Is randomizing UID/GUID would make sense?

2017-01-19 Thread minek van
Hello! I can see that the default users and when creating new ones have their UID/GUID incremented by 1. Could it bring more security if the UIDs/GUIDs would be random? Or it wouldn't bring any additional security? Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it

Re: {file,directory} permissions within /usr/{src,xenocara,ports}

2017-01-19 Thread G
For xenocara i followed the faq. For ports if you want to follow stable then dpb worked with 777.It was 775 but dpb didnt work. I tried to change the owner and permissions of {DISTDIR},{PORTSDIR} {WRKOBJDIR} {PACKAGE_REPOSITORY} and {PLIST_REPOSITORY} to _pbuild but it still failed to build the

Re: xl2tpd connect problem

2017-01-19 Thread Stuart Henderson
On 2017-01-19, Jeremie Courreges-Anglas wrote: > Alex Mihajlov writes: > >> Hi >> >> I have problem when I connect to my ISP with l2tp. > > An ISP that provides internet access via l2tp on the customer's > equipment? Fun... We have one here too. It's

{file,directory} permissions within /usr/{src,xenocara,ports}

2017-01-19 Thread Jonathan Thornburg
What are the "best practices" file and directory permissions within the /usr/{src,xenocara,ports} trees in the context of anonymous-cvs updating? http://www.openbsd.org/faq/faq5.html#wsrc suggests that the top-level directories /usr/{xenocara,ports} should be mode 775, but doesn't say what

Re: xl2tpd connect problem

2017-01-19 Thread Jeremie Courreges-Anglas
Alex Mihajlov writes: > Hi > > I have problem when I connect to my ISP with l2tp. An ISP that provides internet access via l2tp on the customer's equipment? Fun... > l2tp connections with my phone runs without problem. > I use OpenBSD 6.0 and xl2tpd-1.3.1 from package. >

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

2017-01-19 Thread Amelia A Lewis
On Thu, 19 Jan 2017 15:51:53 +0100, Nicolas Schmidt wrote: > Am 19.01.2017 um 12:21 schrieb Theo de Raadt : > >>> Then may I suggest to add an option to disable this behaviour for specific >>> mounts? >> >> No. >> >> NFS always required reserved ports. > > Do you mean that

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

2017-01-19 Thread Nicolas Schmidt
Am 19.01.2017 um 12:21 schrieb Theo de Raadt : >> Then may I suggest to add an option to disable this behaviour for specific mounts >> ounts? > > No. > > NFS always required reserved ports. Do you mean that the "reserved ports restriction" is required as part of the NFS

Re: IPPORT_RESERVED 'security' check in nfsd obsolete?

2017-01-19 Thread Nicolas Schmidt
> Am 19.01.2017 um 01:20 schrieb Theo de Raadt : > > No, this change will not be done. Then may I suggest to add an option to disable this behaviour for specific mounts? NetBSD provides the "-noresvport" flag for this. The following quote is from the NetBSD man for exports:

Re: lastcomm doesn't filter with arguments?

2017-01-19 Thread Craig Skinner
Hi Jiri On Wed, 18 Jan 2017 10:37:51 -0500 Jiri B wrote: > it seems `lastcomm' doesn't filter if it gets arguments >From what I see here, it filters multiple commands OR multiple users. $ uname -mrsv OpenBSD 6.0 GENERIC#1917 i386 $ lastcomm cp cp - sysadmin