Re: xscreensaver-settings keeps on crashing
I discovered that if I run xfce desktop that I have on here for thunar file manager, that it works. I don’t know why. I can’t run xscreensaver-settings under fvwm. The screensavers work though. Any suggestions? It said something about conflicting with xfce4-screensaver or something too. On Fri, Sep 29, 2023 at 06:38 John McCue wrote: > On Mon, Sep 11, 2023 at 10:51:55AM -0500, Luke Small wrote: > > > >I attached ???.xscreensaver??? I had to change the file type to send it. > > I ended up installing xscreensaver-6.05.1 via pkg_add(1) and > xscreensaver-demo and xscreensaver works good for me. > > You can get my old .xscreensaver from: > https://jmcunx.com/data/xscreensaver.txt > you would copy it to ~/.xscreensaver > > FWIW, I use a combination of xidle(1) and xlock(1) > since I try to stick with "base" whenever possible. > > This has information on using xidle/xlock that I used for my > setup. > > https://www.c0ffee.net/blog/openbsd-on-a-laptop > > HTH >
xscreensaver-settings keeps on crashing
This is incredibly frustrating and has remained a problem throughout upgrades! Do I rebuild xenocara? Anyone know how to fix this? xscreensaver-settings crashes: " $ xscreensaver-settings xscreensaver-settings: 13:47:37: X error: xscreensaver-settings: Failed request: BadMatch (invalid parameter attributes) xscreensaver-settings: Major opcode: 42 (X_SetInputFocus) xscreensaver-settings: Resource id: 0x143 xscreensaver-settings: Serial number: 454 / 456 $ "
Re: xscreensaver-settings crashes in OpenBSD 7.2
Maybe Linux-drm messed it up? On Fri, Nov 11, 2022 at 10:35 AM Luke Small wrote: > xscreensaver-settings crashes in OpenBSD 7.2 > > Graphics card shows as radeon 7450 in the dmesg, > "radeondrm0 at pci3 dev 0 function 0 "ATI Radeon HD 7450" rev 0x00", > but it is a radeon hd 6450 exactly like this one: > > > https://www.amazon.com/MSI-Profile-PCI-Express-R6450-MD1GD3-LP/dp/B004X6ABTM > > the screensavers mostly work, but I can't get to the settings menu gui. > > I've moved .xscreensaver and it didn't work either. > > This is the results of running xscreensaver-settings in a terminal : > > $ xscreensaver-settings --debug > xscreensaver-settings: 14:45:30: DISPLAY=:0 > xscreensaver-settings: 14:45:30: added "/usr/local/libexec/xscreensaver" > to $PATH > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: (pref changed) > xscreensaver-settings: 14:45:30: list selection changed > xscreensaver-settings: 14:45:30: scheduling preview "gibson -root -delay > 32743 -speed 2.477 -columns 6" > xscreensaver-settings: 14:45:30: reading > /usr/local/share/xscreensaver/config/gibson.xml... > xscreensaver-settings: 14:45:30: scheduling preview "gibson --root --delay > 32743 --speed 2.477 --columns 6" > xscreensaver-settings: 14:45:30: reading > /usr/local/share/xscreensaver/config/gibson.xml... > xscreensaver-settings: 14:45:30: scheduling preview "gibson --root --delay > 32743 --speed 2.477 --columns 6" > xscreensaver-settings: 14:45:30: select list elt 91 > xscreensaver-settings: 14:45:30: scheduling preview "gibson -root -delay > 32743 -speed 2.477 -columns 6" > xscreensaver-settings: 14:45:30: reading > /usr/local/share/xscreensaver/config/gibson.xml... > xscreensaver-settings: 14:45:30: scheduling preview "gibson --root --delay > 32743 --speed 2.477 --columns 6" > xscreensaver-settings: 14:45:31: xscreensaver-gl-visual says the GL visual > is 0x21. > xscreensaver-settings: 14:45:31: using non-default visual 0x21 > > xscreensaver-settings: 14:45:31: X error: > xscreensaver-settings: Failed request: BadMatch (invalid parameter > attributes) > xscreensaver-settings: Major opcode: 42 (X_SetInputFocus) > xscreensaver-settings: Resource id:0x83 > xscreensaver-settings: Serial number: 450 / 451 > > > > > > /etc/X11/xorg.conf : (I've tried a variation on the radeon settings and > reset them with rcctl restart xenodm, etc.) > > Section "Files" > FontPath "/usr/X11R6/lib/X11/fonts/misc/" > FontPath "/usr/X11R6/lib/X11/fonts/TTF/" > FontPath "/usr/X11R6/lib/X11/fonts/OTF/" > FontPath "/usr/X11R6/lib/X11/fonts/Type1/" > FontPath "/usr/X11R6/lib/X11/fonts/WinFonts/" > # FontPath "/usr/X11R6/lib/X11/fonts/100dpi/" > FontPath "/usr/X11R6/lib/X11/fonts/75dpi/" > FontPath "/usr/local/share/fonts/spleen" > EndSection > > Section "ServerFlags" > Option "DontZap" "true" > EndSection > > Section "Device" > Identifier "radeoncard" > Driver "radeon" > Option "TearFree" "true" > Option "DRI" "2" > Option "AccelMethod" "EXA" > Option "EXAVSync" "true" > EndSection > > > > > dmesg: > > OpenBSD 7.2 (GENERIC.MP) #0: Wed Oct 26 12:01:47 MDT 2022 > r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/ > GENERIC.MP > real mem = 51513982976 (49127MB) > avail mem = 49935368192 (47622MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9e000 (88 entries) > bios0: vendor American Megatrends Inc. version "2.1b" date 05/04/12 > bios0: Supermicro X8DTH-i/6/iF/6F > acpi0 at bios0: ACPI 4.0 > acpi0: sleep states S0 S1 S4 S5 > acp
xscreensaver-settings crashes in OpenBSD 7.2
