Re: something is weird with pppoe
On 2014-09-26 18:52, Harald Dunkel wrote: Hi folks, I've setup a pppoe connection to my ISP (Deutsche Telekom), following pppoe(4). Problem: At boot time the connection is not setup immediately. ifconfig -A shows just re0: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 80:ee:73:95:c1:0c priority: 0 media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active pppoe0: flags=28851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1492 priority: 0 dev: re0 state: PADR sent sid: 0x0 PADI retries: 0 PADR retries: 1 sppp: phase establish authproto pap authname 00150xxx#0...@t-online.de groups: pppoe extern egress status: no carrier inet 0.0.0.0 -- 0.0.0.1 netmask 0x It takes 2 or 3 minutes till the connection is established. I have seen very similar things on Soekris. Also hostname.pppoe0 seems to be picky about the syntax. Where you can just [enter] for normal ethernet interfaces, hostname.pppoe0 expects most commands on one line (or separated by '\' [enter]) I believe. But I haven't really looked in to this.
http://www.oshwa.org
Anyone following http://www.oshwa.org for blob free hardware? Thanks.
Question re dhclient.conf
/etc/dhclient.conf used to contain a script tosomfile ; option that could, amongst other things, be used to set a dynamic assigned dns address to a named server. This functionality has been removed and I am trying to figure out if there was some other mechanism to accomplish this but I can't find any refs to it in the changes between 5.1 and 5.5. Any info would be appreciated. Thanks, Dhu -- Ne obliviscaris, vix ea nostra voco.
Re: Question re dhclient.conf
On Mon, 29 Sep 2014 05:28:27 -0600 Duncan Patton a Campbell campb...@neotext.ca wrote: /etc/dhclient.conf used to contain a script tosomfile ; option that could, amongst other things, be used to set a dynamic assigned dns address to a named server. This functionality has been removed and I am trying to figure out if there was some other mechanism to accomplish this but I can't find any refs to it in the changes between 5.1 and 5.5. Any info would be appreciated. Thanks, Dhu -- Ne obliviscaris, vix ea nostra voco. I found it in the 5.3 changes.. Removed dhclient-script(8) and dhclient.conf(5) script directive. Do all interface and route configuration via ioctl's and routing sockets. Unfortunately this mechanism was used for more than just routing. And without a dhclient-script to hack I don't see how a dynamic address can be updated vi the named/key mechanism. Dhu -- Ne obliviscaris, vix ea nostra voco.
ksh, csh same vulnerability as bash
Hello list,
the bug in bash shell discovered last day also seems to be present in ksh and
csh. ksh is known to be the default shell in OpenBSD.
the following piece of shell code executes succesffuly on both ksh and csh
(besides bash of course):
ksh:
$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
Bash is vulnerable!
Bash Test
csh:
% env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
Bash is vulnerable!
Bash Test
bash:
$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
Bash is vulnerable!
Bash Test
all platforms seem to be affected 5.2, 5.3, 5.4, 5.5 - amd64
I wonder what it is to be done to circumvent any potential security risc for
people who call shell script code from cgi scripts for example.
Cheers,
/Bogdan
Re: ksh, csh same vulnerability as bash
Am 29.09.2014 12:53, schrieb Bogdan Andu:
the bug in bash shell discovered last day also seems to be present in ksh and
csh. ksh is known to be the default shell in OpenBSD.
the following piece of shell code executes succesffuly on both ksh and csh
(besides bash of course):
ksh:
$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
Bash is vulnerable!
Bash Test
csh:
% env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
Bash is vulnerable!
Bash Test
bash:
$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
Bash is vulnerable!
Bash Test
all platforms seem to be affected 5.2, 5.3, 5.4, 5.5 - amd64
I wonder what it is to be done to circumvent any potential security risc for
people who call shell script code from cgi scripts for example.
Not sure if you are stupid or just a troll...
What do you expect when you execute a vulnerable bash from another shell?
Do you understand what you are doing?
