Re: pledge for sockets

I'm not saying to alter pledge necessarily, maybe make new system call like pledge. There aren't any per-process pf rules that are applied. When a socket connects to a remote or local server and pf makes a state, it has the originating randomized port. Pf rules can be made that target those randomi

Re: pledge for sockets

Pledge will presumably have per process (including fork()ed process) **path limitations on rpath rpath and wpath calls, why not limitations on inet and unix? On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson wrote: > 2017-04-26 13:19 GMT+02:00 Luke Small : > >> I'm not sayin

Re: pledge for sockets

17 at 9:51 AM Reyk Floeter wrote: > > > Am 26.04.2017 um 13:38 schrieb Luke Small : > > > > Pledge will presumably have per process (including fork()ed process) > **path > > limitations on rpath rpath and wpath calls, why not limitations on inet > and > >

Re: pledge for sockets

different user through pf (and when I get a more serious machine, possibly through a unique interface). Most importantly, I need it for session cache for multiple processes. On Sat, Apr 29, 2017 at 10:02 AM Luke Small wrote: > I have a program that I believe needs inet to talk to a > database(libh

80 users

As I recall, there is a build configuration of 80 users for some kernel components. What happens if the system exceeds that number?

Pf with secondary DNS resolution

Is it worthwhile to set up a hook for pf to load rules that have URLs after the network services that can resolve them come into effect?

Re: Pf with secondary DNS resolution

possible or already done, but you could have a computer check into a target machine that often changes the ip address or system while the firewall is locked down to only send messages to that remote machine and if it is compromised, can't send it anywhere else. On Wed, May 3, 2017 at 3:16

Pf with secondary DNS resolution

Four words Peter..."dynamic IP address". I'm sure that there are folks that ssh into machines that are on a dynamic IP address that don't have a modem on a power backup, or even possibly on an ISP that may down, possibly when they are out of town. I don't know if it is possible or already done, but

list all system users, eg. _x11

Is there a way to determine all users on a system that the users command doesn't seem to show? like _x11 and _ntpd

Re: list all system users, eg. _x11

I assume that people play by the rules, so if I need to identify all > the user accounts (to recreate them on a new system or something), I > exclude uids under 1000 as a starting point. > > > On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI > wrote: > >> and...@msu.ed

why does unbound listen as root

pf rule execution says it listens as root, but it connects as the _unbound user, when configured to run as _unbound. Why doesn't it listen, bind, etc. as root, drop privileges and pledge away privilege escalation? Is it to avoid more #ifdef hell? Or can you not listen to a privileged port if you dr

How do you use EV_DISPATCH in kqueue(2)

Is EV_DISPATCH somehow like EV_ONESHOT or EVDISABLE ? What is a use case? If you have an open socket file descriptor with a EVEFILT_READ, does it close the socket upon getting some data? I don't run current.

Pledge paths[ ]

Is paths[] going to have permissions defined for each path? Like: char *paths[], int *mode, where mode is the same as in dbopen(3). Maybe so you don't have to clean up previous pledge calls, any pledge calls with a NULL paths argument doesn't have anything specified for mode. for simplicity, modes

pkg_add ignores -m

Using the -m flag it still gets warnings from pulseaudio and redis that I didn't use the -m flag

Re: Automatically restarting services/daemons after crash

I read "hacking blind." Can you restart a daemon with another forked process that's only job is to monitor a pipe or a waitpid()-like operation and if the parent dies, it exec's to restart it, or even execs "rcctl restart ntpd" If the mitigations are successful at limiting execution to let's say,

Re: Automatically restarting services/daemons after crash

Maybe more things should be randomized like the stack canaries. Is that a new idea? On Fri, Oct 13, 2017 at 11:34 PM Theo de Raadt wrote: > > I read "hacking blind." Can you restart a daemon with another forked > > process that's only job is to monitor a pipe or a waitpid()-like > operation > > a

Re: Automatically restarting services/daemons after crash

I am not versed in operating systems as well as you, but I would think that stack and buffer canaries would differ from each execution.

