1) telnetd removed, so it won't be a parent process
2) Restricted shells can redirect window decor to /dev/tty
3) In wcd(), only do _ignore() if cd (e.g: can't cd /root)
Index: ksh.kshrc
===
RCS file: /cvs/src/etc/ksh.kshrc,v
On 2014-10-14 Tue 00:24 AM |, Antoine Jacoutot wrote:
Makes sense yes. Not sure I'd want a function just for that one liner though.
I'll commit something tomorrow.
Nice one, using shell internals.
This restricts the listing to files which are also executable:
Index: rcctl.sh
Move 2 duplicate searches into a function.
The diff also ignores (RCS) subdirectories.
$ find /etc/rc.d ! -type f
/etc/rc.d
/etc/rc.d/RCS
Index: rcctl.sh
===
RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v
retrieving revision 1.43
Some notes to demo the diff below:
# -=-=-=-=-=-=-= Assignment:
me$ _STATIC_RCCONF='/etc/rc.conf'
me$ _RCCONF=${_STATIC_RCCONF}.local
# -=-=-=-=-=-=-= Test 1:
me$ print ${_STATIC_RCCONF} ${_RCCONF}
/etc/rc.conf /etc/rc.conf.local
me$ print ${_RCCONF%/*} ${_RCCONF##*/}
/etc rc.conf.local
On 2014-07-15 Tue 22:11 PM |, Antoine Jacoutot wrote:
I run both squid and cvsyncd and never needed these entries.
Doubtful anyone _needs_ the Microsoft-SQL-* entries.
Index: etc/services
===
RCS file:
On 2014-07-15 Tue 16:04 PM |, Theo de Raadt wrote:
On Tue, Jul 15, 2014 at 12:22:37PM +0100, Craig R. Skinner wrote:
Suggestion of add NSD, Unbound BIND control ports to /etc/services:
Makes sense to me. Anyone want to OK this?
Index: etc/services
Suggestion of add NSD, Unbound BIND control ports to /etc/services:
Index: etc/services
===
RCS file: /cvs/src/etc/services,v
retrieving revision 1.87
diff -u -p -r1.87 services
--- etc/services12 Jul 2014 14:51:07 -
The IANA names don't match these popular OpenBSD package's port numbers:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=3128
= ndl-aas, not web cache/squid
On 2014-07-11 Fri 03:03 AM |, Theo de Raadt wrote:
If lynx was removed from base, and only available in ports... how many of
you would even know of it's existance and use it?
Several times a week I use lynx for http or local html docs.
If it wasn't in base, I'd install it/some similar
On 2014-06-20 Fri 16:14 PM |, Maurice Janssen wrote:
# FIXME No. 9 Moxa card port:
moxa09:dv=/dev/tty10:common:
# FIXME No. 10 Moxa card port:
moxa10:dv=/dev/tty11:common:
Try /dev/tty0a and /dev/tty0b
Perfect!
Here's a man page diff to sync with lines 1383-1397 of
FYI;- The sudo users mailing list quickly said the 3 issues I identified
are known bugs, which have been fixed in newer sudo versions.
http://www.sudo.ws/sudo/stable.html
The current stable release of sudo is 1.8.10p3
$ sudo -V
Sudo version 1.7.2p8
$ uname -a
OpenBSD teak.britvault.co.uk 5.4
FYI tech@, there was a thread on misc@ about
sudo -iu not setting some environment variables:
http://thread.gmane.org/gmane.os.openbsd.misc/211823/
On 2014-04-08 Tue 09:26 AM |, Craig R. Skinner wrote:
To clarify, there are no ~/. shell dot files.
$PATH umask are set in /etc/login.conf
On 2014-04-11 Fri 08:58 AM |, Bob Beck wrote:
sponsors having privileged access to the information (in other words
they aren't donors, they are paying for early access.)
Benefits with strings attached are not donations, ... more like bribes.
Respect for freedom fighting and staying open!
On 2014-03-06 Thu 15:42 PM |, Stuart Henderson wrote:
Personally I'd keep them for releases (which also gives people a base
to speed up updates to -current) but probably drop them for snapshots..
Sensible logic;- reducing workload, network electricity costs!
On 2013-12-19 Thu 13:43 PM |, Craig R. Skinner wrote:
Enhance rc.d/rc.subr with lowered/raised daemon running priority.
Take 2:
Replace /etc/rc.d/daemon rc_renice=X with
/etc/rc.conf.local daemon_nice=X
$ fgrep _nice /etc/rc.conf.local
sshd_nice=-10
dhcpd_nice=15
inetd_nice=YES
On 2013-12-28 Sat 21:16 PM |, Craig R. Skinner wrote:
On 2013-12-19 Thu 13:43 PM |, Craig R. Skinner wrote:
Enhance rc.d/rc.subr with lowered/raised daemon running priority.
Take 2:
Replace /etc/rc.d/daemon rc_renice=X with
/etc/rc.conf.local daemon_nice=X
Take 3 - simplify:
Use
On 2013-12-28 Sat 15:13 PM |, Theo de Raadt wrote:
Enhance rc.d/rc.subr with lowered/raised daemon running priority.
