Add 50$ to your account in 2 minutes .
You have one new message at US Bank. From: Customer Service Date: 10/12/2008 Subject: 5 questions survey. In return we will credit $50.00 to you! To continue please click here to complete survey U.S. Bancorp Equal Housing Lender
securelevel(7) and gpioctl(8)
On Mon, 8 Dec 2008, Marc Balmer wrote: NB: not all arches have GPIO. Thanks. Ok. I see now. The online pages return a result only for items present in all architectures. The need for Securelevel 0 was mentioned. Does that mean the device must operate in securelevel 0 in order to turn on and off one of the JP5 pins? Or just that they must be attached and then can be used for IO after switching to securelevel 1? Also, can a custom kernal be avoided? One appears to be needed in this note: http://www.vnode.ch/reworking_gpio Regards, -Lars Lars Nooden
Re: Toshiba ToPIC97 CardBus: couldn't map interrupt
On Mon, Dec 8, 2008 at 9:52 PM, Daniel Melameth [EMAIL PROTECTED] wrote: On Mon, Dec 8, 2008 at 11:28 AM, k z [EMAIL PROTECTED] wrote: ne3 works but couldn't map interrupt errors do appear: cbb0 at pci0 dev 19 function 0 Toshiba ToPIC97 CardBus rev 0x20: couldn't map interrupt cbb1 at pci0 dev 19 function 1 Toshiba ToPIC97 CardBus rev 0x20: couldn't map interrupt You might want to try changing how the BIOS presents these slots, if possible. In BIOS, the Auto-select meant falling to CardBus/16 bit; setting value to PCIC compatible has helped: --- before.txt Thu Oct 5 08:03:43 2006 +++ after.txt Thu Oct 5 08:03:21 2006 @@ -9,12 +9,12 @@ bios0 at mainbus0: AT/286+ BIOS, date 12/26/97, BIOS32 rev. 0 @ 0xfe95a apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% -apm0: AC on, battery charge high, estimated 1:52 hours +apm0: AC on, battery charge high, estimated 2:17 hours pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/96 (4 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x pcibios0: Warning, unable to fix up PCI interrupt routing -pcibios0: PCI bus #21 is the last bus +pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x9800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) @@ -24,8 +24,6 @@ wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 11 function 0 NEC USB rev 0x02: irq 11, version 1.0 Toshiba Fast Infrared Type O rev 0x21 at pci0 dev 17 function 0 not configured -cbb0 at pci0 dev 19 function 0 Toshiba ToPIC97 CardBus rev 0x20: couldn't map interrupt -cbb1 at pci0 dev 19 function 1 Toshiba ToPIC97 CardBus rev 0x20: couldn't map interrupt usb0 at ohci0: USB revision 1.0 uhub0 at usb0 NEC OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 OpenBSD 4.4-current (GENERIC) #1556: Fri Dec 5 18:09:01 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 167 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 33189888 (31MB) avail mem = 22269952 (21MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/26/97, BIOS32 rev. 0 @ 0xfe95a apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high, estimated 2:17 hours pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8e80/96 (4 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x9800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x2c vga1 at pci0 dev 4 function 0 Chips and Technologies 6 rev 0xc6 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 11 function 0 NEC USB rev 0x02: irq 11, version 1.0 Toshiba Fast Infrared Type O rev 0x21 at pci0 dev 17 function 0 not configured usb0 at ohci0: USB revision 1.0 uhub0 at usb0 NEC OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: TOSHIBA MK4310MAT wd0: 16-sector PIO, LBA, 4126MB, 8452080 sectors wd0(wdc0:0:0): using BIOS timings wdc1 at isa0 port 0x170/8 irq 15 atapiscsi0 at wdc1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: TEAC, CD-220EA, 7.0A ATAPI 5/cdrom removable cd0(wdc1:0:0): using BIOS timings sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01 midi0 at sb0: SB MIDI UART audio0 at sb0 opl0 at sb0: model OPL3 midi1 at opl0: SB Yamaha OPL3 wss0 at isa0 port 0x530/8 irq 10 drq 0: CS4231 or AD1845 (vers 4) audio1 at wss0 pcppi0 at isa0 port 0x61 midi2 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec pcic0 at isa0 port 0x3e0/2 iomem 0xd/65536 pcic0 controller 0: Intel 82365SL rev 1 has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcmcia1 at pcic0 controller 0 socket 1 ne3 at pcmcia1 function 0 corega K.K., corega Ether PCC-TD, port 0x300/32, irq 3, address pcic0: irq 9, polling enabled biomask e945 netmask e94d ttymask fbdf softraid0 at root root on wd0a swap on wd0b dump on wd0b Sorry for the noise.
