utility from CLI, considering that the > > whole owncloud runs chrooted under /var/www/ and that occ therefore looks > > for /owncloud/apps folder (which is

Re: TCL in a chroot

On Mon, 28 Dec 2015 19:53:47 -0500 Paul Pereira wrote: > Has anyone had luck running tcl within a chroot? I have the required > libraries reported by ldd in place, but the interpreter cannot find > them. > > # chroot /var/www /usr/local/bin/tclsh8.5 >

Re: DESTDIR chroot for Mailman from ports

On Sun, 27 Dec 2015 11:22:56 + (UTC) Juuso Lapinlampi wrote: > I'm having a bit of hard time installing Mailman from ports to an > alternative `DESTDIR` chroot on OpenBSD 5.8 -stable, GENERIC.MP amd64. I > have a working Mailman setup in a non-chroot environment and I'm

Re: if I were to make a pkg-add diff

On Fri, 25 Dec 2015 16:09:27 -0600 Luke Small wrote: > I suppose folks could opt for the more stable yet higher latency > official mirrors even if they aren't local to canada and they would > never be surprised. It may not be too much trouble for me to implement > a mere

Re: utilities in bsd.rd

On Mon, 21 Dec 2015 20:45:15 + "AHLSENGIRARD, EDWARD F CTR USAF AFMC AFNWC/NDBD" wrote: > By any chance is there a handy list of the utilities compiled into bsd.rd > (release or recent snap)? > > > -- > Edward Ahlsen-Girard > it may not be exhaustive

Re: Is it possible to use pledge(2) to make something similar to firejail?

On Mon, 30 Nov 2015 23:30:49 +0100 Lampshade <lampsh...@poczta.fm> wrote: > Thanks for answers. > @dan mclaughlin. But how to prevent attacker going out of chroot? as far as i am aware only root can break out of a chroot. as long as nothing runs as root, and there are no suid root th

Re: Is it possible to use pledge(2) to make something similar to firejail?

On Sun, 29 Nov 2015 07:08:57 -0700 "Anthony J. Bentley" wrote: > Lampshade writes: > > Is it possible, in theory, to use pledge(2) to make something similar to > > fire > > jail? > > https://packages.debian.org/sid/main/firejail > > Firejail is a Gnu/Linux's program which

Re: Mount ISO as read write

On Wed, 28 Oct 2015 07:45:05 + (UTC) Mik J wrote: > Hello everyone, > I asked this question on another list a long time ago. > * I would like to mount an iso in order to add some files# ls -l /mnt > drwxr-xr-x 2 root wheel 512 May 3 15:31 iso# vnconfig svnd0

Re: Because Theo and various users told them that the projects GnoBSD and Comixwall were worthless and that they weren't contributing to OpenBSD?

you don't understand the question, you have some learning to do in this subject. In light of all of this, now maybe do you think the philosophy about not letting every tom-dick-n-harry advertising their projects here makes sense? Very Sincerely, Dan Farrell On Sat, Oct 17, 2015 at 9:59 AM,

Re: doas and home directory of target user

. so you can ensure that a local key is necessary to log in. and you can ensure that it only runs firefox with the ForceCommand directive (it's all in that thread, and more in the linked threads). > > On Wed, Sep 23, 2015 at 8:29 AM, Joel Rees <joel.r...@gmail.com> wrote: > > T

Re: doas and home directory of target user

On Tue, 22 Sep 2015 17:41:57 +0900 Joel Rees wrote: > I have this rule in doas.conf: > > permit nopass user1 as user2 > > As user1, I try this at the command line: > > doas -u user2 whoami > > and it tells me I am user2, as I expect. And > >doas -u user2 ls >

syslogd is duplicating the hostname field

I just noticed that syslogd is adding a hostname to the syslog messages it receives, whether there is one present or not. I'm probably missing the option, but is there a way to turn this off? Example: Aug 13 19:17:01 dhcp.1.158.example.com beaglebone CRON[5529]: pam_unix(cron:session): session

Re: securing web browser

On Fri, 14 Aug 2015 16:45:52 + Frank White mediome...@gmail.com wrote: Hi, anyone has some advices to make more secure a browser like firefox ? chroot + systrace ? Thank you. apparently it's been done. David Coppa reported that he succeeded chrooting firefox here:

  1   2   3   4   5   >