Re: USB WLAN Atheros and USB Ethernet FBSD 7.2
On Fri, 15 May 2009 17:15:37 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Friday 15 May 2009 13:04:50 Saša Stupar wrote: I suggest you to buy a good AP (Lynksys, Asus, etc.) and it will work much better than building it from FreeBSD. And this is based on which assumption with what criteria for working better? On my FreeBSD AP I can: - view my logs in realtime - shape traffic - deny/grant access at will without requiring rule reloads (pf tables ftw) - send custom DHCP info, like: option wpad code 252 = text; option wpad http://10.0.0.1/proxy.pac;; - configure over ssh - add memory - control internal and external DNS Aye. Lets note for get all the fun when can have with netgraph and misc VPN stuff. signature.asc Description: PGP signature
Re: write_dma error
On Sat, 18 Apr 2009 17:33:45 +0200 mac.tc raszo...@gmail.com wrote: hi, can anyone tell me what this message is related to? WRITE_DMA UDMA ICRC error (retrying request) LBA=62939519 drive/hardware failing? i am seeing a lot of it lately on a particular disk where i have tried a few different installs and don't always get this problem. i have seen it disappear after some painstaking before a reinstall this disk, like wiping the whole disk clean before install, checking geometry is right, but maybe coincidence? it is a sata300, 7.2 beta1 amd64 and i am thinking there is problem with the disk, but the error varied a bit with different installs (i.e. whether i see the error or not) I suggest installing 'sysutils/smartmontools', checking the health, -H, and if it shows up healthy, run a long self test. If the long self test completes with out issue, it is most likely a bad cable, some what odd for SATA, but I've had it happen several times back in the days of PATA. signature.asc Description: PGP signature
Re: write_dma error
On Sun, 19 Apr 2009 14:36:40 +0100 Bruce Cran br...@cran.org.uk wrote: On Sun, 19 Apr 2009 08:49:10 -0400 Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Hmm. ICRC errors are about the controller talking to the disk electronics. They don't generally have anything to do with the magnetic medium itself. Try replacing the cable. The only time I've seen ICRC errors was when FreeBSD was programming UDMA100 mode when I only had a UDMA33 cable installed. Overridding the mode using atacontrol solved it, as did installing a UDMA66 cable. I've seen the issue quit often in cheap, or long, UDMA100 cables as well. signature.asc Description: PGP signature
Re: odd issue with 6.4-PRERELEASE #2 and udf/cd9660
On Mon, 24 Nov 2008 14:47:34 +0100 (CET) Wojciech Puchar [EMAIL PROTECTED] wrote: really odd. check if your /dev/cd0 actually works by dd if=/dev/cd0 bs=64k of=test.image and if dd won't fail. try then mounting image with mdconfig/mount_cd9660 It DDs fine, but I get the same error when I try to mount it. The odd thing is is if I point tar at it, 'tar -vtf test.image', it shows me the the files contained in the image. I can also mount this disk on other FreeBSD machines. Below is some additional info one my system, if any one is curious. # kldstat Id Refs AddressSize Name 1 17 0xc040 67cf00 kernel 21 0xc0a7d000 15c64geom_mirror.ko 32 0xc0a93000 23018linux.ko 41 0xc0ab7000 14e20snd_hda.ko 52 0xc0acc000 258e8sound.ko 61 0xc0af2000 711b34 nvidia.ko 71 0xc1204000 8884 aio.ko 81 0xc120d000 b6e0 cpufreq.ko 91 0xc1219000 66318acpi.ko 101 0xc7424000 e000 ipfw.ko 111 0xc9083000 6000 udf.ko machine i386 cpu I686_CPU ident vixen42 options SMP # Symmetric MultiProcessor Kernel # To statically compile in device wiring instead of /boot/device.hints #hints GENERIC.hints # Default places to look for devices. makeoptions DEBUG=-g# Build kernel with gdb(1) debug