On Mar 03 16:10:45, Louis Opter wrote:
> Hello,
>
> I'm running OpenBSD 4.4 release on an i386 machine.
> I use a Compact Flash card as hdd. Without manual configuration the bios
> recognizes it as removable and refuses to boot OpenBSD.
What machine is that?
> The machine is used for nat/filtering + dns server, and do it very well.
>
> But, I have noticed something strange with the compact flash. Sometimes,
> I get this in dmesg :
>
> Feb 24 08:12:10 gw-pri-eaubonne /bsd: wd0(pciide0:0:0): timeout
> Feb 24 08:12:10 gw-pri-eaubonne /bsd: type: ata
> Feb 24 08:12:11 gw-pri-eaubonne /bsd: c_bcount: 16384
> Feb 24 08:12:11 gw-pri-eaubonne /bsd: c_skip: 0
> Feb 24 08:12:11 gw-pri-eaubonne /bsd: pciide0:0:0: bus-master DMA error:
> missing interrupt, status=0x20
> Feb 24 08:12:11 gw-pri-eaubonne /bsd: wd0d: device timeout reading fsbn
> 209760 of 209760-209791 (wd0 bn 604896; cn 75 tn 1 sn 33), retrying
> Feb 24 08:12:11 gw-pri-eaubonne /bsd: wd0: soft error (corrected)
> Feb 24 08:12:11 gw-pri-eaubonne savecore: no core dump
> Feb 24 08:12:12 gw-pri-eaubonne /bsd: wd0: transfer error, downgrading to
> Ultra-DMA mode 1
> Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0(pciide0:0:0): using PIO mode 4,
> Ultra-DMA mode 1
> Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0e: aborted command, interface CRC
> error reading fsbn 466560 of 466560-466591 (wd0 bn 1272960; cn 157 tn 109 sn
> 45), retrying
> Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0: soft error (corrected)
(You should always provide a full dmesg with hardware issues.)
If you are sure all other hardware is OK, then the card
is faulty. Throw it away and buy a new one, they are very cheap now.
> However the machine works normally. (And, I have checked the card is
> correctly plugged in)
>
> But, yesterday I have also noticed that I can't use setuid programs :
>
> Mar 2 15:02:14 gw-pri-eaubonne su: cannot stat
> /usr/libexec/auth/login_passwd: Permission denied
> Mar 2 15:02:14 gw-pri-eaubonne su: /usr/libexec/auth/login_passwd: path not
> secure
Not sure what this means. Who is trying the su?
> After I bit of searching I have seen this mail received from daily
> insecurity output.
>
> Checking setuid/setgid files and devices:
> Setuid additions:
> -r-sr-xr-x 1 root bin 157440 Aug 13 00:56:44 2008 /sbin/ping
> -r-sr-xr-x 1 root bin 182208 Aug 13 00:56:46 2008 /sbin/ping6
> [...]
> ======
> /etc/fstab diffs (-OLD +NEW)
> ======
> --- /dev/null Wed Feb 25 01:30:08 2009
> +++ /etc/fstab Mon Feb 16 15:32:45 2009
> @@ -0,0 +1,5 @@
> +/dev/wd0a / ffs rw 1 1
> +/dev/wd0f /tmp ffs rw,nodev,nosuid 1 2
> +/dev/wd0e /usr/ ffs rw,nodev,nosuid 1 2
> +/dev/wd0d /var ffs rw,nodev,nosuid 1 2
> +/dev/wd0g /var/tmp ffs rw,nodev,nosuid 1 2
> [...]
This looks to me like the first insecurity report after a fresh install
- note that it's a diff between /dev/null (as of Feb 25 = OLD) and /etc/fstab
(as of Feb 16 = NEW). Strange.
> So the system replaced my configuration files and put nosuid on /usr.
Why would the system change your mount flags?
> The modifications that I have done on other configurations files (I
> haven't touched the fstab since the install) were kept.
When did you install?
> I have corrected the fstab and it works. But now I have three
> questions :
> - Why this happened ?
> - From where my configuration was restored ? (I don't use altroot)
The system doesn't "restore" your configs (whatever that means),
but keeps daily backups in /var/backups. It might be interesting to see
the stat(1) of the files there.
> - These warnings in dmesg can be considered harmless ?
No.
Jan
