Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 10:52 PM, Adam Wolk wrote: On Mon, Apr 27, 2015, at 10:43 PM, Adam Wolk wrote: On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote: On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Does anyone know how serious that error is (should I be worried) and what might have caused it? Error 22 is EINVAL. I'm not sure how that can happen in this case though. Have you tried restating spamd? Hi Todd, Indeed I tried restarting spamd and the issue is the same each time. With a spamd restart the error happens immediately startup: Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming connections. Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Just noticed, that right after a previous restart it's no longer Error 22 but Error 0 Apr 27 21:50:27 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 21:51:27 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 21:52:18 tintagel spamd[8450]: listening for incoming connections. Apr 27 21:52:18 tintagel spamd[20180]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:52:25 tintagel spamd[6924]: listening for incoming connections. Apr 27 21:52:25 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:53:26 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:54:26 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:55:27 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) # ls -l /var/db/spamd -rw-r--r-- 1 _spamd _spamd 6881280 Apr 27 22:51 /var/db/spamd here's my process output limited to spamd # ps aux | grep -i spamd root 30279 0.0 3.3 68000 67956 ?? SsSun11PM1:22.68 perl: /usr/local/bin/spamd -d -u _spamdaemon -P (perl) _spamdaemon 10621 0.0 0.4 68016 8872 ?? S Sun11PM0:00.59 perl: spamd child (perl) _spamdaemon 29838 0.0 0.4 68016 8936 ?? S Sun11PM0:00.83 perl: spamd child (perl) _spamd7233 0.0 0.1 9860 1704 ?? Is10:28PM0:00.73 spamd: (pf spamd-white update) (spamd) _spamd 25915 0.0 0.3 10308 5220 ?? I 10:28PM0:00.12 spamd: [priv] (greylist) (spamd) _spamd 14894 0.0 0.0 9656 1020 ?? I 10:28PM0:00.00 spamd: (/var/db/spamd update) (spamd) root 30162 0.0 0.0 636 4 p7 R+10:52PM0:00.00 grep -i spamd (ksh) # You might also try running: $ spamdb | fgrep 66.111.4.25 Here is the output: $ spamdb | fgrep 66.111.4.25 WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0 to see if that entry is really in the database and if so see if spamdb -d can remove it. # spamdb -d 66.111.4.25 # echo $? 0 # spamdb | fgrep 66.111.4.25 WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0 - todd The weird thing is - it just started happening. I did see other weird issues like spamdb not showing any entries in short periods of time but I assumed that it was expired hosts and they always came back after a while. I did make a copy of
Re: interesting package isue....cant find with a browser.
Hi, On Apr 27, 2015 9:56 PM, Ton Muller spatie...@online.nl wrote: Ok. perhaps a bit cryptic. but this is the situation, the package portal is huge, ok, no problem with it. but finding a sertain package is a pain. i can recall from the time i was running 4.6, i when to below link http://www.openbsd.org/4.6_packages/i386.html a nice web portal opened with a discription what each package is. but for later versions it was removed. perhaps it is hidden, but i cant find it, i am not in for downloading 26gb on packages, is there a faster way to see what package who is ? Tony. install pkgmgr. -- Regards, Ville
Re: What bad things could happen if we don't use sudoedit?
