On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote:
> De-escalation using these "sudo" or "doas" like tools on a tty is
> somewhat unsafe - it has always been unsafe - because tty's have
> capabilities.
Until looking into this issue I was totally unaware of the
possible implications
Hello,
I stumbled upon unexpected behavior on OpenBSD 6.0 (all patches)
which seems to allow running commands as the original user when
using su and doas interactively because the controlling terminal
is the same.
The following binary is used to test this and compiled as
/tmp/a.out:
On Mon, Sep 19, 2016 at 07:25:08PM -0700, Philip Guenther wrote:
> Listing what something *doesn't* do is generally a bad plan, because
> the list has no end, so where to draw the line becomes a matter of
> opinion. Better to list what the installer does update and say that's
> the complete list,
On Mon, Sep 19, 2016 at 03:00:40AM +0200, Theo Buehler wrote:
> On Mon, Sep 19, 2016 at 01:59:20AM +0200, Simon Ruderich wrote:
>> I'm a relatively new OpenBSD user and just updated my system from
>> 5.9 to 6.0 but forgot to update the files in /usr/src. Thus when
>> I appli
Hello,
I'm a relatively new OpenBSD user and just updated my system from
5.9 to 6.0 but forgot to update the files in /usr/src. Thus when
I applied the latest patches (001-006) I actually built an old
5.9 kernel which failed to boot. The following patch mentions
/usr/src in the upgrade notes.
On Mon, Jul 04, 2016 at 03:04:32PM -0600, Theo de Raadt wrote:
> Because main() is specified to take those arguments.
For what it's worth, the C-standard [1] specifies both versions:
int main(void) and int main(int argc, char *argv[]).
Regards
Simon
[1]: C11-draft, section 5.1.2.2.1
--
+