xscreensaver-settings crashes in OpenBSD 7.2 Graphics card shows as radeon 7450 in the dmesg, "radeondrm0 at pci3 dev 0 function 0 "ATI Radeon HD 7450" rev 0x00", but it is a radeon hd 6450 exactly like this one: https://www.amazon.com/MSI-Profile-PCI-Express-R6450-MD1GD3-LP/dp/B004X6ABTM the screensavers mostly work, but I can't get to the settings menu gui. I've moved .xscreensaver and it didn't work either. This is the results of running xscreensaver-settings in a terminal : $ xscreensaver-settings --debug xscreensaver-settings: 14:45:30: DISPLAY=:0 xscreensaver-settings: 14:45:30: added "/usr/local/libexec/xscreensaver" to $PATH xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: (pref changed) xscreensaver-settings: 14:45:30: list selection changed xscreensaver-settings: 14:45:30: scheduling preview "gibson -root -delay 32743 -speed 2.477 -columns 6" xscreensaver-settings: 14:45:30: reading /usr/local/share/xscreensaver/config/gibson.xml... xscreensaver-settings: 14:45:30: scheduling preview "gibson --root --delay 32743 --speed 2.477 --columns 6" xscreensaver-settings: 14:45:30: reading /usr/local/share/xscreensaver/config/gibson.xml... xscreensaver-settings: 14:45:30: scheduling preview "gibson --root --delay 32743 --speed 2.477 --columns 6" xscreensaver-settings: 14:45:30: select list elt 91 xscreensaver-settings: 14:45:30: scheduling preview "gibson -root -delay 32743 -speed 2.477 -columns 6" xscreensaver-settings: 14:45:30: reading /usr/local/share/xscreensaver/config/gibson.xml... xscreensaver-settings: 14:45:30: scheduling preview "gibson --root --delay 32743 --speed 2.477 --columns 6" xscreensaver-settings: 14:45:31: xscreensaver-gl-visual says the GL visual is 0x21. xscreensaver-settings: 14:45:31: using non-default visual 0x21 xscreensaver-settings: 14:45:31: X error: xscreensaver-settings: Failed request: BadMatch (invalid parameter attributes) xscreensaver-settings: Major opcode: 42 (X_SetInputFocus) xscreensaver-settings: Resource id:0x83 xscreensaver-settings: Serial number: 450 / 451 /etc/X11/xorg.conf : (I've tried a variation on the radeon settings and reset them with rcctl restart xenodm, etc.) Section "Files" FontPath "/usr/X11R6/lib/X11/fonts/misc/" FontPath "/usr/X11R6/lib/X11/fonts/TTF/" FontPath "/usr/X11R6/lib/X11/fonts/OTF/" FontPath "/usr/X11R6/lib/X11/fonts/Type1/" FontPath "/usr/X11R6/lib/X11/fonts/WinFonts/" # FontPath "/usr/X11R6/lib/X11/fonts/100dpi/" FontPath "/usr/X11R6/lib/X11/fonts/75dpi/" FontPath "/usr/local/share/fonts/spleen" EndSection Section "ServerFlags" Option "DontZap" "true" EndSection Section "Device" Identifier "radeoncard" Driver "radeon" Option "TearFree" "true" Option "DRI" "2" Option "AccelMethod" "EXA" Option "EXAVSync" "true" EndSection dmesg: OpenBSD 7.2 (GENERIC.MP) #0: Wed Oct 26 12:01:47 MDT 2022 r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/ GENERIC.MP real mem = 51513982976 (49127MB) avail mem = 49935368192 (47622MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9e000 (88 entries) bios0: vendor American Megatrends Inc. version "2.1b" date 05/04/12 bios0: Supermicro X8DTH-i/6/iF/6F acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIT SPMI OEMB SRAT HPET DMAR SSDT acpi0: wakeup devices NPE2(S4) NPE3(S4) NPE4(S4) NPE5(S4) NPE6(S4) NPE7(S4) NPE8(S4) NPE9(S4) NPEA(S4) P0P1(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) EUSB(S4) USB3(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz, 3067.04 MHz, 06-2c-02 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 8-way L2 cache, 12MB 64b/line 16-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var
KARL for user programs?
So if it’s a potential vulnerability for the kernel to be linked the same without KARL (I presume because if the source code is known and ASLR and PIE can potentially be randomly overcome) then can there be a KARL type extension for cc/c++ ?-- -Luke
Boise mirror certificate expired : Boise, ID, USA : mirrors.syringanetworks.net
Boise mirror certificate expired : Boise, ID, USA : mirrors.syringanetworks.net mirrors@ didn't quite seem like it was being used. -Luke
Kqueue priorities feature?
I recall tedu@ saying my that there was no reason for there to be multiple kqueues in a program. Well I beg to differ. I have a program with 3 kqueues because I want three distinct priorities on each worker process. The parent program initializes and fork()s a process that listens and passes internet sockets to one of the worker processes which is the last worker kqueue priority. I want the workers to operate upon the socket upload and download operations within the already received internet sockets (memory and limited stalling or latency permitting) before accepting new internet sockets. This is the second kqueue priority. There are a couple other fork()ed processes; I’m not going into the weeds into why (it’s dealing with a patented process dealing with multiple clients interacting on the same data in the server), all the worker processes are socket connected to the two other processes. The first process receives data from the workers and manages timeout periods and the second receives data from the first process and sends back data to be processed back to the workers to indicate that a socket transaction is complete or otherwise needs to be terminated and I want that procedure to be completed without interruption by other kqueue events. This is the first priority. To do this at this point, I have to have what I call “the backbone” to jump around between a bunch of different kevent calls to mediate all of these distinct kqueues where each priority must be exhausted before the next priority should be dealt with. At the very least the second and third priorities need to be distinct to prevent session memory from exploding from the creation of new connections while nothing gets done on existing sockets. I suspect this is something that would be very useful to other systems. Maybe my program is a unique case which doesn’t deserve any attention, but perhaps I’m not the only one who could benefit from this…eh?!!! Or is FreeBSD the OpenBSD upstream on kqueue/kevent ? By the way, whoever unlocked kevent in -current, AMAZING -- -Luke
Re: disk lights on but top showed nothing!