Re: ksh, csh same vulnerability as bash
You tested bash. All 3 shells are behaving correctly by passing the env
variable to the bash command you are running. the bash command you are
running is behaving incorrectly by parsing the variable as a function.
To test ksh/csh, you need to run a different command.
On 2014 Sep 29 (Mon) at 03:53:58 -0700 (-0700), Bogdan Andu wrote:
:Hello list,
:
:the bug in bash shell discovered last day also seems to be present in ksh and
csh. ksh is known to be the default shell in OpenBSD.
:
:the following piece of shell code executes succesffuly on both ksh and csh
(besides bash of course):
:ksh:
:$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
:Bash is vulnerable!
:Bash Test
:
:csh:
:% env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
:Bash is vulnerable!
:Bash Test
:
:
:bash:
:$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c echo Bash Test
:Bash is vulnerable!
:Bash Test
:
:all platforms seem to be affected 5.2, 5.3, 5.4, 5.5 - amd64
:
:
:I wonder what it is to be done to circumvent any potential security risc for
people who call shell script code from cgi scripts for example.
:
:
:Cheers,
:
:/Bogdan
:
--
Help fight continental drift.
Re: Question re dhclient.conf
On Mon, Sep 29, 2014 at 05:28:27AM -0600, Duncan Patton a Campbell wrote: /etc/dhclient.conf used to contain a script tosomfile ; option that could, amongst other things, be used to set a dynamic assigned dns address to a named server. This functionality has been removed and I am trying to figure out if there was some other mechanism to accomplish this but I can't find any refs to it in the changes between 5.1 and 5.5. Any info would be appreciated. dhclient(8) and '-L' option. Then you would need to cook your own daemon to monitor content of this file. j.
Re: Question re dhclient.conf
On 29.09.2014 13:39, Duncan Patton a Campbell wrote: On Mon, 29 Sep 2014 05:28:27 -0600 Duncan Patton a Campbell campb...@neotext.ca wrote: /etc/dhclient.conf used to contain a script tosomfile ; option that could, amongst other things, be used to set a dynamic assigned dns address to a named server. This functionality has been removed and I am trying to figure out if there was some other mechanism to accomplish this but I can't find any refs to it in the changes between 5.1 and 5.5. Any info would be appreciated. Thanks, Dhu -- Ne obliviscaris, vix ea nostra voco. I found it in the 5.3 changes.. Removed dhclient-script(8) and dhclient.conf(5) script directive. Do all interface and route configuration via ioctl's and routing sockets. Unfortunately this mechanism was used for more than just routing. And without a dhclient-script to hack I don't see how a dynamic address can be updated vi the named/key mechanism. Dhu If your goal is to set entries in DNS for a machine which acts as DHCP client there are two other possibilities I know of: 1. Use a reservation in DHCP server together with fixed entries in DNS 2. Get ISC DHCP from ports and configure it to make dynamic updates to BIND Depending on your exact setup there may be other ways to achieve the same as you did with the script. Bruno
Help compiling Ruby libv8 JavaScript engine
Hi,
Does anybody have experience compiling the Ruby libv8 JavaScript
engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5?
It says it can't find a supported compiler despite repeated attempts
to point it to `gcc` or `g++` 4.8.2 or 4.6.4
(https://github.com/cowboyd/libv8#bring-your-own-compiler), either via
the environment variable below or through symlinking:
% export cxx=/usr/local/bin/eg++
% /usr/local/bin/eg++ -v
Using built-in specs.
COLLECT_GCC=/usr/local/bin/eg++
COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/i386-unknown-openbsd5.5/4.8.2/lto-wrapper
Target: i386-unknown-openbsd5.5
Configured with: /usr/obj/gcc-4.8.2/gcc-4.8.2/configure
--enable-libgcj --without-jar --verbose
--program-transform-name='s,^,e,' --disable-nls --disable-checking
--with-system-zlib --disable-libmudflap --disable-libgomp
--disable-tls --with-as=/usr/bin/as --with-ld=/usr/bin/ld
--with-gnu-ld --with-gnu-as --enable-threads=posix --enable-wchar_t
--with-gmp=/usr/local --enable-languages=c,c++,fortran,objc,java,ada
--disable-libstdcxx-pch --enable-cpp --enable-shared
--prefix=/usr/local --sysconfdir=/etc --mandir=/usr/local/man
--infodir=/usr/local/info --localstatedir=/var --disable-silent-rules
Thread model: posix
gcc version 4.8.2 (GCC)
% gem install libv8
Building native extensions. This could take a while...