On 2015-04-27, whynot sudo whynots...@safe-mail.net wrote: Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? Let's try! $ sudo ed !sh # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. -- Christian naddy Weisgerber na...@mips.inka.de
OpenBSD 5.6 and 5.7 freeze on installation on macbook pro late 2013
Hello list, I tried OpenBSD on my laptop, a macbook pro late 2013, and I have freeze while installing it. With OpenBSD 5.6, it hangs 5 minutes when printing scsibusx at softraidx: 256 targets, and then continue until prompting command from user. (with I for installation, U for upgrade, etc...). Unfortunately the keyboard doesn't work. I can type any command and nothing happens. After googling, I saw that this bugs is fixed in current. So I tried OpenBSD 5.7, the current version (1 day ago), and the result is even worse because it hangs before that. the last printed thing is uhub0 at usb0 intel xHC1 root hub rev 3.00/1.00 addr 1 Anyone has tried OpenBSD on such hardware ? Any idea on what I can do ? Any hope on getting it working ? Thanks in advance for any help, Best Regards
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 10:43 PM, Adam Wolk wrote: On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote: On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Does anyone know how serious that error is (should I be worried) and what might have caused it? Error 22 is EINVAL. I'm not sure how that can happen in this case though. Have you tried restating spamd? Hi Todd, Indeed I tried restarting spamd and the issue is the same each time. With a spamd restart the error happens immediately startup: Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming connections. Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Just noticed, that right after a previous restart it's no longer Error 22 but Error 0 Apr 27 21:50:27 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 21:51:27 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 21:52:18 tintagel spamd[8450]: listening for incoming connections. Apr 27 21:52:18 tintagel spamd[20180]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:52:25 tintagel spamd[6924]: listening for incoming connections. Apr 27 21:52:25 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:53:26 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:54:26 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) Apr 27 21:55:27 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 0) # ls -l /var/db/spamd -rw-r--r-- 1 _spamd _spamd 6881280 Apr 27 22:51 /var/db/spamd here's my process output limited to spamd # ps aux | grep -i spamd root 30279 0.0 3.3 68000 67956 ?? SsSun11PM1:22.68 perl: /usr/local/bin/spamd -d -u _spamdaemon -P (perl) _spamdaemon 10621 0.0 0.4 68016 8872 ?? S Sun11PM0:00.59 perl: spamd child (perl) _spamdaemon 29838 0.0 0.4 68016 8936 ?? S Sun11PM0:00.83 perl: spamd child (perl) _spamd7233 0.0 0.1 9860 1704 ?? Is10:28PM0:00.73 spamd: (pf spamd-white update) (spamd) _spamd 25915 0.0 0.3 10308 5220 ?? I 10:28PM0:00.12 spamd: [priv] (greylist) (spamd) _spamd 14894 0.0 0.0 9656 1020 ?? I 10:28PM0:00.00 spamd: (/var/db/spamd update) (spamd) root 30162 0.0 0.0 636 4 p7 R+10:52PM0:00.00 grep -i spamd (ksh) # You might also try running: $ spamdb | fgrep 66.111.4.25 Here is the output: $ spamdb | fgrep 66.111.4.25 WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0 to see if that entry is really in the database and if so see if spamdb -d can remove it. # spamdb -d 66.111.4.25 # echo $? 0 # spamdb | fgrep 66.111.4.25 WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0 - todd The weird thing is - it just started happening. I did see other weird issues like spamdb not showing any entries in short periods of time but I assumed that it was expired hosts and they always came back after a while. I did make a copy of my /var/db/spamd in case it's a corrupt db. Though nothing specific was happening with the host when the errors started. I started looking at /usr/src which makes me
Re: interesting package isue....cant find with a browser.
On 27-4-2015 21:46, Ville Valkonen wrote: Hi, On Apr 27, 2015 9:56 PM, Ton Muller spatie...@online.nl wrote: Ok. perhaps a bit cryptic. but this is the situation, the package portal is huge, ok, no problem with it. but finding a sertain package is a pain. i can recall from the time i was running 4.6, i when to below link http://www.openbsd.org/4.6_packages/i386.html a nice web portal opened with a discription what each package is. but for later versions it was removed. perhaps it is hidden, but i cant find it, i am not in for downloading 26gb on packages, is there a faster way to see what package who is ? Tony. install pkgmgr. -- Regards, Ville wow, that looks nice! Thankxs ! Tony.
timer_create for openbsd. Any equivalent ?
Hello list, I have a small C program using standard POSIX timer_create(2), timer_delete(2) and SIGEV_SIGNAL. It seems that OpenBSD doesn't have such API. (and doesn't have librt). I'm curious: why are they not implemented ? For security reason ? they are not easy to implement ? Maybe they are useless ? What I need to do is to call a function after x milliseconds. What do you suggest me to do ? I suppose there is a simpler and better way than using libevent for that, right ? Unfortunately it's not easy to find such information in google since we mainly found things for linux :( Any help will be very helpful. Thanls in advance.