I’ve seen “security” running before which was pretty busy and made it not just flash, it was solid on like the time a couple days ago. Also with a 6 disk array in a maximum 8 disk card, it has two data cables plugged into the raid card. Is it likely that all 6 disks are not only flashing lights, but solid on with one bad cable? Perhaps if it’s the raid card or maybe the data plane (maybe I could try plugging it into one of the two other 8 disk sections in the data plane it can handle 24 disks) that they’re plugged into. I’m guessing it was a consistency check by the raid card like Letcher Ross said which I presume wouldn’t show up on top. Also, with a 3 way stripe raid 10 and 15000 rpm disks, theyre not SSDs but it’s pretty responsive, there’s not a lot of latency for a process to sit on its laurels. Unless the process is sleeping, it’s gonna be difficult to not put up some big cpu percentage numbers. On Sun, Jan 2, 2022 at 11:43 AM Crystal Kolipe wrote: > On Sun, Jan 02, 2022 at 11:09:40AM -0600, Luke Small wrote: > > And if there was a super busy disk program running which would make a 2x3 > > RAID10 array of 15000 RPM disks busy running on OpenBSD, I presume it > would > > be without fail taking up more than 1 percent cpu time, which nothing > other > > than top was. > > Then you 'presume' incorrectly. > > Try running two dd processes concurrently, one that reads data from the > start > of a disk, (or in your case disk array), and one that reads data from near > the end of the disk, (or array), using the raw character devices. > > I see <1% cpu usage for both dd processes testing on my current > workstation. > > Think about why this might be happening. > > Sure, if you have a single process reading data from disk such that the > disk > is hitting it's maximum data transfer rate, it's probably reasonable to > expect > that the host CPU is going to be doing something with that data and the > reading > process will show more than 1% CPU usage in 'top'. > > However, your 'server' may well have more than one process accessing disk > at > the same time, reading from all over the media. > > To put it in very simple terms: the led that flashes on and off to show > disk > activity, will also be on whilst the heads are seeking across the disk. So > if it's going from the first cylinder to the last and back again > repeatedly, > most of that time will not be spent actually writing data to the SATA bus > or > wherever else the disk is connected, so the flow of data to the CPU will be > minimal, but the led will still be on. > > Quite possibly a particuar pattern of reads and writes caused the disk to > thrash and therefore data throughput to fall. > > Or maybe one of the disks in the array was thermal re-calibrating itself. > > Or maybe your 'server' has an unreliable data cable somewhere. > > I'm not seeing anything that suggests that it's a software issue with > OpenBSD. > -- -Luke
Re: disk lights on but top showed nothing!
It’s a 2U Supermicro pizza box server with a low profile Radeon graphics card. It’s always attached to a 32 inch monitor, a keyboard, mouse, KVM and I program on it, but it does a lot of server stuff. I doubt most people would call a pizza box a workstation no matter what you put on it. And if there was a super busy disk program running which would make a 2x3 RAID10 array of 15000 RPM disks busy running on OpenBSD, I presume it would be without fail taking up more than 1 percent cpu time, which nothing other than top was. On Sun, Jan 2, 2022 at 7:32 AM Jan Stary wrote: > On Jan 01 00:01:28, lukensm...@gmail.com wrote: > > The lights on my server which shows that the disks are busy were on and > not > > just flashing and I looked at top and usually it’s because security is > > running, but this time NOTHING! > > top shows you the top cpu usage. > That's not the same as disk activity. > > man ps > ps | grep ' D' > > > I even killed Firefox > > You are running firefox on a 'server'? > -- -Luke
Re: disk lights on but top showed nothing!
6 disk raid 10 15000 rpm array (2 mirroring x 3 striping) with a raid card which can handle a maximum of 8 disks. It didn’t last forever. mfii0 at pci12 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache scsibus2 at mfii0: 64 targets sd0 at scsibus2 targ 0 lun 0: naa.600605b00902fb50217c572a11e3e137 sd0: 418464MB, 512 bytes/sector, 857014272 sectors scsibus3 at mfii0: 256 targets ppb11 at pci7 dev 9 function 0 "Intel X58 PCIE" rev 0x22: msi pci13 at ppb11 bus 135 "Intel X58 IOxAPIC" rev 0x22 at pci7 dev 19 function 0 not configured "Intel X58 Misc" rev 0x22 at pci7 dev 20 function 0 not configured "Intel X58 GPIO" rev 0x22 at pci7 dev 20 function 1 not configured "Intel X58 RAS" rev 0x22 at pci7 dev 20 function 2 not configured "Intel X58 Throttle" rev 0x22 at pci7 dev 20 function 3 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 0 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 1 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 2 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 3 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 4 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 5 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 6 not configured "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 7 not configured vmm0 at mainbus0: VMX/EPT dt: 445 probes vscsi0 at root scsibus4 at vscsi0: 256 targets softraid0 at root scsibus5 at softraid0: 256 targets sd1 at scsibus5 targ 1 lun 0: sd1: 418458MB, 512 bytes/sector, 857002898 sectors sd2 at scsibus1 targ 5 lun 0: naa.5001173100147bc4 sd2: 95367MB, 512 bytes/sector, 195312501 sectors sd3 at scsibus1 targ 6 lun 0: naa.5001173100146d54 sd3: 95367MB, 512 bytes/sector, 195312501 sectors sd4 at scsibus1 targ 7 lun 0: naa.50011731001432cc sd4: 95367MB, 512 bytes/sector, 195312501 sectors sd5 at scsibus1 targ 8 lun 0: naa.500117310014346c sd5: 95367MB, 512 bytes/sector, 195312501 sectors disklabels not read: root on sd1a (7f4c2a49b672064f.a) swap on sd1b dump on sd1b radeondrm0: CAICOS radeondrm0: 1920x1080, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wsdisplay0: screen 1-5 added (std, vt100 emulation) On Sat, Jan 1, 2022 at 4:22 AM Crystal Kolipe wrote: > On Sat, Jan 01, 2022 at 12:01:28AM -0600, Luke Small wrote: > > The lights on my server which shows that the disks are busy were on and > not > > just flashing and I looked at top and usually it???s because security is > > running, but this time NOTHING! I even killed Firefox and by far the > > busiest thing on there was top! pftop didn???t seem especially busy > either! > > From the extremely limited information you've given, it's hard to diagnose > the problem. > > In future, please include the output of dmesg and the output of relevant > commands in problem reports. This answers questions such as: how many > disks are in this server? Are they part of an array? > > Did the output from top show a process with low or zero cpu usage, but > stuck in the biowait state? > > This can happen, for example, if you have a bad or failing data cable from > the disk to the motherboard. It can also happen with some SSDs, likely due > to the firmware doing some kind of internal management of the flash memory. > -- -Luke
disk lights on but top showed nothing!