Re: securelevel(7) and gpioctl(8)
* Lars D. Noodin wrote: On Mon, 8 Dec 2008, Marc Balmer wrote: NB: not all arches have GPIO. Thanks. Ok. I see now. The online pages return a result only for items present in all architectures. The need for Securelevel 0 was mentioned. Does that mean the device must operate in securelevel 0 in order to turn on and off one of the JP5 pins? Or just that they must be attached and then can be used for IO after switching to securelevel 1? The latter is the case. Also, can a custom kernal be avoided? One appears to be needed in this note: http://www.vnode.ch/reworking_gpio A custom kernel is no longer needed. Regards, -Lars Lars Nooden -- Marc Balmer, Micro Systems, Wiesendamm 2a, Postfach, CH-4019 Basel, Switzerland http://www.msys.ch/ http://www.vnode.ch/ In God we trust, in C we code.
The New Secure Operating System
The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say. http://www.darkreading.com/security/management/showArticle.jhtml?articleID=212201490 -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Routing issue with VPN tunnel
Hello, I'm having some problems routing traffic through a isakmp vpn tunnel. I have a tunnel successfully set up between my OpenBSD 3.8 and a Cisco 7200 router. I'm not good at ascii art, but here's how I see it: $int_if = 10.0.0.1 $remote_host = 192.168.0.1 $int_if enc0 $ext_if | (internet) | | $remote_gw --- $remote_host | | $internal_host There are ACLs on the $remote_gw which only allow traffic NATed with my $int_if ip. Hence this nat in pf.conf: nat on enc0 inet from $int_net to $remote_host - $int_if I've established that the flows exist: # netstat -rn -f encap $remote_host/32 0 $int_if/32 0 0 $remote_gw/50/use/in $int_if/32 0 $remote_host/32 0 0 $remote_gw/50/require/out # ipsecctl -s flow flow esp in from $remote_host to $int_if peer $remote_gw flow esp out from $int_if to $remote_host peer $remote_gw What I CAN do is ping the $remote_host through the tunnel from the $int_if with the following command: # ping -I $int_if $remote_host This works and replies are received! But if if try pinging from the $internal_host: c:\ ping $remote_host This doesn't work. The packets are not sent through the tunnel but to the internet. I've tried this route-to line in pf.conf: pass in log quick on $int_if route-to enc0 from $int_net to $remote_host keep state And by running tcpdump on pflog0 I can see that packets are matched: rule 16/(match) pass out on enc0: $int_if $remote_host: icmp: echo request But no traffic is sent through the tunnel. Why are pings sent from the $internal_host not matched to the flow/route and sent through the corresponding tunnel? Any help is appreciated in resolving this issue! - Danial
Re: The New Secure Operating System
On Tue, Dec 9, 2008 at 4:14 PM, Sunnz [EMAIL PROTECTED] wrote: The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say. http://www.darkreading.com/security/management/showArticle.jhtml?articleID=212201490 This article sounds like pure and cheap marketing to me. EAL certification has never meant anything to me, except the vendor went through a certification process. Has EAL certification to be renewed every year? Windows has been certified EAL4+ and it has never (and probably will never) been secure. RHEL is also EAL4+ and it also had security problems. Commercial operating systems, as long as its source code is closed for professionals to study it, will never be secure. This new operating system is a commercial one and the Web page of the vendor doesn't look very open source friendly.