symbols options SCHED_4BSD # 4BSD scheduler options PREEMPTION # Enable kernel thread preemption options INET# InterNETworking options INET6 # IPv6 communications protocols optionsFFS # Berkeley Fast Filesystem optionsSOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFSLOCKD# Network Lock Manager optionsNFS_ROOT# NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS# Pseudo-filesystem framework options GEOM_GPT# GUID Partition Tables. options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!] optionsCOMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI optionsKTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV# install a CDEV entry in /dev options ADAPTIVE_GIANT # Giant mutex is adaptive. device apic# I/O APIC # Bus support. device eisa device pci # Floppy drives device fdc # ATA and ATAPI devices device ata device atadisk # ATA disk drives device ataraid # ATA RAID drives device atapicd # ATAPI CDROM drives device atapifd # ATAPI floppy drives device atapist # ATAPI tape drives options ATA_STATIC_ID # Static device numbering # SCSI peripherals device scbus # SCSI bus (required for SCSI) devicech # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass# Passthrough device (direct SCSI access) device ses # SCSI Environmental Services (and SAF-TE) # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device kbdmux # keyboard multiplexer device vga # VGA video card driver device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc # Enable this for the pcvt (VT220 compatible) console driver #device vt #optionsXSERVER # support for X server on a vt console #options FAT_CURSOR # start with block cursor #device agp # support
Re: IAX2 (or SIP) softphone for FreeBSD
On Mon, 13 Oct 2008 12:28:15 +0200 (CEST) Wojciech Puchar [EMAIL PROTECTED] wrote: anyone know something good. good=simply, works well, preferably no or minimal GUI. The most reliable is 'net/ekiga'. I've run into problems with 'net/kiax' and crossing NAT. That was nearly two years ago so it may for now kiax works for me (but no NAT), just they automatic gain control and noise reduction should be disabled, as it works funny at least :) thanks Sweet! I am currently in the process of drinking a large amount of Jagermiester so this may not make to sense. The problem I originally ran into is that behind goat fraging NAT I would run into issues receiving calls. The problem I ran into is that even though it is suppose to tranvese NAT with out issue,I would never receive incoming calls. In more recent tests I ran into issues with it and seg faulting like it just fraged a goat. The situation I was running into problems with was with asteresik behind NAT as well as the IAX using client. It is a known issue, or was then. Search the Asterisk archives for this email address if you interested in it some more. That goatse.cx issue was why I originally switched to that fraged solution that uses that POS of using the goatseing Gnome stuff. One I get a bit of spare time I am going to wring something that uses ZConf. Any ways, have a great night! May your nights be as bathed in the mercury vapor glow as mine are. signature.asc Description: PGP signature
Re: IAX2 (or SIP) softphone for FreeBSD
On Sun, 12 Oct 2008 16:23:54 +0200 (CEST) Wojciech Puchar [EMAIL PROTECTED] wrote: anyone know something good. good=simply, works well, preferably no or minimal GUI. The most reliable is 'net/ekiga'. I've run into problems with 'net/kiax' and crossing NAT. That was nearly two years ago so it may have been fixed. 'net/twinkle' works for some people, but for me it has always core dumped. If you feel like rolling your own, their is 'net/p5-Net-SIP'. signature.asc Description: PGP signature
Re: Two xorg-server packages?