The lights on my server which shows that the disks are busy were on and not just flashing and I looked at top and usually it’s because security is running, but this time NOTHING! I even killed Firefox and by far the busiest thing on there was top! pftop didn’t seem especially busy either!-- -Luke
I had to change NIC I’m still having issues.
I have a Ethernet westmere-ep Supermicro server I use for a local dns server which I have local devices vpn connected into. I started with em0 and I finagled a Google router/modem to give me back the same local reserved address for em3 for the new Intel i350-t2 card. I was watching “tcpdump -aetvvipflog0” and I found a pf match rewrite a wg0 state with a never before seen address like 206.xxx.xxx.xxx The rule was something like: “pass out log quick on $ext_if inet modulate state nat-to ($ext_if) tagged wireguard”, and ext_if=em3 running “pfctl -srules” Showed it as some kinda round-robin with god knows what but it was messing with my internet! I just changed it to: pass out log quick on em3 inet modulate state tagged wireguard nat-to Am I missing something? I disabled resolvd and made the name server 127.0.0.1 in resolv.conf and other stuff. Why would it do that? -- -Luke
I got a new “em” card. pf uses old “self”
I reserved a new address for the new I350-T2 card and replaced unbound.conf and all uses of it in /etc. “tcpdump -aetvvipflog0” still returns the old reserved address! What do I do? -- -Luke
Got a new “em” card. pf uses old “self”
I reserved a new address for the new I350-T2 card and replaced unbound.conf and all uses of it in /etc. “tcpdump -aetvvipflog0” still returns the old reserved address! What do I do? -- -Luke
Re: Put non-NULL pledge abort in the man page
On Thu, Nov 25, 2021 at 5:17 AM Claudio Jeker wrote: > On Thu, Nov 25, 2021 at 04:55:23AM -0600, Luke Small wrote: > > I ran ktrace. Kdump said the last thing it did was try to load > > /usr/libexec/ld.so > > > > To main(), before the unveil pledge is dropped, I added: > > > > if (unveil("/usr/libexec/", "rx") == -1) > > err(1, "unveil, line: % d", __LINE__); > > > > After running it again, it spits out an error message: > > > > ld.so: pkg_ping: can't load library 'libc.so.96.1' > > > > So I put in: > > > > if (unveil("usr/lib/", "rx") == -1) > > err(1, "unveil, line: %d", __LINE__); > > > > Now it successfully execv()s into the new process space! > > Now in the newly created program, which hasn’t set new pledge > execpromises, > > it won’t successfully run ftp(1) because it wasn’t granted the inet > > execpromise. > > > > execpromises seems to have carried over! > > Don't use execpromises. That feature is not working and no tool in OpenBSD > uses it. > > -- > :wq Claudio Okay! It’s kinda weird that the pledge man page (even in -current according to: https://man.openbsd.org/pledge.2 ) doesn’t even have a bug section which mentions that then. > -- -Luke
Re: Put non-NULL pledge abort in the man page
I ran ktrace. Kdump said the last thing it did was try to load /usr/libexec/ld.so To main(), before the unveil pledge is dropped, I added: if (unveil("/usr/libexec/", "rx") == -1) err(1, "unveil, line: % d", __LINE__); After running it again, it spits out an error message: ld.so: pkg_ping: can't load library 'libc.so.96.1' So I put in: if (unveil("usr/lib/", "rx") == -1) err(1, "unveil, line: %d", __LINE__); Now it successfully execv()s into the new process space! Now in the newly created program, which hasn’t set new pledge execpromises, it won’t successfully run ftp(1) because it wasn’t granted the inet execpromise. execpromises seems to have carried over! On Thu, Nov 25, 2021 at 2:24 AM Sebastien Marie wrote: > On Thu, Nov 25, 2021 at 01:52:31AM -0600, Luke Small wrote: > > The attachment is a version of the c file at: > > https://github.com/lukensmall/pkg_ping > > the version is the repository doesn't have your changes. Thanks for > the attached version. > > > After it does a fork-exec to ftp(1) to pipe in ftplist from a random > > hard-coded mirror, I short circuit it (for debugging) at the line that > says: > > “if (n || array_length == 0 || loop == 20)” > > by putting in “loop == 20” which is the default loop value, where it is > > decremented in further iterations of calling pkg_ping in the restart > > function which only occurs in rare download errors. If it succeeds with > the > > execv in the restart function, it should work normally. > > Just to be clear: I will not run random code (as normal user or as root). > > Could you run (as user): > > $ ktrace -di ./pkg_ping whatever-to-reproduce-the-problem > > and share the output of `kdump` ? > > Beware that the file might be large (so gzip it) and could contains > sensitive information (so better to review it). > > Seeing a gdb backtrace might be useful too. > > Thanks. > -- > Sebastien Marie > -- -Luke
Re: Put non-NULL pledge abort in the man page
I took a hard look at it again…with more printf()s. It is killed at the execv which calls the calling executable to get different random number generated values with a slightly different argv set to prevent an indefinite loop. I put the following in before the execv: int i = pledge("stdio exec rpath”, "stdio exec proc rpath cpath wpath dns id unveil tty error"); if (i == -1) err(1, "pledge, line: %d", __LINE__); After doing this it would dmesg rpath. I had to unveil(argv[0], “rx”); argv[0] which is “./pkg_ping” or “/full/path/to/pkg_ping” instead of having it as merely unveil(argv[0], “x”); which worked before. Now it gets shot in the head and leaves nothing in dmesg Does that mean that if execpromises is set, that it will get killed at every execve() series call? Does pledge/unveil not accept directly execv()ing back into the same program? Is it trying to read another file which unveil is still affecting? >> >> Luke Small wrote: >> >> > I have a program which runs fork() a couple times with pledges: “stdio >> > cpath wpath” for writing to disk and “stdio dns” for a dns caching >> process >> > after accepting command-line input. Is the execpromises, permitted to >> > increase/change to accommodate the different fork()s from the parent? If >> > so, why isn’t all of this discussed in the manpage. >> > >> > I’m running 7.0 and it immediately is killed when I run pledge with a >> > non-NULL execpromise. >> > >> > No error, just a sigabort. And nothing in the man page (even for >> -current: >> > on the web) which explains anything. >> > >> > https://github.com/lukensmall/pkg_ping >> > >> > This a command-line program is used to make manually choosing a >> responsive >> > mirror or automatically writing the most responsive OpenBSD mirror to >> > /etc/installurl very easy. >> > >> > On Wed, Nov 24, 2021 at 11:50 AM Luke Small >> wrote: >> > >> > > I tried calling pledge with a non-NULL execpromise and noticed that >> it was >> > > killed. That’d be convenient if that behavior was noted in the man >> page!-- >> > > -Luke >> > > >> > -- >> > -Luke >> > -- > -Luke > -- -Luke