Re: The New Secure Operating System
On Wed, 10 Dec 2008 02:14:34 +1100, Sunnz wrote The secure operating system standard will never be the same now... This was slashdotted almost a month ago: http://tech.slashdot.org/article.pl?sid=08/11/18/1949232
FSC Econel 100 S2 cannot install 4.4 stable
Hello to everyone, I have problem installing 4.4 stable on FSC Econel 100 S2. I try to use the RAID controller on board LSI Logic MegaRAID as RAID 1 After choosing install from (I)nstall, (U)pgrade or (S)hell? OpenBSD reports No disks found. Am I doing something wrong with it? Or this is the problem? vendor Intel, unknown product 0x2925 (class mass storage subclass RAID, rev 0x02) at pci0 dev 31 function 2 not configured Intel 82801I SMBus rev 0x02 at pci0 dev 31 function 3 not configured I appreciate your help. Thanks, Ivo dmesg: boot booting cd0a:/4.4/i386/bsd.rd: 5155668+901212 [52+196208+181821]=0x623208 entry point at 0x200120 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2008 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.4-stable (RAMDISK_CD) #3: Sun Nov 16 18:13:33 CET 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR real mem = 1071964160 (1022MB) avail mem = 1029955584 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/19/08, BIOS32 rev. 0 @ 0xfdc02, SMBIOS rev. 2.4 @ 0x3feda000 (79 entries) bios0: vendor FUJITSU SIEMENS // Phoenix Technologies Ltd. version 6.00 R1.05.2679.A1 date 03/19/2008 bios0: FUJITSU SIEMENS ECONEL 100 S2 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP TCPA EINJ HEST BERT SSDT ERST SSDT SSDT SPCR MCFG HPET APIC BOOT acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PENA) acpiprt2 at acpi0: bus -1 (PENB) acpiprt3 at acpi0: bus -1 (PESA) acpiprt4 at acpi0: bus -1 (PESB) acpiprt5 at acpi0: bus 1 (PCIH) bios0: ROM list: 0xc/0x9000 0xc9000/0x5800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 3200/3210 Host rev 0x01 em0 at pci0 dev 25 function 0 Intel ICH9 IGP AMT rev 0x02: irq 11, address 00:19:99:36:8e:4b uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: irq 11 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: irq 11 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: irq 3 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: irq 5 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: irq 11 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: irq 11 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: irq 5 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92 pci1 at ppb0 bus 1 skc0 at pci1 dev 5 function 0 D-Link Systems DGE-530T B1 rev 0x11, Yukon Lite (0x9): irq 11 sk0 at skc0 port A: address 00:1c:f0:d1:cd:a6 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 vga1 at pci1 dev 7 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02: PM disabled vendor Intel, unknown product 0x2925 (class mass storage subclass RAID, rev 0x02) at pci0 dev 31 function 2 not configured Intel 82801I SMBus rev 0x02 at pci0 dev 31 function 3 not configured usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ffed netmask ffed ttymask rd0: fixed, 3800 blocks softraid0 at root root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T
Re: The New Secure Operating System
On Tue, Dec 9, 2008 at 10:14 AM, Sunnz [EMAIL PROTECTED] wrote: The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say. Oh my god. Let me migrate everything to this new secure OS immediately! -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: XenServer 5 with OpenBSD
On Mon, 2008-12-08 at 14:27 -0600, Adam Douglas wrote: The biggest question is OpenBSD on XenServer 5 Enterprise consider production ready even if the errors cannot be resolved? OpenBSD is, Xen isn't.