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Does anyone know how serious that error is (should I be worried) and what might have caused it? Error 22 is EINVAL. I'm not sure how that can happen in this case though. Have you tried restating spamd? You might also try running: $ spamdb | fgrep 66.111.4.25 to see if that entry is really in the database and if so see if spamdb -d can remove it. - todd
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote:
On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote:
Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25
out1-smtp.messagingengine.com adam.w...@koparo.com
adam.w...@tintagel.pl from spamd db (Error 22)
Does anyone know how serious that error is (should I be worried) and
what might have caused it?
Error 22 is EINVAL. I'm not sure how that can happen in this case
though. Have you tried restating spamd?
Hi Todd,
Indeed I tried restarting spamd and the issue is the same each time.
With a spamd restart the error happens immediately startup:
Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25
out1-smtp.messagingengine.com adam.w...@koparo.com
adam.w...@tintagel.pl from spamd db (Error 0)
Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming
connections.
Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25
out1-smtp.messagingengine.com adam.w...@koparo.com
adam.w...@tintagel.pl from spamd db (Error 0)
You might also try running:
$ spamdb | fgrep 66.111.4.25
Here is the output:
$ spamdb | fgrep 66.111.4.25
WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0
GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0
GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0
GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0
to see if that entry is really in the database and if so see if
spamdb -d can remove it.
# spamdb -d 66.111.4.25
# echo $?
0
# spamdb | fgrep 66.111.4.25
WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0
GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0
GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0
GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0
- todd
The weird thing is - it just started happening. I did see other weird
issues
like spamdb not showing any entries in short periods of time but I
assumed
that it was expired hosts and they always came back after a while.
I did make a copy of my /var/db/spamd in case it's a corrupt db. Though
nothing
specific was happening with the host when the errors started.
I started looking at /usr/src which makes me think the issue comes from:
/usr/src/libexec/spamd/grey.c
case DBC_DEL:
memset(dbk, 0, sizeof(dbk));
dbk.size = strlen(dbc-key);
dbk.data = dbc-key;
if (db-del(db, dbk, 0)) {
syslog_r(LOG_ERR, sdata,
can't delete %s from spamd db
(%m),
dbc-key);
ret = -1;
}
break;
which uses the hash version of db.h
/usr/src/lib/libc/db/hash/hash.c
hash_delete(const DB *dbp, const DBT *key,
u_int32_t flag) /* Ignored */
{
HTAB *hashp;
hashp = (HTAB *)dbp-internal;
if (flag flag != R_CURSOR) {
hashp-err = errno = EINVAL;
return (ERROR);
}
if ((hashp-flags O_ACCMODE) == O_RDONLY) {
hashp-err = errno = EPERM;
return (ERROR);
}
return (hash_access(hashp, HASH_DELETE, (DBT *)key, NULL));
}
The line with EINVAL like you correctly pointed out.
While here, why is flag marked as /* ignored */ and the error I'm
hitting looks like code which verifies if that parameter was properly
set?
The if shouldn't have a way to trigger since del is passed 0 as the flag
parameter so I'm a bit dumbfounded here. I couldn't find any other
part of the code that could result in the exact same error message.
I am trying to write a small C program to open the db file to try and
delete
the entry from a reduced use case - so far it's being going really slow
to get
a useful test case. Not sure if I will be able to whip it up in a
reasonable time frame.
Regards,
Adam
Re: ksh manpage lies
Careful with your allegations, ok? I apologize. I wonder if RANDOM can refer to srand_deterministic.
Re: ksh manpage lies
Careful with your allegations, ok? I apologize. I wonder if RANDOM can refer to srand_deterministic. I don't see any reason. It is documenting the standards-required behaviour, and it follows it as far as I can see.