Re: Automatically restarting services/daemons after crash

If that's true, then why has Theo been speaking of the brop problems, when they begin with an incremental canary discovery that becomes all but impossible to guess when it becomes a random 4 byte datum each time rather than a datum that remains the same each restart? Braille should already be imp

Re: Automatically restarting services/daemons after crash

/wiki/Blind_return_oriented_programming seems to state so. I dont fully trust wikipedia. On Sat, Oct 14, 2017 at 3:06 AM Philip Guenther wrote: > On Sat, Oct 14, 2017 at 12:49 AM, Luke Small wrote: > >> If that's true, then why has Theo been speaking of the brop problems, >> when they begin with an

Can SSH report successful connections to pf?

Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better?

Re: Can SSH report successful connections to pf?

Cool! On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri < andreas.kah...@icm.uu.se> wrote: > On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote: > > > > You might want to parse /var/log/authlog and the logrotated > authlog.[0-9].gz > > for successful and unsuccessful logins

This a good place to find a Sr. C coder 4 app server?

I have what I feel to be a profound idea that is in need of someone with a strong resume. I have a patent. I want to use it to enable users to get tested for sexually transmitted diseases, then use iris scanning smartphones to compare their disease sets. There is a strong epidemiological component

anybody installed angr, eg. pip install angr

It doesn't natively support OpenBSD.

Can unveil pledge to only reduce?

Could you have a promise for unveil reductions only?

Re: Can unveil pledge to only reduce?

Ok. Thanks. On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote: > Luke Small wrote: > > Could you have a promise for unveil reductions only? > > That won't actually help much, and people will fall into some > pretty significant traps. > > Sorry it would require a really long explanation. >

Make new OpenBSD 2.5 daemon art!!!

Re: Can unveil pledge to only reduce?

, NULL) instead of a pledge command? It apparently knows if it is an increase in permissions, can't it be set to only permit them? On Thu, Aug 16, 2018 at 2:00 PM Luke Small wrote: > Ok. Thanks. > On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote: > >> Luke Small wrote

Could somebody please put unveil() in ftp(1)?

unveil is nowhere to be found in the ftp program source code. There’s probably another way to do it, but I wrote a program and searched all files in /usr/src/usr.bin/ftp/ contain no mention of “unveil”, but It mentions “pledge” It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c: if (

Re: Could somebody please put unveil() in ftp(1)?

You mention a lot of files that need to be read, but a program like pkg_add can make it the _pkgfetch (57) user which has no directory and I’m guessing not in interactive mode. At the very least, in noninteractive mode you could unveil(“/“, “rx”); and change the specified output file discover the n

Re: Could somebody please put unveil() in ftp(1)?

May 29, 2020 at 8:50 AM Stuart Henderson wrote: > On 2020/05/29 08:30, Luke Small wrote: > > You mention a lot of files that need to be read, but a program like > pkg_add can make it the > > _pkgfetch (57) user which has no directory and I’m guessing not in > interactive mode. At t

Re: Could somebody please put unveil() in ftp(1)?

I missed something. -Luke On Sat, May 30, 2020 at 2:53 PM Luke Small wrote: > I’ll get to looking at ftp(1) more when I get some physical contact with > my server. I’m quaranteaming with my girlfriend’s folks. > > I have a pkg_ping program (OpenBSD-specific, dns caching, l

Re: Could somebody please put unveil() in ftp(1)?

the three files below vs the originals since I last updated the source files. -Luke On Tue, Jun 2, 2020 at 12:43 PM Kevin Chadwick wrote: > On 2020-06-02 17:28, Luke Small wrote: > > I don’t have experience doing diffs. Are there flags I should be using > in diff > > or sh

I unveil()ed ftp(1)!