On Sat, 14 Jun 2008 00:06:47 -0600 Chad Perrin [EMAIL PROTECTED] wrote: I seem to have two xorg-server packages on a FreeBSD system of mine, and I'm not sure why. With one of them, there's no problem: xorg-server-1.4_10,1= up-to-date with port One of them won't upgrade: xorg-server-1.2.99.903_1,1needs updating (port has 1.2.99.903_2,1) ** Port marked as IGNORE: x11-servers/xorg-server-snap: is outdated ** Listing the failed packages (-:ignored / *:skipped / !:failed) - x11-servers/xorg-server-snap (marked as IGNORE) . . . and portaudit says it's vulnerable: Affected package: xorg-server-1.2.99.903_1,1 Type of problem: xorg -- multiple vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/fe2b6597-c9a4-11dc-8da8-0008a18a9961.html Why do I have this xorg-server-1.2.99.903_1,1 package? It appears to be nothing but an older version. Should I remove it, or figure out how to upgrade it? Is it actually just an older version of the same package, or is it a different/separate package entirely? Any help figuring this out would be appreciated. I would just compile x11-server/xorg-server and once it is done do a pkg_delete on xorg-server-snap. Then install xorg-server/xorg-server. What it is complaining about is x11-servers/xorg-server-snap being marked as to be ignored, which it should be now as it is a out of date snap shot of xorg-server from some time back. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Testing RAM
On Sat, 14 Jun 2008 09:45:20 -0500 Ryan Coleman [EMAIL PROTECTED] wrote: How would I go about slamming the RAM in testing? I was figuring I'd drop from 4GB to 1GB and just push the board with the same cp -rvn commands I've been running in an attempt to populate my 7TB RAID5. Also, am I using the wrong FS for the RAID? I partitioned it with gpt (1 large slice) and formatted it with newfs but is there another way? A better way? I read about ZFS recently but I am sure the speed of reading from a RAID5 is lost with it's redundancies. For something that large, ZFS would be my choice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
On Wed, 11 Jun 2008 22:25:32 +0200 David Naylor [EMAIL PROTECTED] wrote: Hi All, Today I read an article describing how my government had lost ZAR200 000 000 from fraud. This is just under $25 000 000. The article credited this loss largely due to the use of spyware. My question is how secure is FreeBSD (including KDE, GNOME and XFCE) to attacks, including cracking and spyware. In addition, is there anyway to prevent a user from executing a program that is not owned by root (i.e. any program installed by the user), this would prevent spyware being installed (assuming root has been properly locked down) and subsequently run. Ugidfw(8) can be used to help with the executable stuff. The same is true for using a restricted shell. The important thing is making sure to make sure the user can't execute any thing other than the few commands they are suppose to. If allowed access to execute any thing in a system bin/sbin path, you begin to run into issues with interpreters, which are as good as being able to execute something owned by them. You can remove permissions to access them, but that strikes me as beginning to get a bit hairy in the long run. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Testing RAM
On Sat, 14 Jun 2008 17:11:32 -0500 Ryan Coleman [EMAIL PROTECTED] wrote: Zane C.B. wrote: On Sat, 14 Jun 2008 09:45:20 -0500 Ryan Coleman [EMAIL PROTECTED] wrote: How would I go about slamming the RAM in testing? I was figuring I'd drop from 4GB to 1GB and just push the board with the same cp -rvn commands I've been running in an attempt to populate my 7TB RAID5. Also, am I using the wrong FS for the RAID? I partitioned it with gpt (1 large slice) and formatted it with newfs but is there another way? A better way? I read about ZFS recently but I am sure the speed of reading from a RAID5 is lost with it's redundancies. For something that large, ZFS would be my choice I take it that's not something I can do after the fact, right? I am not looking forward to redoing 1.6TB in file copying a second time Not that I am aware of. My big reason I would go with ZFS is it would make future updates easier as you can do it on the fly if the disks are just being added to a system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewalls
On Tue, 29 Apr 2008 09:51:29 -0700 perikillo [EMAIL PROTECTED] wrote: On Mon, Apr 28, 2008 at 12:50 PM, Bruce Cran [EMAIL PROTECTED] wrote: Doug Hardie wrote: FreeBSD supports 3 firewalls: IPF, IPFW, and PF. Some time ago (perhaps years) I seem to recall some discussion that one or more of those was better maintained and higher quality than the others. I don't see any indications of this in the handbook. Several years ago I needed to do traffic shaping and used IPFW with dummynet. It worked but the need eventually went away. More recently I needed to incorporate spamd which defaults to PF so I used that. However, now I am back to needing traffic shaping again. I suspect trying to use both PF and IPFW simultaneously will not be a good approach. In addition, there now are instructions for using spamd with IPFW so it appears that either PF or IPFW will do what I need. Is there any additional information available to assist in selecting between those? Thanks. As I understand it pf is often found to be easiest to use and has lots of features like altq and os fingerprinting but is quite a bit slower than ipfw. -- Bruce ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Reading this post, i have some doubt, how is IPFW support for VoIP packets, can do traffic shaping?, i read that PF can do that, I'm right? What exactly are you looking to do in this area? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewalls
On Mon, 28 Apr 2008 20:50:06 +0100 Bruce Cran [EMAIL PROTECTED] wrote: Doug Hardie wrote: FreeBSD supports 3 firewalls: IPF, IPFW, and PF. Some time ago (perhaps years) I seem to recall some discussion that one or more of those was better maintained and higher quality than the others. I don't see any indications of this in the handbook. Several years ago I needed to do traffic shaping and used IPFW with dummynet. It worked but the need eventually went away. More recently I needed to incorporate spamd which defaults to PF so I used that. However, now I am back to needing traffic shaping again. I suspect trying to use both PF and IPFW simultaneously will not be a good approach. In addition, there now are instructions for using spamd with IPFW so it appears that either PF or IPFW will do what I need. Is there any additional information available to assist in selecting between those? Thanks. As I understand it pf is often found to be easiest to use and has lots of features like altq and os fingerprinting but is quite a bit slower than ipfw. There is one thing that IPFW has that PF does not that I have found to be very handy at times. It can be used to setup firewall rules that only affect a specific group or user. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: linux emulation
On Thu, 20 Mar 2008 19:52:14 +1000 Da Rock [EMAIL PROTECTED] wrote: On 20/03/2008, Da Rock [EMAIL PROTECTED] wrote: On Thu, 2008-03-20 at 08:50 +0100, Wojciech Puchar wrote: I've read the handbook and just about anything on linux compat under freebsd. I am particularly interested in drivers under linux compat. emulation allows execution of normal linux programs, not drivers Ok. So input devices won't work either? I refer to this page here: http://people.freebsd.org/~3d/apps/games/unreal_tournament/ What is the driver mentioned here? Incidentally, what is the difference between linux and bsd drivers? The drivers in question are manufacturers binaries for linux in an RPM; hence the question. Plus I came across several notations regarding building or using drivers from linux in bsd (linux-kmod-compat port, the above link, and more). For reference I'm merely very curious, not argumentative on this. Cheers for any answers offered. On Thu, 2008-03-20 at 02:14 -0700, Patrick C wrote: A binary is compiled assembly/code. The binary still needs to interact with low-level hardware using system calls, handling interrupts, etc. in a way that the operating system understands. Applications are more portable and less operating- and hardware-specific than drivers, which require a good understanding of the operating system and the hardware. Please read the current status of linux-kmod-compat, it specifically indicates it is for USB drivers. USB is a simplified bus where the low-level access is handled in the same manner for every device so it's simpler to port the driver. Glide in your case is an API/Library, not an actual driver. Libraries are very similar to applications in how they act with the operating system/environment, and are a must-have on running Linux binaries. This is supported and works well. -Patrick Ok, got that. I read that about the linux-kmod-compat, but I thought that it might have been the beginning of something beautiful (pardon poetics...). I was unaware of the glide situation though. I though glide has been long since past usefulness given the cards it was for no longer are effectively around outside ebay and peoples hardware drawers. I regards to running UT on FreeBSD it runs nicely, other than it requires a hackish manner to install 2007 if you have it on CD. Does anyone know what the differences are between linux and bsd at the system calls, interrupts, etc? I understand that there are some software which accesses hardware at this sort of level which has been adapted as well (raid controllers mainly), so surely there must be some information on what can enable this to work. What this discussion has got me thinking on is a wrapper (ie NDIS), since the drivers are not from the linux oss community but from the actual manufacturer I'm assuming (forgive me, please... :) ) that this may be a feasible solution. In which case, then, I'm going to have to map calls and create device nodes. Should be simple then, no? ;P! I'd love to hear any more suggestions or links to info on any of this, thanks guys. Also, on the linux compat- am I correct in my observation that you have to actually chroot to enable the running of a linux binary? Enter the file structure of the linux compat? Or can you just run it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: A general purpose LDAP solution?
