dz...@disroot.org(dz...@disroot.org) on 2021.06.15 14:12:22 +:
> > Seems to be working as intended. You are letting someone run all binaries.
> And I am not letting someone write to the filesystem. Yet, they can
> bypass that easily. `unveil("/", "rx")` gives a false illusion of
> security,
On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> iked(8) uses 3 hours and 512 megabytes of processed data as default
> lifetime hard limits for Child SA. Also it sets 85-95% of these values as
> soft limit. iked(8) should perform rekeying before we reach hard limit
> otherwise this SA will be
Am Tue, Aug 03, 2021 at 01:40:51PM +0200 schrieb Tobias Heider:
> On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> > On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > > lifetime hard limits for Child SA.
On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > lifetime hard limits for Child SA. Also it sets 85-95% of these values as
> > soft limit. iked(8) should
On Tue, Aug 03, 2021 at 01:40:51PM +0200, Tobias Heider wrote:
> On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> > On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > > lifetime hard limits for Child SA.
On Tue, Aug 03, 2021 at 12:17:38PM +0100, Stuart Henderson wrote:
> On 2021/08/03 01:12, Vitaliy Makkoveev wrote:
> > iked(8) uses 3 hours and 512 megabytes of processed data as default
> > lifetime hard limits for Child SA. Also it sets 85-95% of these values as
> > soft limit. iked(8) should
On Mon, Aug 02, 2021 at 09:09:03PM -0600, Theo de Raadt wrote:
>
> I suspect the first step is to make the rekey decision be based upon the
> strength of the ciphers.
>
Do you mean the special default limits for each cipher?
On 2021/08/03 17:02, Vitaliy Makkoveev wrote:
> > - a 50% lower limit feels too low to me
> >
>
> Why? The 95% limit is too close to lifetime expiration and as it was
> exposed we don't have enough time to perform rekeying. I also had this
> problem while tested iked(8) over WIFI connection and
On 2021/06/15 17:39, Stuart Henderson wrote:
> > Then again, I don't get the feeling many people use snmpd at this time
> > and maybe it's a good moment to bite the bullet and go for safest
> > defaults possible at this time. But if that's the case I would like to
> > follow up with a diff to
On 2021/08/03 22:07, Martijn van Duren wrote:
> On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote:
> > On 2021/06/15 17:39, Stuart Henderson wrote:
> > > > Then again, I don't get the feeling many people use snmpd at this time
> > > > and maybe it's a good moment to bite the bullet and go
@tech
this combo has been working great for me the past few days.
i have not encountered any sort of crash since doing a sysupgrade.
$ sysctl kern.version
kern.version=OpenBSD 6.9-current (GENERIC.MP) #158: Sat Jul 31 11:00:00 MDT 2021
On Tue, 2021-08-03 at 21:58 +0100, Stuart Henderson wrote:
> On 2021/08/03 22:07, Martijn van Duren wrote:
> > On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote:
> > > On 2021/06/15 17:39, Stuart Henderson wrote:
> > > > > Then again, I don't get the feeling many people use snmpd at this
On Tue, 2021-08-03 at 18:24 +0100, Stuart Henderson wrote:
> On 2021/06/15 17:39, Stuart Henderson wrote:
> > > Then again, I don't get the feeling many people use snmpd at this time
> > > and maybe it's a good moment to bite the bullet and go for safest
> > > defaults possible at this time. But
13 matches
Mail list logo