I think I'm done tinkering. try these out in ftp folder. I left in some fprintf(ttyout,...) in main.c to show what is being unveiled. It resolves shortcuts in SSL_CAFILE and SSL_PATH variables. It leaves in place the functionality of the original functions, but adds the availability to perform a dr

Re: I unveil()ed ftp(1)!

hank you for the laugh. > > > Luke Small wrote: > > > I think I'm done tinkering. try these out in ftp folder. I left in some > > fprintf(ttyout,...) in main.c > > to show what is being unveiled. It resolves shortcuts in SSL_CAFILE > > and SSL_PATH variables

Re: I unveil()ed ftp(1)!

ean it is amusing, because this is never going to fly. > > This increase in complexity is completely unacceptable, what I see is > completely amateurish, and I also see overflows, a lack of testing > for edge conditions, and a lack of attention to how unveil works. > > > Luke Sm

Re: I unveil()ed ftp(1)!

I figure if it took up that much stack space from before, it'd start needing to dang near run the stack into on-disk virtual memory anyway. At that point, it'd perhaps be a better design choice to break up your ftp calls into slightly smaller chunks to avoid massively poor performance, yeah? LOL I

Re: I unveil()ed ftp(1)!

Or you could have 2 dry runs. One to merely see that it won't head into interactive mode and a second one to start the unveiling directly in fetch.c. Unless unveil itself will have too many entries! -Luke On Wed, Jun 3, 2020 at 11:12 AM Luke Small wrote: > I figure if it took up t

Re: I unveil()ed ftp(1)!

There! It doesn't use an unveil list. It has 2 dry runs as proposed. It could just have a dry run to see if it goes into interactive mode and then unveil as we go! but I like to see all the unveil calls before the ftp output statements myself! -Luke On Wed, Jun 3, 2020 at 11:30 AM Luke

Re: I unveil()ed ftp(1)!

there was tiny error I created. -Luke On Wed, Jun 3, 2020 at 2:24 PM Luke Small wrote: > There! It doesn't use an unveil list. It has 2 dry runs as proposed. > It could just have a dry run to see if it goes into interactive mode > and then unveil as we go! but I like to see

Re: I unveil()ed ftp(1)!

In the case of 1 URLs couldn’t you at least merely unveil “./“ as “cw”; make any specified cafile/capath including shortcut resolution as “r” (perhaps with the shell “x”) so that at worst, current directory files could be overwritten, but not read? On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt

Re: I unveil()ed ftp(1)!

I made symbolic links “ln -s /etc/ssl/cert.pem ”. I used the realpath command and it worked in the software I submitted. On Thu, Jun 4, 2020 at 11:06 AM Theo de Raadt wrote: > No. > > I'm guessing you don't understand symbolic links. > > Look, this is a waste of time

realpath(3) to unveil() symbolic links!

You can use unveil() on both a symbolic link and the value recovered by putting it in realpath(3)! I used it in what I submitted for unveiling ftp(1) -- -Luke

Re: Filling a 4TB Disk with Random Data

if you have access to packages, you could "pkg_add pv" and: "dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m" It will show you in real time how much random data has been written to disk. -Luke On Wed, Jun 10, 2020 at 11:43 AM Luke Small wrote: > I mean: "dd

why isn't strlcpy written like this:

strlcpy is: size_t strlcpy(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; /* Copy as many bytes as will fit. */ if (nleft != 0) { while (--nleft != 0) { if ((*dst++ = *src++) == '\0') break; } } /* Not enough room in dst, add NUL a

strlcpy version speed tests?

I made a couple different versions if anybody is interested! -Luke #include #include #include #include #include #include /* cc strlcpy_test.c -pipe -O2 -o strlcpy_test && ./strlcpy_testfast */ /* * Copy string src to buffer dst of size dsize. At most dsize-1 * chars will be copied. Alwa

Re: strlcpy version speed tests?