Duplicate pf rules when using groupname
Hi, I'm getting a strange output from pfctl that I cannot explain, perhaps someone lurking the list have the answer? When using interface groupnames in my pf.conf, I see the same rule 4 times when doing a pfctl -s rules. The interface group i'm using, have a vlan and carp member. Ex. pass in on groupA from groupA:network to groupB:network tag A_TO_B Will produce something like (pfctl -s rules); ... pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep state (pflow) tag A_TO_B pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep state (pflow) tag A_TO_B pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep state (pflow) tag A_TO_B pass in on groupA inet from 1.2.3.0/24 to 5.6.7.0/24 flags S/SA keep state (pflow) tag A_TO_B ... Using a single interface (ex. vlan) will only produce one line (as I expect it to do) in the pfctl -s rules output. My question is: Why are pf making 4 identical rules when using groupnames? -- Kind regards Brian S. Vangsgaard
Re: i386 bsd.rd panic
Theo de Raadt (2015-04-26 16:53 +0200): Eivind Eide (2015-04-26 13:02 +0200): I've been trying to update this -current machine with the bsd.rd from the last 4 snapshots, the last being from Sun Apr 26 02:22:08 MDT 2015. However this kernel immediately after reporting how much ram I have panics with this message: fatal protection fault (4) in supervisor mode trap type 4 code 0 eip d020204e cs 8 eflags 10006 cr2 0 cpl 0 panic: trap type 4, code=0, pc=d020204e I see the same when booting bsd.rd (#788, 24 April) on a medieval laptop. Below a dmesg from the currently installed snapshot. You don't have a NX bit. Please try a new snapshot in a few hours. Problem solved; thanks.
Re: Duplicate pf rules when using groupname
http://www.openbsd.org/faq/pf/macros.html
Lists
A list allows the specification of multiple similar criteria within a rule.
For example, multiple protocols, port numbers, addresses, etc. So, instead of
writing one filter rule for each IP address that needs to be blocked, one rule
can be written by specifying the IP addresses in a list. Lists are defined by
specifying items within { } brackets.
When pfctl(8) encounters a list during loading of the ruleset, it creates
multiple rules, one for each item in the list.
Re: timer_create for openbsd. Any equivalent ?
syphax azmole wrote: Hello list, I have a small C program using standard POSIX timer_create(2), timer_delete(2) and SIGEV_SIGNAL. It seems that OpenBSD doesn't have such API. (and doesn't have librt). I'm curious: why are they not implemented ? For security reason ? they are not easy to implement ? Maybe they are useless ? Most missing features are missing because nobody cared enough to implement them. A fair chunk of the real time extensions fall into that category. What I need to do is to call a function after x milliseconds. What do you suggest me to do ? I suppose there is a simpler and better way than using libevent for that, right ? libevent is probably the simplest. Or a timeout for poll/select whatever you're using.
Re: What bad things could happen if we don't use sudoedit?
Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. But how exactly? Why isn't it fixed? :O Oh something is broken? Please show your work.
Re: What bad things could happen if we don't use sudoedit?
Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. But how exactly? Why isn't it fixed? :O On Mon, Apr 27, 2015 at 9:49 PM, Christian Weisgerber na...@mips.inka.de wrote: On 2015-04-27, whynot sudo whynots...@safe-mail.net wrote: Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? Let's try! $ sudo ed !sh # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. -- Christian naddy Weisgerber na...@mips.inka.de
Re: What bad things could happen if we don't use sudoedit?
On Mon, Apr 27, 2015 at 9:43 PM, someone thisistheone8...@gmail.com wrote: Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. No, that's not what naddy demonstrated. He showed that NOEXEC didn't work with /bin/ed. Are you assuming that /bin/ed and /usr/bin/vi are the same program? Why did you list programs in /etc/sudoers that you didn't careful inspect and think about? But how exactly? Why isn't it fixed? :O BECAUSE WE HAVE SUDOEDIT! You asked why you should use the solution that was provided, and now that this was demonstrated you're asking why there isn't a solution? Philip Guenther
Whatever happened to reop?
A year ago, tedu@ published reop, which does everything you’d expect a PGP program to do. http://www.tedunangst.com/flak/post/reop There's GitHub site that's still active and there is ports/security/reop, maintained by jturner@, but generally it has been awfully silent. If anybody uses reop, they aren't exactly advertising it. jturner@ has a key and a Google search turned up bentley@'s key, but that's it. If tedu@ has a key, I can't find it. Is reop stillborn? -- Christian naddy Weisgerber na...@mips.inka.de
What bad things could happen if we don't use sudoedit?
Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks.
Re: What bad things could happen if we don't use sudoedit?