ERROR: Error installing libv8:
ERROR: Failed to build gem native extension.
/home/dev/.rubies/ruby-2.1.1/bin/ruby extconf.rb
creating Makefile
Compiling v8 for ia32
Using python 2.7.6
Using compiler: /usr/local/bin/eg++ (GCC version 5.5)
Unable to find a compiler officially supported by v8.
It is recommended to use GCC v4.4 or higher
In file included from ../src/mark-compact.h:32:0,
from ../src/incremental-marking.h:33,
from ../src/heap.h:35,
from ../src/elements.h:33,
from ../src/objects-inl.h:38,
from ../src/v8.h:60,
from ../src/accessors.cc:28:
../src/spaces.h: In member function 'bool
v8::internal::MemoryChunk::TryParallelSweeping()':
../src/spaces.h:467:62: error: invalid conversion from 'intptr_t* {aka
long int*}' to 'volatile Atomic32* {aka volatile int*}' [-fpermissive]
return NoBarrier_CompareAndSwap(parallel_sweeping_, 1, 0) == 1;
^
In file included from ../src/v8.h:62:0,
from ../src/accessors.cc:28:
../src/heap-inl.h: In member function 'intptr_t
v8::internal::Heap::AdjustAmountOfExternalAllocatedMemory(intptr_t)':
../src/heap-inl.h:516:49: warning: format '%d' expects argument of
type 'int', but argument 2 has type 'long int' [-Wformat=]
reinterpret_cast(isolate()));
^
../src/heap-inl.h:516:49: warning: format '%d' expects argument of
type 'int', but argument 3 has type 'long int' [-Wformat=]
../src/heap-inl.h:516:49: warning: format '%x' expects argument of
type 'unsigned int', but argument 4 has type 'intptr_t {aka long int}'
[-Wformat=]
gmake[1]: ***
[/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/v8_base/src/accessors.o]
Error 1
gmake: *** [ia32.release] Error 2
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:36:in
`block in verify_installation!': libv8 did not install properly,
expected binary v8 archive
'/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/tools/gyp/libv8_base.a'to
exist, but it was not found (Libv8::Location::Vendor::ArchiveNotFound)
from
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:35:in
`each'
from
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:35:in
`verify_installation!'
from
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:26:in
`install!'
from extconf.rb:7:in `'
GYP_GENERATORS=make
build/gyp/gyp --generator-output=out build/all.gyp
-Ibuild/standalone.gypi --depth=.