On Sun, 23 Mar 2008 23:26:51 +0100 Jon Theil Nielsen [EMAIL PROTECTED] wrote: 2008/3/23, Jon Theil Nielsen [EMAIL PROTECTED]: Hi list! I have speculated a lot about implementation of (Open)LDAP on my sever. By I haven't yet found the right (and logical) way to do it. I'm running FreeBSD 7.0-Release with some different server applications - Samba PDC - Virtual mail server (Postfix, MySQL, Courier-IMAP) - VPN (currently with mpd4) - Apache-2.2.8 web server (with PHP and MySQL) I would like to implement LDAP for: - authentication of UNIX/login users - authentication of Samba users - authentication/authorization of virtual mail users For the first part, I got useful information from a previsous thread (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html) and for the second part, i guess there is sufficient howtos to make it work. My biggest question right now is if is possible to combine all three things in one data structure. And which in which order I should make the different implimentions. Excuse my total lack of understanding, but is it possible to have a structure with a superior unit such as OU=some organization which could contain several virtual domains and the organization actual doamin for my PDC? -- Jon Theil Nielsen Oh, i forgot one more thing: I would also like to be able to authenticate VPN users the same way. For foo.bar and monkies.foo.bar, I would do it as below. And remember, PAM is your friend. And on a similar note, I am goat fragging surprised Postfix does not have a native PAM auth backend yet. ou=users,dc=foo,dc=bar ou=users,dc=monkies,dc=foo,bar In regards to VPN, you may wish to look into OpenVPN. It has a scriptable password checking mechanism. http://openvpn.net/index.php/documentation/howto.html#auth Enjoy playing with the nastiness that is Samba and LDAP. =^.^= On another note, I changed this from the net list to the questions list as I don't think this really falls under FreeBSD net related stuff. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unix domain socket security and PID retrieval
On Mon, 4 Feb 2008 15:36:30 +0100
Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote:
Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.:
I've come across that mentioned in unix(4). There is no support
for it in regards to Perl. Another problem is it requires support
for that on both ends.
More and more it looks like getting either PID and/or user info
about the other process connecting up to it is impossible, with
out writing some sort of authentication system for the two to use
or both ends have to support the LOCAL_CREDS stuff.
I cannot believe that this doesn't exist for Perl (everything
exists for Perl in one way or another...), and anyway, a quick
search on CPAN found this, which looks as though it's (at least
part of) what you're looking for:
http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm
Finally, thinking back to the last time I used SCM_CREDS on Linux
(which is a lng time ago), I'm not even sure that the sender
has to send an SCM_CREDS message (which would invalidate my former
reply); I think it's enough if the receiver requests to get one
(which will be filled in by the kernel), see the description in the
referenced page above which shows you how to set up the
corresponding recvmsg call.
Sending one is only required in case the sender is root and wants
to spoof it's credentials to the remote process (IIRC).
Been spending a bit of time messing around with it and it appears to
be broken.
I've tried various things, but it does not seem to fetch any thing.