In the bad thing category, you could break your sudo config. What do you mean by that? Original Message From: ludovic coues cou...@gmail.com To: whynot sudo whynots...@safe-mail.net Subject: Re: What bad things could happen if we don't use sudoedit? Date: Mon, 27 Apr 2015 18:52:56 +0200 2015-04-27 18:46 GMT+02:00 whynot sudo whynots...@safe-mail.net: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. In the bad thing category, you could break your sudo config.
Re: Whatever happened to reop?
Christian Weisgerber wrote: A year ago, tedu@ published reop, which does everything you’d expect a PGP program to do. http://www.tedunangst.com/flak/post/reop There's GitHub site that's still active and there is ports/security/reop, maintained by jturner@, but generally it has been awfully silent. eh, well, it's kind of done. i've been churning over the git code, but that's been introducing (minor) bugs at a pretty steady rate, so there's no rush to make a new release.
Re: What bad things could happen if we don't use sudoedit?
On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. $ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # -- Carlin
Re: Whatever happened to reop?
On Mon, Apr 27, 2015 at 05:34:43PM +0200, Christian Weisgerber wrote: A year ago, tedu@ published reop, which does everything you???d expect a PGP program to do. http://www.tedunangst.com/flak/post/reop There's GitHub site that's still active and there is ports/security/reop, maintained by jturner@, but generally it has been awfully silent. If anybody uses reop, they aren't exactly advertising it. jturner@ has a key and a Google search turned up bentley@'s key, but that's it. If tedu@ has a key, I can't find it. Is reop stillborn? -- Christian naddy Weisgerber na...@mips.inka.de reop(1) is pretty cool; I believe bmercer@ was working on the best way to use it for signing mail, like PGP. I don't know if he posted a writeup anywhere, but it would be interesting to read. I also have a public key: -BEGIN REOP PUBLIC KEY- ident:brynet RWRDU7CoNOy78+SNSm+/FcKYjYl9j5uLvDbVOStN4r2M82w7F2EtLixByi/u4oUx9gzRFIHCk9Hz zgb+aJApmMoQ8XgZL6/SW5Lnfg== -END REOP PUBLIC KEY- ..or http://brynet.biz.tm/reop-pubkey.txt -Bryan.
Re: Duplicate pf rules when using groupname
Lists
A list allows the specification of multiple similar criteria within a
rule.
For example, multiple protocols, port numbers, addresses, etc. So,
instead of
writing one filter rule for each IP address that needs to be blocked,
one rule
can be written by specifying the IP addresses in a list. Lists are
defined by
specifying items within { } brackets.
When pfctl(8) encounters a list during loading of the ruleset, it
creates
multiple rules, one for each item in the list.
But the rule I wrote, does not use a list (if we define a list by the
use of {}).
I'm aware that PF at some point expand the groupname into some sort of
list,
but that list would have two items, not four?
Thank you for the input, but I dont see lists as being the answer to
the question.
Re: What bad things could happen if we don't use sudoedit?
On 28/04/15 05:28 +1200, Carlin Bingham wrote: On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. $ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # You can skip some mangling: $ sudo vi :!/bin/sh #
Re: What bad things could happen if we don't use sudoedit?
On Mon, Apr 27, 2015 at 1:44 PM, Richo Healey ri...@psych0tik.net wrote: On 28/04/15 05:28 +1200, Carlin Bingham wrote: On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. $ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # You can skip some mangling: $ sudo vi :!/bin/sh # Except the sudo policy provided would prevent this with NOEXEC flag.
interesting package isue....cant find with a browser.
Ok. perhaps a bit cryptic. but this is the situation, the package portal is huge, ok, no problem with it. but finding a sertain package is a pain. i can recall from the time i was running 4.6, i when to below link http://www.openbsd.org/4.6_packages/i386.html a nice web portal opened with a discription what each package is. but for later versions it was removed. perhaps it is hidden, but i cant find it, i am not in for downloading 26gb on packages, is there a faster way to see what package who is ? Tony.
Re: What bad things could happen if we don't use sudoedit?