-Dv8_target_arch=ia32
-S.ia32 -Dv8_enable_backtrace=1
-Dv8_can_use_vfp2_instructions=true -Darm_fpu=vfpv2
-Dv8_can_use_vfp3_instructions=true -Darm_fpu=vfpv3 -Dwerror=''
gmake[1]: Entering directory
'/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out'
CXX(target)
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/allocation.o
CXX(target)
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/atomicops_internals_x86_gcc.o
CXX(target)
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/bignum.o
CXX(target)
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/bignum-dtoa.o
CXX(target)
/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/cached-powers.o
Re: Help compiling Ruby libv8 JavaScript engine
On Mon, Sep 29, 2014 at 9:40 PM, openda...@hushmail.com wrote: Hi, Does anybody have experience compiling the Ruby libv8 JavaScript engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5? It says it can't find a supported compiler despite repeated attempts to point it to `gcc` or `g++` 4.8.2 or 4.6.4 (https://github.com/cowboyd/libv8#bring-your-own-compiler), either via the environment variable below or through symlinking: % export cxx=/usr/local/bin/eg++ the correct variable is CXX (and make sure to install gmake). Also it's better to just install nodejs if what you need is execjs' javascript runtime. -bash-4.2$ CXX=/usr/local/bin/eg++ GEM_HOME=$HOME/app/rubygems gem install libv8 Building native extensions. This could take a while... ...a long time with hopefully expected result but I stopped because it's running in a low end box... alternatively, install libv8 package and tell gem installer to use system libv8 library as per documentation: -bash-4.2$ GEM_HOME=$HOME/app/rubygems gem install libv8 -- --with-system-v8 Fetching: libv8-3.16.14.7.gem (100%) Building native extensions with: '--with-system-v8' This could take a while... Successfully installed libv8-3.16.14.7 Parsing documentation for libv8-3.16.14.7 Installing ri documentation for libv8-3.16.14.7 Done installing documentation for libv8 after 2 seconds 1 gem installed
Re: Help compiling Ruby libv8 JavaScript engine
Hi! Thanks for your help. Actually I am using Node, but for some reason ruby-clean-css (https://github.com/joseph/ruby-clean-css) -- which looks like it's specifically made for Node -- requires libv8 as well. I've contacted the author. All the best, O.D. On 29. september 2014 at 1:12 PM, Edho Arief wrote:On Mon, Sep 29, 2014 at 9:40 PM, wrote: Hi, Does anybody have experience compiling the Ruby libv8 JavaScript engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5? It says it can't find a supported compiler despite repeated attempts to point it to `gcc` or `g++` 4.8.2 or 4.6.4 (https://github.com/cowboyd/libv8#bring-your-own-compiler), either via the environment variable below or through symlinking: % export cxx=/usr/local/bin/eg++ the correct variable is CXX (and make sure to install gmake). Also it's better to just install nodejs if what you need is execjs' javascript runtime. -bash-4.2$ CXX=/usr/local/bin/eg++ GEM_HOME=$HOME/app/rubygems gem install libv8 Building native extensions. This could take a while... ...a long time with hopefully expected result but I stopped because it's running in a low end box... alternatively, install libv8 package and tell gem installer to use system libv8 library as per documentation: -bash-4.2$ GEM_HOME=$HOME/app/rubygems gem install libv8 -- --with-system-v8 Fetching: libv8-3.16.14.7.gem (100%) Building native extensions with: '--with-system-v8' This could take a while... Successfully installed libv8-3.16.14.7 Parsing documentation for libv8-3.16.14.7 Installing ri documentation for libv8-3.16.14.7 Done installing documentation for libv8 after 2 seconds 1 gem installed
Re: Question re dhclient.conf
My purpose here is to allow dynamic dns updates
via nsupdate from a dhcp clients where addresses
are subject to change. I have a solution that
will remain stable so long as the !command
hook in hostname.if remains stable. This is
not as good as the dhclient.conf script interface
as it can't exclude calls that don't change
the interface, but hey...
# more /etc/hostname.nfe0
dhcp
!/usr/local/sbin/dydns.sh $if
more /usr/local/sbin/dydns.sh
#!/bin/ksh
#rdate to make sure we're sync'd with the dydns server
echo $@ /tmp/ddns.log
date /tmp/ddns.log
/usr/sbin/rdate -o 192.168.1.22
export ADDR=`ifconfig $1 | grep inet | cut -d ' ' -f 2`
echo server 192.168.1.22
zone indx.ca
key u32.indx.ca 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==
update delete u32.indx.ca. A
update add u32.indx.ca. 86400 A $ADDR
send
| nsupdate
exit 0
where key is the shared private key produced by the output of
dnssec-keygen -a HMAC-MD5 -b 512 -n USER u32.indx.ca.
found in the output file Ku32.indx.ca.+157+08659.private
and added to /var/named/keys.conf on the named server
in the form
key u32.indx.ca {
algorithm hmac-md5;
secret 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==;
};
and an entry to etc/named.conf
zone indx.ca
{
...
allow-update
{
.