Re: Put non-NULL pledge abort in the man page
It works great, up until the time that pledge() ITSELF gets shot in the head, which seems would be impossible! It’s supposed to only throw errors! Or did I miss the memo that there’s a “pledge” pledge? On Wed, Nov 24, 2021 at 8:19 PM Theo de Raadt wrote: > You have a secret program and you want people on the internet to help > you debug what you have done wrong in this secret program. > > You obviously don't know what you are doing, and I think you don't > deserve help. > > > Luke Small wrote: > > > I have a program which runs fork() a couple times with pledges: “stdio > > cpath wpath” for writing to disk and “stdio dns” for a dns caching > process > > after accepting command-line input. Is the execpromises, permitted to > > increase/change to accommodate the different fork()s from the parent? If > > so, why isn’t all of this discussed in the manpage. > > > > I’m running 7.0 and it immediately is killed when I run pledge with a > > non-NULL execpromise. > > > > No error, just a sigabort. And nothing in the man page (even for > -current: > > on the web) which explains anything. > > > > https://github.com/lukensmall/pkg_ping > > > > This a command-line program is used to make manually choosing a > responsive > > mirror or automatically writing the most responsive OpenBSD mirror to > > /etc/installurl very easy. > > > > On Wed, Nov 24, 2021 at 11:50 AM Luke Small > wrote: > > > > > I tried calling pledge with a non-NULL execpromise and noticed that it > was > > > killed. That’d be convenient if that behavior was noted in the man > page!-- > > > -Luke > > > > > -- > > -Luke > -- -Luke
Re: Put non-NULL pledge abort in the man page
I have a program which runs fork() a couple times with pledges: “stdio cpath wpath” for writing to disk and “stdio dns” for a dns caching process after accepting command-line input. Is the execpromises, permitted to increase/change to accommodate the different fork()s from the parent? If so, why isn’t all of this discussed in the manpage. I’m running 7.0 and it immediately is killed when I run pledge with a non-NULL execpromise. No error, just a sigabort. And nothing in the man page (even for -current: on the web) which explains anything. https://github.com/lukensmall/pkg_ping This a command-line program is used to make manually choosing a responsive mirror or automatically writing the most responsive OpenBSD mirror to /etc/installurl very easy. On Wed, Nov 24, 2021 at 11:50 AM Luke Small wrote: > I tried calling pledge with a non-NULL execpromise and noticed that it was > killed. That’d be convenient if that behavior was noted in the man page!-- > -Luke > -- -Luke
Put non-NULL pledge abort in the man page
I tried calling pledge with a non-NULL execpromise and noticed that it was killed. That’d be convenient if that behavior was noted in the man page!-- -Luke
clang performance bug is worse on openbsd than freebsd
https://bugs.llvm.org/show_bug.cgi?id=50026 I reported it to the llvm people. it is two slightly different quicksort algorithms which perform radically differently. The one which you could assume would take more time, performs MUCH better. I made a custom quicksort algorithm which outperforms qsort by A LOT for sorting an array of around 300 randomly created unsigned characters, which is what I use it for. if you read the report a guy said there's a 10% difference for sorting 3 million characters on freebsd, but there's about 40% performance difference on OpenBSD. maybe it's also how the OpenBSD team modified clang to prevent rop chain stuff or something? I'm using a westmere based intell server. it's the same for clang 11. What's the deal? -Luke /* clang sort_test2.c -O2 -o sort_test && ./sort_test */ /* * quicksort should be slightly faster than quicksort1 because it is * identical except quicksort1 does more work using global counters. * quicsort1 runs 41% faster. Using gcc, quicksort is instead slightly faster. */ /* * I'm using clang 10.0.1 on OpenBSD. these are my results: quicksort time = 0.004501771 quicksort1 time = 0.002655233 */ #include #include #include #include #include #include size_t m; size_t g; size_t i; /* * quicksort sorts characters on a u_char array. * 'a' is the first character on the array. * 'b' is last character on the array */ static void quicksort(u_char a[], u_char b[]) { u_char temp; if (b - a <= 1) { if (a == b) return; if (*a > *b) { temp = *a; *a = *b; *b = temp; } return; } u_char * j = a + 1; u_char * k = b; u_char u = *a; /* * This if() avoids repeated awkward special case branching * in the similar if() in the "while (++j < k)" loop */ if (*j > u) { do { if (*k < u) { temp = *j; *j = *k; *k = temp; goto skip0; } } while (j < --k); quicksort(j, b); return; skip0: if (j == --k) { *a = *j; *j = u; quicksort(j+1, b); return; } } while (++j < k) { if (*j > u) { do { if (*k < u) { temp = *j; *j = *k; *k = temp; goto skip; } } while (j < --k); quicksort(j, b); *a = *--j; *j = u; quicksort(a, j-1); return; skip: if (j == --k) { *a = *j; *j = u; quicksort(a, j-1); quicksort(j+1, b); return; } } } if (*j > u) { quicksort(j, b); *a = *--j; *j = u; quicksort(a, j-1); } else { *a = *j; *j = u; quicksort(a, j-1); if (j == b) return; quicksort(j+1, b); } } /* * quicksort1 is identical to quicksort() but it alters some global counters * it should take slightly longer to run, but it runs in half the time */ static void quicksort1(u_char a[], u_char b[], size_t level) { ++m; if (level > i) i = level; u_char temp; if (b - a <= 1) { ++g; if (a == b) return; if (*a > *b) { temp = *a; *a = *b; *b = temp; } return; } u_char * j = a + 1; u_char * k = b; u_char u = *a; /* * This if() avoids repeated awkward special case branching * in the similar if() in the "while (++j < k)" loop */ if (*j > u) { do { if (*k < u) { temp = *j; *j = *k; *k = temp; goto skip0; } } while (j < --k); quicksort1(j, b, level + 1); return; skip0: if (j == --k) { *a = *j; *j = u; quicksort1(j+1, b, level + 1); return; } } while (++j < k) { if (*j > u) { do { if (*k < u) { temp = *j; *j = *k; *k = temp; goto skip; } } while (j < --k); quicksort1(j, b, level + 1); *a = *--j; *j = u; quicksort1(a, j-1, level + 1); return; skip: if (j == --k) { *a = *j; *j = u; quicksort1(a, j-1, level + 1); quicksort1(j+1, b, level + 1); return; } } } if (*j > u) { quicksort1(j, b, level + 1); *a = *--j; *j = u; quicksort1(a, j-1, level + 1); } else { *a = *j; *j = u; quicksort1(a, j-1, level + 1); if (j == b) return; quicksort1(j+1, b, level + 1); } } int main() { long double cpu_time_used; struct timespec start, end; u_char *buffer, *buffer2; size_t y; size_t n = 3; buffer = (u_char*)malloc(n); if (buffer == NULL) err(1, "malloc"); buffer2 = (u_char*)malloc(n); if (buffer2 == NULL) err(1, "malloc"); for (y = 0; y < n; ++y) buffer[y] = rand() % 256; // run it once to clear any wrappers clock_gettime(CLOCK_PROCESS_CPUTIME_ID, ); memcpy(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, ); quicksort(buffer2, buffer2 + n - 1); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, ); cpu_time_used = (long double) (end.tv_sec - start.tv_sec) + (long double) (end.tv_nsec - start.tv_nsec) / (long double) 10; printf("\n\nquicksort\n"); printf("time = %.9Lf\n\n", cpu_time_used); memcpy(buffer2, buffer, n); i = m = g = 0; clock_gettime(CLOCK_PROCESS_CPUTIME_ID, ); quicksort1(buffer2, buffer2 + n - 1, 1);
bought an Audigy soundcard hoping it'd work.
I have a cheap 6450 radeon graphics card with unsupported audio and an Audigy FX I hoped Audigy card would work on the emu(4) driver, but doesn't seem to. I turned on sysctl kern.audio.record=1 Any thoughts? dmesg: ... azalia0 at pci3 dev 0 function 1 "ATI Radeon HD 6400 Audio" rev 0x00: msi azalia0: no supported codecs ... azalia1 at pci13 dev 0 function 0 vendor "Creative Labs", unknown product 0x0012 rev 0x01: msi azalia1: codecs: Realtek/0x0899 audio0 at azalia1 -Luke -- -Luke
Can lmdb library linked C code be profiled?
I’ve discovered that C source code only seems to be able to be profiled by gprof profiled with gcc (or egcc from gcc package) and with the “-static” flag to static link the program. But statically linked code which uses lmdb with lmdb.a from the lmdb package will throw compile-time errors. Is there a way?-- -Luke
Re: I can’t get veb/vport to work with vmd.
I got it working. I have a pretty hefty amount of vether0 and vether0:network in my pf.conf that I changed to vport0 and vport0:network. That fixed every single thing! I somehow completely forgot about all the vether0 pf rules which isolates the the various local systems so VMs are isolated from being able to do anything malicious to any local systems. I silently redirect the VMs' dns and ntp calls to my OpenBSD services to harden them a bit too. -Luke
I can’t get veb/vport to work with vmd.
There seems to be ZERO examples of using veb/vport vs bridge/vether. I am running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0 so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart veb0 then ran the vm of choice and it gets no internet. I reverted everything back and I get internet. What am I missing? -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
I didn’t think of that one. I’ll try to remember that in the future. On Sun, May 2, 2021 at 4:19 PM jpeg bild wrote: > I mean use the usb stick for the files mormozoid. boot using bsd.rd and > at the "upgrade" prompt instead of selecting http mount your drive and > select "disk" and type in the location of the mount > On Sun May 2, 2021 at 12:34 PM CST, Luke Small wrote: > > There has to be a valid partition to install it to. When I have an > > encrypted drive, that doesn’t exist using usb…chudazoid. > > > > On Sun, May 2, 2021 at 1:31 PM jpeg bild wrote: > > > > > No you don't chudazoid, you just select your usb disk with the file > sets > > > after selecting "disk" as your file location > > > > > > On Sat May 1, 2021 at 7:37 PM CST, Luke Small wrote: > > > > I would do that, but I’ll have to figure out how to manually mount my > > > > encrypted partition, which sysupgrade and bsd.rd takes care if for me > > > > automatically. > > > > > > > > On Sat, May 1, 2021 at 8:07 PM jpeg bild > wrote: > > > > > > > > > Use the fastly mirror, or download the files to a usb stick and > select > > > > > "disk" at the prompt. once you go current you can't go back, and > its > > > > > very clearly said in the FAQ as ashton said > > > > > > > > > > On Sat May 1, 2021 at 6:25 PM CST, Luke Small wrote: > > > > > > I tried that by the way. I even mv’ed my pf.conf to nullify it > and > > > > > > tried > > > > > > and it couldn’t download from the gigenet mirror which > absolutely has > > > > > > the > > > > > > 6.9 files. It didn’t work at all. Sysupgrade really needs to be > able > > > > > > to be > > > > > > working on versions as well as -r and -s! The program isn’t > > > > > > intelligent > > > > > > enough. > > > > > > > > > > > > On Sat, May 1, 2021 at 5:26 PM jpeg bild > > > wrote: > > > > > > > > > > > > > If you want to move back to stable, you would have to boot > bsd.rd > > > and > > > > > > > select "Upgrade" in the prompt, then install from http with the > > > correct > > > > > > > path for 6.9-stable > > > > > > > > > > > > > > On Fri Apr 30, 2021 at 9:49 PM CST, Luke Small wrote: > > > > > > > > We’re there major irreversible changes made to the following > > > > > snapshot: > > > > > > > > > > > > > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr > 26 > > > > > 02:26:53 > > > > > > > > MDT > > > > > > > > 2021 > > > > > > > > > > > > > > > > which would render in incapable of a downgrade? > > > > > > > > -- > > > > > > > > -Luke > > > > > > > > > > > > > > -- > > > > > > -Luke > > > > > > > > > > -- > > > > -Luke > > > > > > -- > > -Luke > > -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