You still have done nothing to prove the case for this extra
complexity.
When I managed customer's dedicated servers, it would have been useful,
for example, to have sshd
On 2013-12-21 Sat 08:55 AM |, Theo de Raadt wrote:
You seem to be coming from the perspective that people do stupid
things, and our base system should handle those stupid things.
My perspective is maildir (backed IMAP) is commonly deployed,
and such are as well being security checked.
On 2013-12-21 Sat 09:16 AM |, Theo de Raadt wrote:
You seem to be coming from the perspective that people do stupid
things, and our base system should handle those stupid things.
My perspective is maildir (backed IMAP) is commonly deployed,
and such are as well being security
On 2013-12-21 Sat 17:13 PM |, Alexander Hall wrote:
Comments/testing observations/?
This is not the purpose nor responsibility off the rc.d scripts.
What alternatives have you in mind?
Maybe an /etc/rc.nicetab which a root run cron job parses for daemon
values, then checks that against
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
skin...@britvault.co.uk (Craig R. Skinner) writes:
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Indeed, but security(8) really reflects
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Indeed, but security(8) really reflects things in the base OS,
smtpd.conf(8)
deliver to maildir path
Mail is added to a maildir. Its
On 2013-12-16 Mon 13:15 PM |, Craig R. Skinner wrote:
On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote:
On 2013/12/16 12:11, Craig R. Skinner wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Aren't maildirs usually in ~/Maildir?
MTA's can deliver
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Index: security
===
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.23
diff -u -u -p -r1.23 security
--- security21 Mar 2013 09:37:37 -
On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote:
On 2013/12/16 12:11, Craig R. Skinner wrote:
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Aren't maildirs usually in ~/Maildir?
MTA's can deliver to maildirs in several places.
Postfix example (the trailing slash
As the others here with brains have had a chance to sleep on this,
what's the current thinking?
As I understand it, there are 2 decisions to make:
1) How to decide if a $daemon is a script as opposed to a binary
(*) file(1)
(*) dd(d)
(*) sed(1)
Could stat(1) be tasked
On 2013-09-16 Mon 23:28 PM |, Alexander Hall wrote:
sed can do it all. Really.
This is getting beyond me Alexander.
Is sed a mechanism to step away from using file(1) ?
Notes:
- I separate re_quote() cause I think it can be useful in other places.
- I think re_quote() is (basic)
For scripts (perl, shell, whatever...), prefix ${pexp} with the script's
interpretor path as defined by the script.
No need to override ${pexp} in the daemon's rc file.
Index: rc.subr
===
RCS file: /cvs/src/etc/rc.d/rc.subr,v
On 2013-09-16 Mon 13:00 PM |, Antoine Jacoutot wrote:
Heh, very interesting trick ;-)
But I don't think that is 100% full proof as is.
e.g.
$ head -n 1 /usr/local/bin/xml2-config | cut -d! -f2
/bin/sh
You have a white space before the interpreter.
If you can improve that and make
On 2013-09-16 Mon 15:12 PM |, Paul de Weerd wrote:
Hi Craig,
--- cat bad_script.sh
# This is a VERY BAD example of a script! This will break your
# shebang thingambob
echo Now what...
ping
On 2013-09-06 Fri 10:29 AM |, David Coppa wrote:
On Thu, Sep 5, 2013 at 9:31 PM, Craig R. Skinner
skin...@britvault.co.uk wrote:
Doesn't seem to reload once chrooted:
$ sudo /etc/rc.d/spamd -d reload
doing rc_read_runfile
doing rc_check
spamd
doing rc_reload
Sep 5 19:57
ping
On 2013-09-05 Thu 14:48 PM |, Todd C. Miller wrote:
I changed my mind and decided it is better to just move the chown
and chmod out of copydotfiles() and add an explicit check for skeldir
set to the empty string. Much as I would like to prettify the
user.c code it is a losing battle so
On 2013-09-06 Fri 10:29 AM |, David Coppa wrote:
OK with me.
ciao,
David
Anyone else?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Solved?
On 2013-09-05 Thu 14:48 PM |, Todd C. Miller wrote:
I changed my mind and decided it is better to just move the chown
and chmod out of copydotfiles() and add an explicit check for skeldir
set to the empty string. Much as I would like to prettify the
user.c code it is a losing battle
On 2013-08-31 Sat 11:18 AM |, Kenneth R Westerback wrote:
This makes sense to me. ok krw@
Ken
ping?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Doesn't seem to reload once chrooted:
$ sudo /etc/rc.d/spamd -d reload
doing rc_read_runfile
doing rc_check
spamd
doing rc_reload
Sep 5 19:57:54 oak spamd[22335]: greyreader failed (Error 0)
doing rc_wait reload
doing rc_check
doing rc_check
...
..
.
doing rc_check
(failed)
Index: spamd
On 2013-08-31 Sat 11:45 AM |, patrick keshishian wrote:
On Sat, Aug 31, 2013 at 06:23:25AM -0600, Todd C. Miller wrote:
Assuming we want to make this a non-fatal error the following should
do.
You meant non-existent skel dir, not empty. Unless you
meant empty argument for -k option, i.e.,
37 matches
Mail list logo