.
key u32.indx.ca ;
.
.
};
};
Dhu
On Mon, 29 Sep 2014 14:13:48 +0200
Bruno Flueckiger inform...@gmx.net wrote:
On 29.09.2014 13:39, Duncan Patton a Campbell wrote:
On Mon, 29 Sep 2014 05:28:27 -0600
Duncan Patton a Campbell campb...@neotext.ca wrote:
/etc/dhclient.conf used to contain a
script tosomfile ;
option that could, amongst other things, be used to
set a dynamic assigned dns address to a named server.
This functionality has been removed and I am trying to
figure out if there was some other mechanism to accomplish
this but I can't find any refs to it in the changes
between 5.1 and 5.5.
Any info would be appreciated.
Thanks,
Dhu
--
Ne obliviscaris, vix ea nostra voco.
I found it in the 5.3 changes..
Removed dhclient-script(8) and dhclient.conf(5) script directive.
Do all interface and route configuration via ioctl's and routing
sockets.
Unfortunately this mechanism was used for more than just routing. And
without a dhclient-script to
hack I don't see how a dynamic address can be updated vi the named/key
mechanism.
Dhu
If your goal is to set entries in DNS for a machine which acts as DHCP
client there are two other possibilities I know of:
1. Use a reservation in DHCP server together with fixed entries in DNS
2. Get ISC DHCP from ports and configure it to make dynamic updates to
BIND
Depending on your exact setup there may be other ways to achieve the
same as you did with the script.
Bruno
--
Ne obliviscaris, vix ea nostra voco.
Re: Question re dhclient.conf
On Monday, September 29, 2014, Duncan Patton a Campbell campb...@neotext.ca
wrote:
My purpose here is to allow dynamic dns updates
via nsupdate from a dhcp clients where addresses
are subject to change. I have a solution that
will remain stable so long as the !command
hook in hostname.if remains stable. This is
not as good as the dhclient.conf script interface
as it can't exclude calls that don't change
the interface, but hey...
# more /etc/hostname.nfe0
dhcp
!/usr/local/sbin/dydns.sh $if
more /usr/local/sbin/dydns.sh
#!/bin/ksh
#rdate to make sure we're sync'd with the dydns server
echo $@ /tmp/ddns.log
date /tmp/ddns.log
/usr/sbin/rdate -o 192.168.1.22
export ADDR=`ifconfig $1 | grep inet | cut -d ' ' -f 2`
echo server 192.168.1.22
zone indx.ca
key u32.indx.ca 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==
update delete u32.indx.ca. A
update add u32.indx.ca. 86400 A $ADDR
send
| nsupdate
exit 0
where key is the shared private key produced by the output of
dnssec-keygen -a HMAC-MD5 -b 512 -n USER u32.indx.ca.
found in the output file Ku32.indx.ca.+157+08659.private
and added to /var/named/keys.conf on the named server
in the form
key u32.indx.ca {
algorithm hmac-md5;
secret 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==;
};
and an entry to etc/named.conf
zone indx.ca
{
...
allow-update
{
.
.
key u32.indx.ca ;
.
.
};
};
Dhu
On Mon, 29 Sep 2014 14:13:48 +0200
Bruno Flueckiger inform...@gmx.net javascript:; wrote:
On 29.09.2014 13:39, Duncan Patton a Campbell wrote:
On Mon, 29 Sep 2014 05:28:27 -0600
Duncan Patton a Campbell campb...@neotext.ca javascript:; wrote:
/etc/dhclient.conf used to contain a
script tosomfile ;
option that could, amongst other things, be used to
set a dynamic assigned dns address to a named server.
This functionality has been removed and I am trying to
figure out if there was some other mechanism to accomplish
this but I can't find any refs to it in the changes
between 5.1 and 5.5.
Any info would be appreciated.
Thanks,
Dhu
--
Ne obliviscaris, vix ea nostra voco.
I found it in the 5.3 changes..
Removed dhclient-script(8) and dhclient.conf(5) script directive.