#!/usr/bin/perl
use Socket::MsgHdr;
use Socket;
use IO::Socket::UNIX;
unlink(/tmp/testsocket);
my $listen_socket = new IO::Socket::UNIX( Local = /tmp/testsocket,
Listen=1);
while(my $conn = $listen_socket-accept){
my $inHdr = Socket::MsgHdr-new(buflen=8192, namelen=256);
recvmsg($conn, $inHdr, LOCAL_CREDS);
my $creds=$conn-sockopt(LOCAL_CREDS);
print $creds;
my @cmsg = $inHdr-cmsghdr();
$conn-send($#cmsg.\n);
while (my ($level, $type, $data) = splice(@cmsg, 0, 3)) {
$conn-send($level.\n.
$type.\n.
$data.\n\n);
}
$conn-close;
};
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
unix domain socket security and PID retrieval
Been starting to look into writing some stuff that uses unix domain sockets, but I've been running into the problem of figuring out what the calling PID is on the other end. Any suggestions on where I should begin to look? As it currently stands, I am looking at doing this with perl. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unix domain socket security and PID retrieval
On Mon, 4 Feb 2008 05:33:22 -0600 (CST) Scott Bennett [EMAIL PROTECTED] wrote: On Mon, 4 Feb 2008 04:30:21 -0600 Zane C.B. [EMAIL PROTECTED] wrote: Been starting to look into writing some stuff that uses unix domain sockets, but I've been running into the problem of figuring out what the calling PID is on the other end. Any suggestions on where I should begin to look? Sure. Take a look at the man pages for fork(2), vfork(2), and fork(3f). As it currently stands, I am looking at doing this with perl. In that case, take a look at perlfork(1), too. I am a bit lost on what fork has to do with the question. Currently have found there is no method for figuring what PID it is. I've found there is support for figuring out what user it is, according to unix(4), but there appears to way to get to using any of the existing perl modules for unix domain sockets. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unix domain socket security and PID retrieval
On Mon, 4 Feb 2008 12:54:44 +0100 Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote: Am Montag, 4. Februar 2008 11:30:21 schrieb Zane C.B.: Been starting to look into writing some stuff that uses unix domain sockets, but I've been running into the problem of figuring out what the calling PID is on the other end. Any suggestions on where I should begin to look? As it currently stands, I am looking at doing this with perl. Check out man 3 sendmsg and man 3 recvmsg (which should be wrapped in Perl in some way or another), and passing SCM_CREDS messages between the two processes. The SCM_CREDS message is filled in my the kernel, so there's no way (unless the other side is root) to spoof the credentials information. This requires that the sending end willingly sends SCM_CREDS (and the receiver uses recvmsg to query for it), and sends at least one byte of data along with the ancilliary message. I've come across that mentioned in unix(4). There is no support for it in regards to Perl. Another problem is it requires support for that on both ends. More and more it looks like getting either PID and/or user info about the other process connecting up to it is impossible, with out writing some sort of authentication system for the two to use or both ends have to support the LOCAL_CREDS stuff. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unix domain socket security and PID retrieval
On Mon, 4 Feb 2008 15:36:30 +0100 Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote: Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.: I've come across that mentioned in unix(4). There is no support for it in regards to Perl. Another problem is it requires support for that on both ends. More and more it looks like getting either PID and/or user info about the other process connecting up to it is impossible, with out writing some sort of authentication system for the two to use or both ends have to support the LOCAL_CREDS stuff. I cannot believe that this doesn't exist for Perl (everything exists for Perl in one way or another...), and anyway, a quick search on CPAN found this, which looks as though it's (at least part of) what you're looking for: http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm Finally, thinking back to the last time I used SCM_CREDS on Linux (which is a lng time ago), I'm not even sure that the sender has to send an SCM_CREDS message (which would invalidate my former reply); I think it's enough if the receiver requests to get one (which will be filled in by the kernel), see the description in the referenced page above which shows you how to set up the corresponding recvmsg call. Sending one is only required in case the sender is root and wants to spoof it's credentials to the remote process (IIRC). Thanks. I did not think to try a search for that. I was trying various combinations involving the word unix and socket. I've gotten it installed now and will post with how it works out. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unix domain socket security and PID retrieval