That change to undo the “supersede” command to look at the local unbound server in dhclient.conf fixed it. Downloading 6.9 release as we speak. On Sun, May 2, 2021 at 1:34 PM Luke Small wrote: > There has to be a valid partition to install it to. When I have an > encrypted drive, that doesn’t exist using usb…chudazoid. > > On Sun, May 2, 2021 at 1:31 PM jpeg bild wrote: > >> No you don't chudazoid, you just select your usb disk with the file sets >> after selecting "disk" as your file location >> >> On Sat May 1, 2021 at 7:37 PM CST, Luke Small wrote: >> > I would do that, but I’ll have to figure out how to manually mount my >> > encrypted partition, which sysupgrade and bsd.rd takes care if for me >> > automatically. >> > >> > On Sat, May 1, 2021 at 8:07 PM jpeg bild wrote: >> > >> > > Use the fastly mirror, or download the files to a usb stick and select >> > > "disk" at the prompt. once you go current you can't go back, and its >> > > very clearly said in the FAQ as ashton said >> > > >> > > On Sat May 1, 2021 at 6:25 PM CST, Luke Small wrote: >> > > > I tried that by the way. I even mv’ed my pf.conf to nullify it and >> > > > tried >> > > > and it couldn’t download from the gigenet mirror which absolutely >> has >> > > > the >> > > > 6.9 files. It didn’t work at all. Sysupgrade really needs to be able >> > > > to be >> > > > working on versions as well as -r and -s! The program isn’t >> > > > intelligent >> > > > enough. >> > > > >> > > > On Sat, May 1, 2021 at 5:26 PM jpeg bild >> wrote: >> > > > >> > > > > If you want to move back to stable, you would have to boot bsd.rd >> and >> > > > > select "Upgrade" in the prompt, then install from http with the >> correct >> > > > > path for 6.9-stable >> > > > > >> > > > > On Fri Apr 30, 2021 at 9:49 PM CST, Luke Small wrote: >> > > > > > We’re there major irreversible changes made to the following >> > > snapshot: >> > > > > > >> > > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 >> > > 02:26:53 >> > > > > > MDT >> > > > > > 2021 >> > > > > > >> > > > > > which would render in incapable of a downgrade? >> > > > > > -- >> > > > > > -Luke >> > > > > >> > > > > -- >> > > > -Luke >> > > >> > > -- >> > -Luke >> >> -- > -Luke > -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
There has to be a valid partition to install it to. When I have an encrypted drive, that doesn’t exist using usb…chudazoid. On Sun, May 2, 2021 at 1:31 PM jpeg bild wrote: > No you don't chudazoid, you just select your usb disk with the file sets > after selecting "disk" as your file location > > On Sat May 1, 2021 at 7:37 PM CST, Luke Small wrote: > > I would do that, but I’ll have to figure out how to manually mount my > > encrypted partition, which sysupgrade and bsd.rd takes care if for me > > automatically. > > > > On Sat, May 1, 2021 at 8:07 PM jpeg bild wrote: > > > > > Use the fastly mirror, or download the files to a usb stick and select > > > "disk" at the prompt. once you go current you can't go back, and its > > > very clearly said in the FAQ as ashton said > > > > > > On Sat May 1, 2021 at 6:25 PM CST, Luke Small wrote: > > > > I tried that by the way. I even mv’ed my pf.conf to nullify it and > > > > tried > > > > and it couldn’t download from the gigenet mirror which absolutely has > > > > the > > > > 6.9 files. It didn’t work at all. Sysupgrade really needs to be able > > > > to be > > > > working on versions as well as -r and -s! The program isn’t > > > > intelligent > > > > enough. > > > > > > > > On Sat, May 1, 2021 at 5:26 PM jpeg bild > wrote: > > > > > > > > > If you want to move back to stable, you would have to boot bsd.rd > and > > > > > select "Upgrade" in the prompt, then install from http with the > correct > > > > > path for 6.9-stable > > > > > > > > > > On Fri Apr 30, 2021 at 9:49 PM CST, Luke Small wrote: > > > > > > We’re there major irreversible changes made to the following > > > snapshot: > > > > > > > > > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 > > > 02:26:53 > > > > > > MDT > > > > > > 2021 > > > > > > > > > > > > which would render in incapable of a downgrade? > > > > > > -- > > > > > > -Luke > > > > > > > > > > -- > > > > -Luke > > > > > > -- > > -Luke > > -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
I would do that, but I’ll have to figure out how to manually mount my encrypted partition, which sysupgrade and bsd.rd takes care if for me automatically. On Sat, May 1, 2021 at 8:07 PM jpeg bild wrote: > Use the fastly mirror, or download the files to a usb stick and select > "disk" at the prompt. once you go current you can't go back, and its > very clearly said in the FAQ as ashton said > > On Sat May 1, 2021 at 6:25 PM CST, Luke Small wrote: > > I tried that by the way. I even mv’ed my pf.conf to nullify it and > > tried > > and it couldn’t download from the gigenet mirror which absolutely has > > the > > 6.9 files. It didn’t work at all. Sysupgrade really needs to be able > > to be > > working on versions as well as -r and -s! The program isn’t > > intelligent > > enough. > > > > On Sat, May 1, 2021 at 5:26 PM jpeg bild wrote: > > > > > If you want to move back to stable, you would have to boot bsd.rd and > > > select "Upgrade" in the prompt, then install from http with the correct > > > path for 6.9-stable > > > > > > On Fri Apr 30, 2021 at 9:49 PM CST, Luke Small wrote: > > > > We’re there major irreversible changes made to the following > snapshot: > > > > > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 > 02:26:53 > > > > MDT > > > > 2021 > > > > > > > > which would render in incapable of a downgrade? > > > > -- > > > > -Luke > > > > > > -- > > -Luke > > -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