Do all interface and route configuration via ioctl's and routing
sockets.
Unfortunately this mechanism was used for more than just routing. And
without a dhclient-script to
hack I don't see how a dynamic address can be updated vi the named/key
mechanism.
Dhu
If your goal is to set entries in DNS for a machine which acts as DHCP
client there are two other possibilities I know of:
1. Use a reservation in DHCP server together with fixed entries in DNS
2. Get ISC DHCP from ports and configure it to make dynamic updates to
BIND
Depending on your exact setup there may be other ways to achieve the
same as you did with the script.
Bruno
--
Ne obliviscaris, vix ea nostra voco.
Why not have the DHCP server update DNS?
--
J. Stuart McMurray
Re: Question re dhclient.conf
On Mon, 29 Sep 2014 10:11:27 -0400
Stuart McMurray kd5...@gmail.com wrote:
On Monday, September 29, 2014, Duncan Patton a Campbell campb...@neotext.ca
wrote:
My purpose here is to allow dynamic dns updates
via nsupdate from a dhcp clients where addresses
are subject to change. I have a solution that
will remain stable so long as the !command
hook in hostname.if remains stable. This is
not as good as the dhclient.conf script interface
as it can't exclude calls that don't change
the interface, but hey...
# more /etc/hostname.nfe0
dhcp
!/usr/local/sbin/dydns.sh $if
more /usr/local/sbin/dydns.sh
#!/bin/ksh
#rdate to make sure we're sync'd with the dydns server
echo $@ /tmp/ddns.log
date /tmp/ddns.log
/usr/sbin/rdate -o 192.168.1.22
export ADDR=`ifconfig $1 | grep inet | cut -d ' ' -f 2`
echo server 192.168.1.22
zone indx.ca
key u32.indx.ca 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==
update delete u32.indx.ca. A
update add u32.indx.ca. 86400 A $ADDR
send
| nsupdate
exit 0
where key is the shared private key produced by the output of
dnssec-keygen -a HMAC-MD5 -b 512 -n USER u32.indx.ca.
found in the output file Ku32.indx.ca.+157+08659.private
and added to /var/named/keys.conf on the named server
in the form
key u32.indx.ca {
algorithm hmac-md5;
secret 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==;
};
and an entry to etc/named.conf
zone indx.ca
{
...
allow-update
{
.
.
key u32.indx.ca ;
.
.
};
};
Dhu
On Mon, 29 Sep 2014 14:13:48 +0200
Bruno Flueckiger inform...@gmx.net javascript:; wrote:
On 29.09.2014 13:39, Duncan Patton a Campbell wrote:
On Mon, 29 Sep 2014 05:28:27 -0600
Duncan Patton a Campbell campb...@neotext.ca javascript:; wrote:
/etc/dhclient.conf used to contain a
script tosomfile ;
option that could, amongst other things, be used to
set a dynamic assigned dns address to a named server.
This functionality has been removed and I am trying to
figure out if there was some other mechanism to accomplish
this but I can't find any refs to it in the changes
between 5.1 and 5.5.
Any info would be appreciated.
Thanks,
Dhu
--
Ne obliviscaris, vix ea nostra voco.
I found it in the 5.3 changes..
Removed dhclient-script(8) and dhclient.conf(5) script directive.
Do all interface and route configuration via ioctl's and routing
sockets.
Unfortunately this mechanism was used for more than just routing. And
without a dhclient-script to
hack I don't see how a dynamic address can be updated vi the named/key
mechanism.
Dhu
If your goal is to set entries in DNS for a machine which acts as DHCP
client there are two other possibilities I know of:
1. Use a reservation in DHCP server together with fixed entries in DNS
2. Get ISC DHCP from ports and configure it to make dynamic updates to
BIND
Depending on your exact setup there may be other ways to achieve the
same as you did with the script.
Bruno
--
Ne obliviscaris, vix ea nostra voco.
Why not have the DHCP server update DNS?