�dv
Szia Par napja kirdezted hogy nem e tudok egy js letvlt#337;s oldalt. Is in most talaltam egyet. Tele van jobbnal jobb filmekkel, is olcss! 1 db sms elk|ldise utan 500 kb/sec-el tvltvttem napokig a legzjabb premier filmeket is mesiket! K|ldj most SMS-t,is 5 nap helyet,25-vt adunk,ez jelenlegi akcisnk! http://href.hu/x/7k7e http://href.hu/x/7k7e __ E-mail cmmed a Country jsvoltabsl ker|lt bele hmrlevil rendszer|nkbe. Ha nem szeretnil tvbb ilyet kapni. Mrj a [EMAIL PROTECTED] email cmmre! A k|ld#337; Fiktmv, kitalalt szemily, de az e-mail cmmen elirsz benn|nket.
Re: rx descriptor error
On Tue, Dec 9, 2008 at 12:12 AM, David Gwynne [EMAIL PROTECTED] wrote: how strange. that line is printed if em(4) is unable to allocate any memory at all to put on the rx ring. ive never known the mbuf cluster allocator to fail. is this reproducable? Yes, every boot provides the same error, even after compiling the userland and running the makedev. Chris
Re: The New Secure Operating System
On Tue, Dec 9, 2008 at 6:51 PM, bofh [EMAIL PROTECTED] wrote: On Tue, Dec 9, 2008 at 10:14 AM, Sunnz [EMAIL PROTECTED] wrote: The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say. Oh my god. Let me migrate everything to this new secure OS immediately! Yea, you should run this new secure OS under Xen or Vmware for even more security ;) =Adriaan=
Re: The New Secure Operating System
On Tue, Dec 9, 2008 at 7:53 PM, Adriaan [EMAIL PROTECTED] wrote: On Tue, Dec 9, 2008 at 6:51 PM, bofh [EMAIL PROTECTED] wrote: Oh my god. Let me migrate everything to this new secure OS immediately! Yea, you should run this new secure OS under Xen or Vmware for even more security ;) Oh my, definitely yes. After all, we all know from the experts that another layer of abstraction only helps to keep us safe from the evil hackers! On a OT note, I found a documented case where vmotion is claimed to have cause database corruption[1] according to my AV [EMAIL PROTECTED] I'm not sure exactly how the hell that can happen, but I'm sorta keeping an eye on it - we use vmotion for our av management console too :( Yes, from this vendor who said everything works fine when it doesn't. *sigh* [1] Note - not necessarily DB corruption, but the symptoms are... well... symptomatic :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: OpenBGPd kickstart
Continuing the learning process: Since my last session on this I've had lots of pointers to things I could research. Particular thanks to Stuart. Man oh man, there are lots of monkeys typing junk that Google pads out the useful search results with. Anyway there are some things that are a matter of judgement (or even opinion) aided by experience. I don't have much of that in bgp-land so I'd like to ask about a couple or so. Redundancy: At first I would have thought that two identical routers in a classical carp firewall hookup would have been a good choice. Henning has dealt with questions about that in various ways to suit the poster's needs. None of those was quite like mine. I read his presentation with notes (at daemonnews) and the notes really added quite a bit to the slides. Maybe that articel could be referenced on the OpenBGPd website. Searching found quite a few other ideas and our peering provider's support guy is nervous about anything that is akin to VRRP(!) I told him it is way better but he offered I would not recommend going down that path. I would prefer to allocate you a second ip on the IX and have you run a separate BGP session from each router. What would an experienced user do in this case? I've often wondered about what happens when a carp box on standby fails. Does it / can it be sensed/monitored by the master? So is a pair of routers to the same three IXes a better choice? Without carp? Can they balance any traffic? If not what happens? Do I need bgp sessions between the two? I don't need a how-to. Directions to take let me read and research usually get me pretty close to working setups. I don't yet know the importance of all the bgpd.conf options. Later I might post a copy of my intended version for target practice. ;-) Filtering and preferencing sound important and I'm still trying to figure out what filters I need that are not in the default /etc/bgpd.conf. TIA Rod/ *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: OpenBSD 4.4 Console Will Not Clear