I suppose this strlcpy4 without a goto is more elegant -Luke On Tue, Jun 30, 2020 at 10:07 PM Luke Small wrote: > I made it SUPER easy to test my assertion. The code is there. No > configuration needed. > > On Tue, Jun 30, 2020 at 9:59 PM Theo de Raadt wrote: > >&

Re: strlcpy version speed tests?

Are you clinging to traditions for some purpose? I gave two different versions. strlcpy3 is clearly more easily understood and even slightly faster and strlcpy4 which sets up the following workhorse lines which through timing the functions is hands down faster on my Xeon chips: strlcpy4: while (-

fullscreen iridium stops me scrolling to another fvwm virt. desktop!

fullscreen iridium browser often stops letting me scroll to another fvwm virtual desktop, but I never have that problem with firefox! Whats the deal? On iridium, I either have to click on the browser window border or I have to unmaximize the browser window to leave space between the browser window

USA kernel hackers looking for a $120k+ job?

I’m applying for federal grant which will hopefully start about March or April and I’m looking for somebody who can work on OpenBSD and in C (perhaps with a touch of python) to do the server side of an extraordinary dating app which will be able to prove STD uninfectiousness! -- -Luke

pf and Wireguard

... Change: match out on egress from (wg0:network) to any nat-to (egress:0) To: match on egress from (wg0:network) to any nat-to (egress:0) tag “wireguard” pass tagged “wireguard” keep state -- -Luke

Who has an ancient -current snapshot

I need an old kernel image older than maybe a couple weeks old. I have the x8dth-6f motherboard and newer snapshots broke it. I made the mistake of trying to downgrade to 6.5 and now I can boot my machine! I made a not-bright decision. -- -Luke

Re: Who has an ancient -current snapshot

Thanks, Somebody else directed me to it too! I got my server working again!!! -Luke On Sat, Sep 7, 2019 at 3:52 AM Marcus MERIGHI wrote: > Hello Luke, > > lukensm...@gmail.com (Luke Small), 2019.09.07 (Sat) 00:56 (CEST): > > I need an old kernel image older than maybe a coup

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

Mine works on 8-27 -- -Luke

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

It doesn’t work for me on the ftp.hostserver.de/archive/2019-08-29-0105/amd64/ bsd.rd! On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote: > Mine works on 8-27 > -- > -Luke > -- -Luke

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

installed soon af...“ On Sun, Sep 8, 2019 at 11:19 AM Luke Small wrote: > It doesn’t work for me on the > ftp.hostserver.de/archive/2019-08-29-0105/amd64/ > bsd.rd! > > On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote: > >> Mine works on 8-27 >> -- >> -Luke >> > -- > -Luke > -- -Luke

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

I have mfii too: dmesg | grep mfii: mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache scsibus1 at mfii0: 64 targets scsibus2 at mfii0: 256 targets > On 8.9.2019. 18:19, L

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

Yay! -Luke On Sun, Sep 8, 2019 at 8:07 PM David Gwynne wrote: > I think I see the problem. We're going to try and test this locally and > will hopefully have something committed in a few hours time. > > dlg > > > On 9 Sep 2019, at 10:33, Luke Small wrote: > >

Can root C program call to sysctl be pledge()ed?

I have need to call sysctl() in a C program to read “sysctl kern.version”. Will there be a pledge() to prohibit further calls to sysctl()? I’m kinda afraid that putting a sysctl call could conceivably leave it vulnerable to calling it again in the case the mitigations fail and sysctl() is run to c

Fwd: Re: pledge() enhancement

-- Forwarded message -- From: "Ingo Schwarze" Date: Nov 13, 2015 7:32 PM Subject: Re: pledge() enhancement To: "Luke Small" Cc: Hi Luke, Luke Small wrote on Fri, Nov 13, 2015 at 06:01:37PM -0600: > I didn't like how rmdir(2) managed to not work

"# systrace -c1000:1000 kate" for privilege escalated editing?