--
J. Stuart McMurray
This works in the case that you don't control the DHCP server
and need to rely on some public/stock configuration.
Dhu
--
Ne obliviscaris, vix ea nostra voco.
Re: Question re dhclient.conf
On Mon, Sep 29, 2014 at 08:03:14AM -0600, Duncan Patton a Campbell wrote: My purpose here is to allow dynamic dns updates via nsupdate from a dhcp clients where addresses are subject to change. I have a solution that will remain stable so long as the !command hook in hostname.if remains stable. This is not as good as the dhclient.conf script interface as it can't exclude calls that don't change the interface, but hey... # more /etc/hostname.nfe0 dhcp !/usr/local/sbin/dydns.sh $if This is executed only during boot or explicitly via netstart. So you believe your IP won't be changed by DHCP. j.
Re: Help compiling Ruby libv8 JavaScript engine
Some clarification: On 29. september 2014 at 2:04 PM, Joseph Pearson wrote: Ruby needs an interface into the JavaScript runtime, which libv8 provides. Node is a different concept entirely (though it too needs such an interface, which internally V8 provides). You can see this here: https://github.com/joseph/ruby-clean-css/blob/master/lib/ruby-clean-css/compressor.rb#L41-L45 If you have a Node project, you may just want the Clean-CSS JavaScript library. If you have a Ruby project, you want Ruby-Clean-CSS and its deps. Node itself does not act as a JS engine. Cheers, â J Thanks. O.D. On 29. september 2014 at 1:12 PM, Edho Arief wrote:On Mon, Sep 29, 2014 at 9:40 PM, wrote: Hi, Does anybody have experience compiling the Ruby libv8 JavaScript engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5? It says it can't find a supported compiler despite repeated attempts to point it to `gcc` or `g++` 4.8.2 or 4.6.4 (https://github.com/cowboyd/libv8#bring-your-own-compiler), either via the environment variable below or through symlinking: % export cxx=/usr/local/bin/eg++ the correct variable is CXX (and make sure to install gmake). Also it's better to just install nodejs if what you need is execjs' javascript runtime. -bash-4.2$ CXX=/usr/local/bin/eg++ GEM_HOME=$HOME/app/rubygems gem install libv8 Building native extensions. This could take a while... ...a long time with hopefully expected result but I stopped because it's running in a low end box... alternatively, install libv8 package and tell gem installer to use system libv8 library as per documentation: -bash-4.2$ GEM_HOME=$HOME/app/rubygems gem install libv8 -- --with-system-v8 Fetching: libv8-3.16.14.7.gem (100%) Building native extensions with: '--with-system-v8' This could take a while... Successfully installed libv8-3.16.14.7 Parsing documentation for libv8-3.16.14.7 Installing ri documentation for libv8-3.16.14.7 Done installing documentation for libv8 after 2 seconds 1 gem installed
Re: Question re dhclient.conf
On 2014-09-29, Duncan Patton a Campbell campb...@neotext.ca wrote: On Mon, 29 Sep 2014 05:28:27 -0600 Duncan Patton a Campbell campb...@neotext.ca wrote: /etc/dhclient.conf used to contain a script tosomfile ; option that could, amongst other things, be used to set a dynamic assigned dns address to a named server. This functionality has been removed and I am trying to figure out if there was some other mechanism to accomplish this but I can't find any refs to it in the changes between 5.1 and 5.5. Any info would be appreciated. Thanks, Dhu -- Ne obliviscaris, vix ea nostra voco. I found it in the 5.3 changes.. Removed dhclient-script(8) and dhclient.conf(5) script directive. Do all interface and route configuration via ioctl's and routing sockets. Unfortunately this mechanism was used for more than just routing. And without a dhclient-script to hack I don't see how a dynamic address can be updated vi the named/key mechanism. I use entr (in ports) to monitor a file written by dhclient -L which I use as a trigger, I then parse that same file to pick up the relevant information from the new lease and handle it appropriately. There were some changes to dhclient needed for this to work nicely (for example, to avoid inode number changes), IIRC these went in post-5.5.