Greets Denny Thanks for pointing out I had not CC'ed the misc list. So here is the full reply with the solution I found for 7.3 - How do I clear the console each time a user logs out? problem. See the second to last post for my solution. The FAQ just needs to be updated. Bret Denny White wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Denny White wrote: On Mon, Dec 08, 2008 at 03:56:21PM -0700, Bret spoke thusly: Greetings I have been running OpenBSD as a firewall/router since 2.5 and have never had any problem with Clearing the console each time a user logs out. I have just installed 4.4 on a system that was running 4.0. I did a complete install from the install CD off the ftp site(s). I then edited /etc/gettytab the same way I have done many times before, following the FAQ instructions. The console will not clear after logging out. I have even rebooted and the same results. I thought I might have screwed the file up editing it so I even did another clean install and ONLY installed pico to edit /etc/gettytab just in case I somehow messed it up using vi... still no go. Looked out on the net and found no reference to this. Any Ideas? Bret I'm assuming you're referring to http://www.openbsd.org/faq/faq7.html#ConsoleClear i.e., To do this you must add a line in /etc/gettytab(5). Change the current section: P|Pc|Pc console:\ :np:sp#9600: adding the line :cl=\E[H\E[2J: at the end, so that it ends up looking like this: P|Pc|Pc console:\ :np:sp#9600:\ :cl=\E[H\E[2J: Now try changing default:\ :np:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200: to default:\ :np:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:cl=\E[H\E[2J: Denny White On Mon, Dec 08, 2008 at 09:20:24PM -0700, Bret spoke thusly: Greets I found that the ttys file now has: ttyC0 /usr/libexec/getty std,9600 where it used to be: ttyC0 /usr/libexec/getty Pc so I changed the the following in /etc/gettytab: 2|std.9600|9600-baud:\ :sp#9600: To: 2|std.9600|9600-baud:\ :sp#9600:\ :cl=\E[H\E[2J: and the console now clears every time. Bret You're absolutely right. Never noticed that. I ran into the same problem as you when upgrading to 4.4 used the way I sent you. Nice to know another way another way to look at it. Thanks. You really ought to post that to [EMAIL PROTECTED] I noticed you didn't cc the list. Be nice to have it in the archives for others. Thanks again, Bret. Denny White - -- /\ASCII Ribbon Campaign \ /Respect for low technology. X Keep e-mail messages readable by any computer system. / \Keep it ASCII. === GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A === -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (OpenBSD) iEYEARECAAYFAkk+DIIACgkQy0Ty5RZE55q+3wCfVQ9ZCY/72ZMnvtrguyF9DiRm 2f8AoMf8rPSz5nzGRDWoSxDPbcLyNeaV =xf5j -END PGP SIGNATURE-
Re: The New Secure Operating System
2008/12/10 Adriaan [EMAIL PROTECTED]: Oh my god. Let me migrate everything to this new secure OS immediately! Yea, you should run this new secure OS under Xen or Vmware for even more security ;) =Adriaan= Hmm I don't know... they claim that Linux, Windows and VMware aren't secure, they haven't mentioned Xen though I would think it would be in the same boat as VMware. -- This e-mail may be confidential. You may not copy, forward or use any part. Note that all disclaimers on the Internet are of zero legal effectiveness however. http://www.goldmark.org/jeff/stupid-disclaimers/
Re: possible bug in OpenNTPD code?