On Mon, 4 Feb 2008 13:38:37 -0600 Zane C.B. [EMAIL PROTECTED] wrote: On Mon, 4 Feb 2008 15:36:30 +0100 Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote: Am Montag, 4. Februar 2008 15:21:52 schrieb Zane C.B.: I've come across that mentioned in unix(4). There is no support for it in regards to Perl. Another problem is it requires support for that on both ends. More and more it looks like getting either PID and/or user info about the other process connecting up to it is impossible, with out writing some sort of authentication system for the two to use or both ends have to support the LOCAL_CREDS stuff. I cannot believe that this doesn't exist for Perl (everything exists for Perl in one way or another...), and anyway, a quick search on CPAN found this, which looks as though it's (at least part of) what you're looking for: http://search.cpan.org/~mjp/Socket-MsgHdr-0.01/MsgHdr.pm Finally, thinking back to the last time I used SCM_CREDS on Linux (which is a lng time ago), I'm not even sure that the sender has to send an SCM_CREDS message (which would invalidate my former reply); I think it's enough if the receiver requests to get one (which will be filled in by the kernel), see the description in the referenced page above which shows you how to set up the corresponding recvmsg call. Sending one is only required in case the sender is root and wants to spoof it's credentials to the remote process (IIRC). Thanks. I did not think to try a search for that. I was trying various combinations involving the word unix and socket. I've gotten it installed now and will post with how it works out. I can say it installs mostly fine. A few tests do not pass. I am still working on getting a working test script with it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: trying to locate a specific port that I forget the name of
On Sun, 20 Jan 2008 04:33:34 + Matthew Seaman [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zane C.B. wrote: I originally saw it in the ports tree, IIRC, about a year ago or around there. What it was was a massive piece of software for connecting multiple services allowing them all to be queried. It was capable of connecting to IMAP, LDAP, several SQL servers, and a few other things. The manual of the software was several hundred pages long. Any one remember what it is? perl ? Nah. From what I remember it was written in Java. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Opera, Flash and the stench of failure...
On Fri, 4 Jan 2008 06:16:59 -0700 Modulok [EMAIL PROTECTED] wrote: Seeing the thread about flash with mozilla, I thought, a flash plugin with opera would be cool. Last night I tried to get flash working with opera. I failed. With native opera, I cannot get any plugins to work. Here is what I know: 1. What opera bitches about: Could not start operapluginwrapper. Plugins will not work correctly. 2. Why opera bitches: ldd operapluginwrapper; ... libXThrStub.so.6 = not found (0x0) ... 3. Why it is missing: On OpenBSD, and on old FreeBSD, libc lacks pthread stubs. This is a problem because libX11 needs to support threading, but shouldn't cause all X programs to be linked against the threading library. The solution is libXThrStub (UIThrStubs.c), which provides weak symbols to stub threading functions, which are ignored if the application links against the thread library. I had moved libXThrStub into libX11, because it seemed unnecessary. 4. What I have installed: linux-flashplugin-9.0r115 Adobe Flash Player NPAPI Plugin opera-9.25.20071214 A blazingly fast, full-featured, standards-compliant browse opera-linuxplugins-9.21.20070510_1 Linux plugin support for the native Opera browser Does anyone have flash working with opera? If so, how? Where can I get libXThrStub.so.6? My suggestion is to check out 'graphics/gnash'. That port works surprisingly well for part these days. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