Re: Thanks for ksh
On 2014-09-27, Javier Bassi javierba...@gmail.com wrote: On 09/25/2014 10:25 PM, ian kremlin wrote: /bin/sh is an implementation of *the bourne shell*, not the bourne-again shell (bash). in any case, neither /bin/sh nor ksh are vulnerable to the recent shellshock vulnerability. Also, if OpenBSD had bash it still wouldn't be such a big issue as it is in Linux. The most common attack vector is Apache with PHP with scripts calling to system(), shell_exec(), etc. Since hosts with OBSD have httpd chrooted, even if they installed PHP, /bin/sh wouldn't be inside the jail. And even if they added /bin/sh and someone was able to exploit it, they will be trapped inside the jail. Some other vectors: dhclient script - the dhclient in base doesn't have scripts any more, so no issue there. Other dhclient implementations still do, unlikely to use bash *by default*, though who knows what people may change on their systems. MTAs passing variables to scripts they're calling via the environment. If those scripts use bash, they're at risk. Log parsers written using bash and handling untrusted data. Also note that some systems using PHP will have /bin/sh in the chroot, as it is required for the mail() function. (pure PHP mail classes that talk SMTP directly are a better idea where possible). Unlikely to be bash on OpenBSD. But if you have machines (most likely on another OS) where you do have copies of bash in a chroot jail, be sure to update those copies too! Of course this is all hypothetical because OBSD doesn't have bash to begin with. It does have it, in packages, and it is not magically invulnerable because it runs on OpenBSD, it has the same problem as on other OS. Various things in packages explicitly use bash rather than /bin/sh so there are some cases where you may run into problems. There are updates in -stable ports (but N.B. official packages are only built for releases and -current, not -stable).
Ordering OpenBSD 5.6 in the US?
Hey all, I notice the Softpro books seller, the only one for the US, indicates that they will no longer sell OpenBSD as distribution is moving to Europe. That being the case, what would the best place to order the disc set for OpenBSD 5.6 in the US be? Any word on when a preorder will be available? Warm regards, Andrew
Re: Question re dhclient.conf
On Mon, Sep 29, 2014 at 8:42 PM, Stuart Henderson s...@spacehopper.org wrote: On 2014-09-29, Duncan Patton a Campbell campb...@neotext.ca wrote: On Mon, 29 Sep 2014 05:28:27 -0600 Duncan Patton a Campbell campb...@neotext.ca wrote: /etc/dhclient.conf used to contain a script tosomfile ; option that could, amongst other things, be used to set a dynamic assigned dns address to a named server. This functionality has been removed and I am trying to figure out if there was some other mechanism to accomplish this but I can't find any refs to it in the changes between 5.1 and 5.5. Any info would be appreciated. Thanks, Dhu -- Ne obliviscaris, vix ea nostra voco. I found it in the 5.3 changes.. Removed dhclient-script(8) and dhclient.conf(5) script directive. Do all interface and route configuration via ioctl's and routing sockets. Unfortunately this mechanism was used for more than just routing. And without a dhclient-script to hack I don't see how a dynamic address can be updated vi the named/key mechanism. I use entr (in ports) to monitor a file written by dhclient -L which I use as a trigger, I then parse that same file to pick up the relevant information from the new lease and handle it appropriately. There were some changes to dhclient needed for this to work nicely (for example, to avoid inode number changes), IIRC these went in post-5.5. I also parse and do custom action with the lease file, so i forgot all concern about the absence of script hook. I also regurlarly monitor the lease, so i did not use http://entrproject.org/ , looks good stuff (I believe may be wrong ) is there a working INotify for bsd in perl ? -- - () ascii ribbon campaign - against html e-mail /\
Re: Thanks for ksh
[ ... ] It does have it, in packages, and it is not magically invulnerable because it runs on OpenBSD, it has the same problem as on other OS. Various things in packages explicitly use bash rather than /bin/sh so there are some cases where you may run into problems. One example: 'abcde' has a dependency on 'bash'