I want to be able to use systrace for privilege escalation for kompare for sysmerge diffs and kate. Why isn't systrace able to do this? -Luke

Re: "# systrace -c1000:1000 kate" for privilege escalated editing?

write a program that doesn't suid but can open a privileged socket under systrace -c 1000:1000 ./server On Dec 2, 2015 19:44, "Vadim Zhukov" wrote: > 03 дек. 2015 г. 4:27 пользователь "Luke Small" > написал: > > > > I want to be able

Re: "# systrace -c1000:1000 kate" for privilege escalated editing?

>I can't quite figure out what you're trying to do, but running big GUI >programs and libraries with root privileges (whether that's from systrace or >doas or sudo or su or whatever) is usually not a good idea. Thinking about it now, I guess if you add root write privileges to writing files, you a

Xscreensaver gets interrupted with no inputs

I am not on the web with my 5.8 virtualbox guest and it never blanks unless it is set to 1 minute and when it is locked, it is interrupted. Is it a bug, or is it possibly a virus? My windows host goes into the screensaver and stays just fine.

text-mode gui

If installer GUIs are bad, maybe features like full-disk encryption could be accomplished via lynx-like text -based HTML and/or JavaScript that could write to cookies that the installer could parse into commands? -Luke

Re: text-mode gui

li...@wrant.com wrote: > >> On Sun, 20 Dec 2015 10:51:20 + Tati Chevron >> wrote: >> >> On Sat, Dec 19, 2015 at 05:34:59PM -0600, Luke Small >>> wrote: >>> > >>> >If installer GUIs are bad, maybe features like full-disk encryption &g

Re: text-mode gui

to wade through man pages to discover how to fix the problem, when it can merely be an install option. -Luke On Sun, Dec 20, 2015 at 3:33 PM, wrote: > On Sun, 20 Dec 2015 14:03:18 -0600 Luke Small > wrote: > > > I don't know the best way, but I like how there are

Re: text-mode gui

I can do that. All I have to do is read in the file to a buffer until it gets to a section separated by a space and includes commas and writing a new buffer with ",softdep added to it. Easy Peasy! -Luke On Sun, Dec 20, 2015 at 5:48 PM, Mike Burns wrote: > On 2015-12-20 17.25.14 -06

Re: text-mode gui

software. If they want to run a two nic gateway, let them read the man-pages. -Luke On Sun, Dec 20, 2015 at 7:45 PM, Dmitrij D. Czarkoff wrote: > Luke Small said: > > There are other features that inexperienced users could benefit from, > like > > selecting a mirror for PKG_

Re: text-mode gui

I suspect that there could be a number of minor implementation tweaks that could be addressed that would be convenient to avoid presumably to streamline the install process for folks that would prefer to avoid an incessant procession of questions. There are other features that inexperienced users

Re: text-mode gui

ut up a fight against the user and doesn't self-destruct any time it needs to fsck: By Default. On 12/21/15, li...@wrant.com wrote: >> Luke Small >> >[...] It would be very easy to write a C >> >program to parse and edit fstab to make all the partitions s

Re: text-mode gui

You are a normal user and have full disk encryption. You must have read the man page on how to do that? Found the installer option did you. I have read several books on openbsd and all the man pages I could find and didn't find out how to do it anywhere else other that how to webpages. On Dec 21, 2

Re: text-mode gui

Ha Ha. I got Theo to call me a whiny prick! I'm getting the t-shirt. >You play absolutely no part in the decisions that got OpenBSD to where it is. At least somebody is listening, even if they are ignoring everything. What point is there to having an automated machine, when you have to do everyth

if I were to make a pkg-add diff

I can't type underscore on this device. Assuming i could do it: If I were to make a sloppy perl-based pkg-add program that used c and the installer code to (re)set the PKG-PATH environment variable using the "http" settings that are available for installing the modules from mirrors, if I made chan