trying to locate a specific port that I forget the name of
I originally saw it in the ports tree, IIRC, about a year ago or around there. What it was was a massive piece of software for connecting multiple services allowing them all to be queried. It was capable of connecting to IMAP, LDAP, several SQL servers, and a few other things. The manual of the software was several hundred pages long. Any one remember what it is? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gnupg annoyances (fixed)
For any one who was wondering, no-grab needed set in ~/.gnupg/gpg-agent.conf On Tue, 8 Jan 2008 04:43:00 -0600 Zane C.B. [EMAIL PROTECTED] wrote: Any one know what it takes to get security/gnupg to work? I have pinentry-gtk2, but having that installed does not help. Any suggestions? cat randomfile | gpg2 -s You need a passphrase to unlock the secret key for user: Zane C. Bowers [EMAIL PROTECTED] 1024-bit DSA key, ID C18989DE, created 2006-06-16 Warning: using insecure memory! ** ERROR **: could not grab keyboard aborting... gpg-agent[96284]: command get_passphrase failed: End of file gpg: problem with the agent: IPC write error gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: Zane C. Bowers [EMAIL PROTECTED] 1024-bit DSA key, ID C18989DE, created 2006-06-16 gpg: problem with the agent: IPC write error gpg: no default secret key: General error gpg: signing failed: General error Exit 2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gnupg annoyances
Any one know what it takes to get security/gnupg to work? I have pinentry-gtk2, but having that installed does not help. Any suggestions? cat randomfile | gpg2 -s You need a passphrase to unlock the secret key for user: Zane C. Bowers [EMAIL PROTECTED] 1024-bit DSA key, ID C18989DE, created 2006-06-16 Warning: using insecure memory! ** ERROR **: could not grab keyboard aborting... gpg-agent[96284]: command get_passphrase failed: End of file gpg: problem with the agent: IPC write error gpg: Invalid passphrase; please try again ... You need a passphrase to unlock the secret key for user: Zane C. Bowers [EMAIL PROTECTED] 1024-bit DSA key, ID C18989DE, created 2006-06-16 gpg: problem with the agent: IPC write error gpg: no default secret key: General error gpg: signing failed: General error Exit 2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ZFS in 6.3
On Thu, 07 Jun 2007 09:57:06 -0400 Tom Grove [EMAIL PROTECTED] wrote: Any chance that ZFS will make it into 6.3 or is this a 7.0 only feature? From my understanding, this is very unlikely to happen due to the large number of changes to the VFS including API changes. That is aimed at being kept stable as possible for the stable major version. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba and automounting upon login (update)
On Fri, 18 May 2007 21:46:33 -0400 Zane C.B. [EMAIL PROTECTED] wrote: Any one know where I can find info on setting up FreeBSD so it tries to automounting their home from a Samba server? Came across pam_exec, which after a bit of tweaking sort of takes care of this. Here is a patch to pam_exec.c to make it export PAM_AUTHTOK. Now the current issues is making mount_smbfs handle pulling the password from a environmental variable or STDIN.--- pam_exec.c.orig Sat May 19 12:51:42 2007 +++ pam_exec.c Sat May 19 12:56:50 2007 @@ -57,6 +57,7 @@ ENV_ITEM(PAM_TTY), ENV_ITEM(PAM_RHOST), ENV_ITEM(PAM_RUSER), + ENV_ITEM(PAM_AUTHTOK), }; static int ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba and automounting upon login (update)
On Sat, 19 May 2007 13:01:51 -0400 Zane C.B. [EMAIL PROTECTED] wrote: On Fri, 18 May 2007 21:46:33 -0400 Zane C.B. [EMAIL PROTECTED] wrote: Any one know where I can find info on setting up FreeBSD so it tries to automounting their home from a Samba server? Came across pam_exec, which after a bit of tweaking sort of takes care of this. Here is a patch to pam_exec.c to make it export PAM_AUTHTOK. Now the current issues is making mount_smbfs handle pulling the password from a environmental variable or STDIN. http://www.freebsd.org/cgi/query-pr.cgi?pr=112794 Just submitted as a PR. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
samba and automounting upon login
Any one know where I can find info on setting up FreeBSD so it tries to automounting their home from a Samba server? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