You are perfectly correct, it was ed, not vi and sudoedit could be the solution, thanks. I will try to search the internet how to do the LD_PRELOAD trick with ed. Thanks :) On Tue, Apr 28, 2015 at 7:09 AM, Philip Guenther guent...@gmail.com wrote: On Mon, Apr 27, 2015 at 9:43 PM, someone thisistheone8...@gmail.com wrote: Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. No, that's not what naddy demonstrated. He showed that NOEXEC didn't work with /bin/ed. Are you assuming that /bin/ed and /usr/bin/vi are the same program? Why did you list programs in /etc/sudoers that you didn't careful inspect and think about? But how exactly? Why isn't it fixed? :O BECAUSE WE HAVE SUDOEDIT! You asked why you should use the solution that was provided, and now that this was demonstrated you're asking why there isn't a solution? Philip Guenther
spamdb - can't delete spam db entry (Error 22)
Hi all, I spent part of the weekend setting up a private OpenSMTPD server using spamd. Everything seems to be working great but I'm now starting to see some weird behaviour. The server is running an amd64 snapshot from Apr 25 using a default spamd configuration. Does anyone know how serious that error is (should I be worried) and what might have caused it? I did my testing by sending email from this address my gmail account to my server and I am now seeing the following messages in /var/log/daemon Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 19:55:56 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 19:56:57 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 19:57:58 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 19:58:58 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 19:59:59 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 20:01:01 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Apr 27 20:02:02 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) ... and so on They keep repeating every minute. Current spamdb entry as of 19:58:58 in the timestamp # spamdb WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|209.85.218.48|mail-oi0-f48.google.com|netpr...@gmail.com|mulan...@tintagel.pl|1430145364|1430159764|1430159764|1|0 GREY|209.85.214.175|mail-ob0-f175.google.com|netpr...@gmail.com|mulan...@tintagel.pl|1430152660|1430167060|1430167060|1|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|209.85.214.175|mail-ob0-f175.google.com|netpr...@gmail.com|mulan...@tintagel.pl|1430152660|1430167060|1430167060|1|0 GREY|209.85.214.175|mail-ob0-f175.google.com|netpr...@gmail.com|mulan...@tintagel.pl|1430152660|1430167060|1430167060|1|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|mulan...@tintagel.pl|1430146234|1430148635|1430160634|3|0 GREY|209.85.218.41|mail-oi0-f41.google.com|netpr...@gmail.com|mulan...@tintagel.pl|1430102722|1430117122|1430117122|1|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|adam.w...@koparo.com|adam.w...@tintagel.pl|1430142855|1430145035|1430157255|4|0 GREY|209.85.214.175|mail-ob0-f175.google.com|netpr...@gmail.com|mulan...@tintagel.pl|1430152660|1430167060|1430167060|1|0 spamd rc.conf.local entry: spamd_flags=-v spampd_flags=--port=10035 --relayhost=127.0.0.1:10036 --tagall -aw My pf spamd-white list # pfctl -t spamd-white -T show 66.111.4.25 My pf setup regarding spamd allow email # pass in on $ext_if proto tcp to any port smtp pass in on $ext_if proto tcp to any port submission # allow imaps port 993 pass in on $ext_if proto tcp to any port imaps # rules for spamd(8) table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in on $ext_if proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on $ext_if proto tcp from nospamd to any port smtp pass in log on $ext_if proto tcp from spamd-white to any port smtp pass out log on $ext_if proto tcp to any port smtp Regards, -- Adam Wolk adam.w...@koparo.com
Re: interesting package isue....cant find with a browser.
On Mon, 27 Apr 2015 20:56:00 +0200 Ton Muller spatie...@online.nl wrote: Ok. perhaps a bit cryptic. but this is the situation, the package portal is huge, ok, no problem with it. but finding a sertain package is a pain. i can recall from the time i was running 4.6, i when to below link http://www.openbsd.org/4.6_packages/i386.html a nice web portal opened with a discription what each package is. but for later versions it was removed. perhaps it is hidden, but i cant find it, i am not in for downloading 26gb on packages, is there a faster way to see what package who is ? Tony. It'd be nice if OpenBSD still had those VERSION_packages pages. In any case, http://openports.se/ or http://ports.su/ may prove helpful.