Re: if I were to make a pkg-add diff

I wanna make a c program that checks for a PKG_PATH that exists and connects to a workable link for pkg_add(). If you ever upgraded using http mirrors on the install disk, it offers list# which links directly to numbered mirrors. It would likely ease the initial startup for whomever uses it while n

Re: if I were to make a pkg-add diff

I suspect that if you did, it wouldn't check whether there was an astronaut ready to control the on-board computer and would sit there continuously trying to rev the rocket engines with no jet fuel. That is the way pkg-add acts right now. I felt pretty ridiculous wondering why pkg-add wasn't workin

Re: if I were to make a pkg-add diff

to the kind of messages delivered by pkg-add itself to rm folder contents at the end of a run. On 12/25/15, Luke Small wrote: > I suspect that if you did, it wouldn't check whether there was an > astronaut ready to control the on-board computer and would sit there > continuously trying t

Re: if I were to make a pkg-add diff

Come to think about it, it might to be good to do tiny standalone program called pkg_ping and then I could make it in C like I'd prefer. I'd hope to make a port maybe, but then it would functionally defeat the intent. On 12/26/15, Luke Small wrote: > I just figure that adding a litt

Re: if I were to make a pkg-add diff

I just figure that adding a little complexity that doesn't adversely affect security, to ease initial entry into the system for new users could be good. pkg_add initialization and mirror selection can be automated in a way to not discourage someone from picking up a fresh install and running with i

Re: if I were to make a pkg-add diff

I guess I didn't really answer your question. It wouldn't rely upon the ramdisk. It is meant to run after install. So it would presumably have all the firmware. I was thinking about running it similarly to the install output though. I setup a local mirror once and it crapped out after a while and j

Re: if I were to make a pkg-add diff

You could do that if you want to have noobs connect to one of the mirrors into perpituty that brings down the server like a ddos every release! > I think the best that can be done relatively easily would be to have >pkg_add fetch ftplist.cgi and pick the first result as a default if neither >pkg.c

Re: if I were to make a pkg-add diff

Even though I don't have an internet connection for my laptop I started the C program that pipes an execl call from ftp, to sed, (like the suggestions offered earlier in the thread, and back to the parent and it will use kqueue to test the pipe buffer capacities to a local buffer (I love kqueue)...

Re: if I were to make a pkg-add diff

on a specific file, whether the results may be skewed by inconsistent squid or similar program caching often downloaded files on mirrors. On Dec 27, 2015 18:17, "Luke Small" wrote: > Even though I don't have an internet connection for my laptop I > started the C program tha

Re: if I were to make a pkg-add diff

What I meant is, if a program sends a handful of pings to each mirror, would it think it is being spammed and shutdown any further connections. I didn't mean to say that I want to connect the pkg_ping program to a of anchor. I tried an initial localhost pinging, pkg_ping program in virtualbox usin

Re: if I were to make a pkg-add diff

I am realistically thinking more along the lines of less than once a release cycle. More like whenever it comes upon a user that their mirror of choice chooses to no longer be a mirror. I had that happen to me. It would be convenient to have a program that can easily compare mirror latencies and do

Re: if I were to make a pkg-add diff

> All of the functionality you are requesting is already provided. > > look at finish_up() in src/distrib/miniroot/install.sub. > > There is no reason at all to modify pkg_add. Just setup /etc/pkg.conf. > > > On 2016 Jan 04 (Mon) at 04:02:07 -0600 (-0600), Luke Small wrote:

Re: if I were to make a pkg-add diff

I made a small 500 line program I call pkg_ping that calls uname -rm, ftp, sed, on openbsd.org/ftp.html. then it changes all the parsed http and ftp mirrors into http and ftp downloads and changes them to non redundant http mirrors (it has to to easily call ftp on it). It takes them and downloads S