There is yet another bug in Openntpd. This is direct copy-paste from openntpd code (ntpd.c:main()): do { if ((pid = wait(NULL)) == -1 errno != EINTR errno != ECHILD) fatal(wait); } while (pid != -1 || (pid == -1 errno == EINTR)); What this code intends to do is to reap all children and move on when there are no more. Instead, it ends up blocking indefinitely even when there are no children to reap! The way I fixed the bug is by doing this: Index: openntpd-src/ntpd.c === --- openntpd-src.orig/ntpd.c +++ openntpd-src/ntpd.c @@ -90,10 +90,11 @@ main(int argc, char *argv[]) { struct ntpd_conf lconf; struct pollfdpfd[POLL_MAX]; - pid_tchld_pid = 0, pid; + pid_tchld_pid = 0, pid=0; const char *conffile; int ch, nfds, timeout = INFTIM; int pipe_chld[2]; + int status; extern char *__progname; __progname = _compat_get_progname(argv[0]); @@ -233,11 +234,11 @@ main(int argc, char *argv[]) if (chld_pid) kill(chld_pid, SIGTERM); - do { - if ((pid = wait(NULL)) == -1 - errno != EINTR errno != ECHILD) - fatal(wait); - } while (pid != -1 || (pid == -1 errno == EINTR)); + if (chld_pid (pid = waitpid(chld_pid, status, 0)) == -1 + errno != EINTR errno != ECHILD) + fatal(wait); + if (pid !=-1) + log_info(child %d exited with return code %d, pid, WEXITSTATUS(status)); msgbuf_clear(ibuf-w); free(ibuf); It forks one child anyway. So it suffices to reap that one child. I hope I will get some response to this. If not, I will assume that there is really no interest in fixing bugs in openntpd and in that case, I will patch only our local copy of the ntpd codebase (as opposed to reporting to the community). Thanks, Ani -Original Message- From: Anirban Sinha Sent: Thursday, December 04, 2008 6:04 PM To: 'misc@openbsd.org' Subject: possible bug in OpenNTPD code? Hi: I am sort of digging my way through the OpenNTPD codebase for my work. I think I find a bug in the code. Please help me to understand the reason if this is not a bug. In function ntp_main() (ntp.c), we poll() to check if there are any events of interest. We do this: 1. Check internal fds (PIPE_MAIN) 2. Then check PIPE_DNS fds 3. Then check PIPE_HOTPLUG fds Next, for the server, we check all the fds we are listening on. And then finally, for nfs clients, we check the fds for the remote servers. Now, there's the issue in this line; for (j = 1; nfds 0 j idx_peers; j++) { ... } Shouldn't the index start with 3? That is, shouldn't we do this: for (j = 3; nfds 0 j idx_peers; j++) since, indices 0,1 and 2 correspond to the three checks I have written above which are already done. In other words, can we apply the following patch to fix the issue? Index: ntpd/ntp.c === --- ntpd.orig/ntp.c +++ ntpd/ntp.c @@ -344,7 +344,7 @@ ntp_main(int pipe_prnt[2], struct ntpd_c sensor_hotplugevent(hotplugfd); } - for (j = 1; nfds 0 j idx_peers; j++) + for (j = PFD_MAX; nfds 0 j idx_peers; j++) if (pfd[j].revents (POLLIN|POLLERR)) { nfds--; if (server_dispatch(pfd[j].fd, conf) == -1) Thanks, Ani
Re: possible bug in OpenNTPD code?
On Tue, Dec 09, 2008 at 08:10:20PM -0800, Anirban Sinha wrote: I hope I will get some response to this. If not, I will assume that there is really no interest in fixing bugs in openntpd and in that case, I will patch only our local copy of the ntpd codebase (as opposed to reporting to the community). misc@ is probably not the most suited place to report bugs. Better use [EMAIL PROTECTED] Anyway, I'll take a look at your diffs. -Otto
Re: possible bug in OpenNTPD code?
On Tue, Dec 9, 2008 at 8:10 PM, Anirban Sinha [EMAIL PROTECTED] wrote: There is yet another bug in Openntpd. This is direct copy-paste from openntpd code (ntpd.c:main()): do { if ((pid = wait(NULL)) == -1 errno != EINTR errno != ECHILD) fatal(wait); } while (pid != -1 || (pid == -1 errno == EINTR)); What this code intends to do is to reap all children and move on when there are no more. Instead, it ends up blocking indefinitely even when there are no children to reap! How is it blocking indefinitely? Is wait() not returning -1 with errno == ECHILD when there are no children to reap? What led you to the conclusion that this code was blocking? (What platform are you running this on?) The way I fixed the bug is by doing this: + if (chld_pid (pid = waitpid(chld_pid, status, 0)) == -1 + errno != EINTR errno != ECHILD) + fatal(wait); + if (pid !=-1) + log_info(child %d exited with return code %d, pid,WEXITSTATUS(status)); This code fails to retry the waitpid() if it returns with EINTR. Philip Guenther
Re: possible bug in OpenNTPD code?