Re: if I were to make a pkg-add diff

here you go! Enjoy! -Luke On Tue, Jan 19, 2016 at 2:57 AM, Erling Westenvik < erling.westen...@gmail.com> wrote: > On Tue, Jan 19, 2016 at 01:26:15AM -0600, Luke Small wrote: > > I made a small 500 line program I call pkg_ping that calls uname -rm, > > ftp, sed, on openbs

Re: if I were to make a pkg-add diff

Go to: *I have a mirror testing program for you.* in the tech mailing list. It copied there. -Luke On Tue, Jan 19, 2016 at 11:18 PM, Luke Small wrote: > here you go! Enjoy! > > -Luke > > On Tue, Jan 19, 2016 at 2:57 AM, Erling Westenvik < > erling.westen...@gmail.co

Re: if I were to make a pkg-add diff

wrote: > On Tue, Jan 19, 2016 at 01:26:15AM -0600, Luke Small wrote: > > I made a small 500 line program I call pkg_ping that calls uname -rm, > > ftp, sed, on openbsd.org/ftp.html. > > A "program"? In what language? Is your code available somewhere? > > >

Re: if I were to make a pkg-add diff

x27;t even a big enough transfer to get TCP out of slow start. SHA256 is over 600 KB. -Luke On Wed, Jan 20, 2016 at 1:14 AM, Luke Small wrote: > not knowing better... > > I always wanted to know the fastest mirrors for me, and at times it > changes some from the testing I

Re: bandwidth usage limits with pf, etc.

man pf.conf set limit

Re: I have a program I wish to submit for the base

I wanted to use kqueue. Name another script or programming language that offers it from the base install. NONE! Why should I write it in another language. I already did it in C. Is there another way other than kqueue that you can wait for the ftp call to quit, while being able to kill it if it tak

Re: I have a program I wish to submit for the base

namic array would be even more sloppy. The only problem is that the program is potentially subject to a man-in-the-middle attack from a non secured webpage. Manually setting the package mirror has the same problem too though. On Jan 30, 2016 06:50, wrote: > Fri, 29 Jan 2016 16:35:12 -0

Re: I have a program I wish to submit for the base

the program overwrites ONLY the installpath variable(s) in /etc/pkg.conf. The rest of the variables will remain. PKG_PATH environment variable takes precedence over any installpath initializations. I'm running 5.8. I don't know how to pledge it. I will make sure to, past the 5.9 release. I'm sure

I'm curious, why is queue() in style()

It seems to complicate things. Is there a security reason to use those functions?

Wouldn't it be cool...!

What if you could set up a pf rule to: overload an ip address into a table if they tried to access the wrong port on an address and overload flush global immediately into a blocklist ( max-src-states 0)! or with max-src-conn-rate 2/60 when sshd behaves in such a manner as to confirm that a succ

Snort for httpd’s https sessions?!

Is there a way for a hook(?) for snort to read plaintext https sessions in OpenBSD’s httpd?! That’d be SUPER SWEET!-- -Luke

FVWM terminal emulator transparency issue in -current

I'm running fvwm window manager and I just switched to -current. Roxterm is totally messed up, won't do transparent background and I tried xfce4-terminal and it says it won't do transparent backgrounds because compositing is disabled Sure first-world problems, but I REALLY want fvwm to do trans

Re: FVWM terminal emulator transparency issue in -current

Thanks! I just made it run at opacity .55 and I LOVE IT! Thanks! On Mon, Feb 15, 2021 at 11:25 PM Thomas Frohwein wrote: > On Mon, Feb 15, 2021 at 05:03:55PM -0600, Luke Small wrote: > > I'm running fvwm window manager and I just switched to -current. Roxterm > is > > t

Can I shorten fw_update download timeout?

I make unbound connect to dnscrypt-proxy and after an update, it’ll just sit there for what seems like 2 minutes while fw_update inevitably fails before turning on dnscrypt-proxy. I’ve been running snapshots and that’s really dumb. Or is there a way to have unbound connect to a failover server when

  1   2   >