On Tue, Dec 9, 2008 at 10:10 PM, Anirban Sinha [EMAIL PROTECTED] wrote: I hope I will get some response to this. If not, I will assume that there is really no interest in fixing bugs in openntpd and in that case, Why would you assume that? That seems a bit hostile. Perhaps the developers are a bit busy at the moment.
Re: possible bug in OpenNTPD code?
How is it blocking indefinitely? Is wait() not returning -1 with errno == ECHILD when there are no children to reap? What led you to the conclusion that this code was blocking? (What platform are you running this on?) Hmm, agreed. Looks like I was wrong with my analysis. In any case, I am running the portable version of the ntpd on Linux. I am definitely observing the parent still alive and blocked (sleeping) even when the child is dead. I need to do some more digging on this. Apologies. Ani
Re: possible bug in OpenNTPD code?
Why would you assume that? That seems a bit hostile. Perhaps the developers are a bit busy at the moment. True. I generally post on the Linux lists and I believe I am spoiled by getting quick responses from my postings. In future, I will remember to keep more patience. Ani
Re: possible bug in OpenNTPD code?
On Wed, Dec 10, 2008 at 12:05:05AM -0600, Todd Alan Smith wrote: On Tue, Dec 9, 2008 at 10:10 PM, Anirban Sinha [EMAIL PROTECTED] wrote: I hope I will get some response to this. If not, I will assume that there is really no interest in fixing bugs in openntpd and in that case, Why would you assume that? That seems a bit hostile. Perhaps the developers are a bit busy at the moment. Indeed it sounded hostile to me. Especially since the op is sending in a buggy diff to code that is ok, afaiks. -Otto
Re: possible bug in OpenNTPD code?
On Tue, Dec 09, 2008 at 09:57:25PM -0800, Philip Guenther wrote: On Tue, Dec 9, 2008 at 8:10 PM, Anirban Sinha [EMAIL PROTECTED] wrote: There is yet another bug in Openntpd. This is direct copy-paste from openntpd code (ntpd.c:main()): do { if ((pid = wait(NULL)) == -1 errno != EINTR errno != ECHILD) fatal(wait); } while (pid != -1 || (pid == -1 errno == EINTR)); What this code intends to do is to reap all children and move on when there are no more. Instead, it ends up blocking indefinitely even when there are no children to reap! How is it blocking indefinitely? Is wait() not returning -1 with errno == ECHILD when there are no children to reap? What led you to the conclusion that this code was blocking? (What platform are you running this on?) The way I fixed the bug is by doing this: + if (chld_pid (pid = waitpid(chld_pid, status, 0)) == -1 + errno != EINTR errno != ECHILD) + fatal(wait); + if (pid !=-1) + log_info(child %d exited with return code %d, pid,WEXITSTATUS(status)); This code fails to retry the waitpid() if it returns with EINTR. Philip Guenther Philip is right. The code is ok as is. Besides, in current ntpd has multiple children, so you one child argument is lost as well. I'd take a look at your other diff later. -Otto
Reminder: Call for Papers: AsiaBSDCon 2009 (deadline extended: Dec 20)
Hello, This is a reminder of AsiaBSDCon 2009 paper submission and tutorial proposal deadline. The deadline is extended to December 20, 2008. The next AsiaBSDCon will be held on 12-15 March 2009 in Tokyo. You can find the details at: http://2009.asiabsdcon.org and the CFP can be found at: http://2009.asiabsdcon.org/cfp.html Please spread this to your friends in BSD communities and encourage them to attend (and write a paper), and let us know if you have a questions about the conference. Thank you. -- | Hiroki SATO [demime 1.01d removed an attachment of type application/pgp-signature]