I thought I’d be nice and try the beta to help out, but if the ramdisk doesn’t even work anymore like it has in the past for me, I’m just going from 6.9-current to 7.0-stable and never looking back at trying current anymore. I could try sysupgrade -n and download the requisite 6.9-release files to replace them, but I’m too worried it’d be messed in some way and brick my machine. I have a simple network setup of google fiber with a modem/router at 196.168.1.1 which the default pf.conf should work instead of my pretty complicated (for a home network) pf.conf . I have no clue why the bsd.rd doesn’t work anymore…unless the dhclient.conf which I’ve told to listen to localhost for unbound and dnscrypt-proxy is gumming things up. I sure wish sysupgrade was more reasonable. Even pkg_add permits “downgrade” On Sat, May 1, 2021 at 7:51 PM Theo de Raadt wrote: > The FAQ speaks to this matter. > > Noone else has anything more to say. > > Please stop begging for personal handholding, everyone is getting > embarrassed. > > > > Luke Small wrote: > > > I tried that by the way. I even mv’ed my pf.conf to nullify it and tried > > and it couldn’t download from the gigenet mirror which absolutely has the > > 6.9 files. It didn’t work at all. Sysupgrade really needs to be able to > be > > working on versions as well as -r and -s! The program isn’t intelligent > > enough. > > > > On Sat, May 1, 2021 at 5:26 PM jpeg bild wrote: > > > > > If you want to move back to stable, you would have to boot bsd.rd and > > > select "Upgrade" in the prompt, then install from http with the correct > > > path for 6.9-stable > > > > > > On Fri Apr 30, 2021 at 9:49 PM CST, Luke Small wrote: > > > > We’re there major irreversible changes made to the following > snapshot: > > > > > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 > 02:26:53 > > > > MDT > > > > 2021 > > > > > > > > which would render in incapable of a downgrade? > > > > -- > > > > -Luke > > > > > > -- > > -Luke > -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
I tried that by the way. I even mv’ed my pf.conf to nullify it and tried and it couldn’t download from the gigenet mirror which absolutely has the 6.9 files. It didn’t work at all. Sysupgrade really needs to be able to be working on versions as well as -r and -s! The program isn’t intelligent enough. On Sat, May 1, 2021 at 5:26 PM jpeg bild wrote: > If you want to move back to stable, you would have to boot bsd.rd and > select "Upgrade" in the prompt, then install from http with the correct > path for 6.9-stable > > On Fri Apr 30, 2021 at 9:49 PM CST, Luke Small wrote: > > We’re there major irreversible changes made to the following snapshot: > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 02:26:53 > > MDT > > 2021 > > > > which would render in incapable of a downgrade? > > -- > > -Luke > > -- -Luke
Re: Can I do 4-26 snapshot to 6.9-stable safely?
I google searched: “site:openbsd.org (snapshot OR current) (stable OR release) faq” and found no results which speaks of minor downgrades. Also, “sysupgrade -r” defaults to 7.0 when trying to upgrade from previous 6.9 snapshots to release. Is it intended to require folks to use bsd.rd (or use an iso) to make that change? On Fri, Apr 30, 2021 at 11:01 PM Theo de Raadt wrote: > Luke Small wrote: > > > We’re there major irreversible changes made to the following snapshot: > > > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 02:26:53 > MDT > > 2021 > > > > which would render in incapable of a downgrade? > > The FAQ has a clear & simple answer to that question, and it is our > belief that noone deserves an independently decided answer on a > case-by-case basis. Basically, stop wasting our time. > > -- -Luke
Can I do 4-26 snapshot to 6.9-stable safely?
We’re there major irreversible changes made to the following snapshot: kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 02:26:53 MDT 2021 which would render in incapable of a downgrade? -- -Luke
Can I shorten fw_update download timeout?
I make unbound connect to dnscrypt-proxy and after an update, it’ll just sit there for what seems like 2 minutes while fw_update inevitably fails before turning on dnscrypt-proxy. I’ve been running snapshots and that’s really dumb. Or is there a way to have unbound connect to a failover server when the default resolver isn’t responsive that I’m not aware of?-- -Luke
Re: FVWM terminal emulator transparency issue in -current
Thanks! I just made it run at opacity .55 and I LOVE IT! Thanks! On Mon, Feb 15, 2021 at 11:25 PM Thomas Frohwein wrote: > On Mon, Feb 15, 2021 at 05:03:55PM -0600, Luke Small wrote: > > I'm running fvwm window manager and I just switched to -current. Roxterm > is > > totally messed up, won't do transparent background and I tried > > xfce4-terminal and it says it won't do transparent backgrounds because > > compositing is disabled Sure first-world problems, but I REALLY want > > fvwm to do transparent terminal emulators! > > You can just run a compositor. xcompmgr(1) is in the X install. I > personally > use compton from the package of the same name. picom (also in packages) is > supposed to be a successor to compton. They allow more compositor tricks > than xompmgr. > > I've never got application's transparency settings to work well, so my > .kshrc (set in ENV in .profile) contains lines calling transset-df from > the package of the same name: > > [ -n "$XTERM_VERSION" ] && transset-df --id "$WINDOWID" 0.85 > /dev/null > [ -n "$KITTY_WINDOW_ID" ] && transset-df --id "$WINDOWID" 0.85 > /dev/null >
FVWM terminal emulator transparency issue in -current
I'm running fvwm window manager and I just switched to -current. Roxterm is totally messed up, won't do transparent background and I tried xfce4-terminal and it says it won't do transparent backgrounds because compositing is disabled Sure first-world problems, but I REALLY want fvwm to do transparent terminal emulators! -Luke
Snort for httpd’s https sessions?!
Is there a way for a hook(?) for snort to read plaintext https sessions in OpenBSD’s httpd?! That’d be SUPER SWEET!-- -Luke
pf and Wireguard
... Change: match out on egress from (wg0:network) to any nat-to (egress:0) To: match on egress from (wg0:network) to any nat-to (egress:0) tag “wireguard” pass tagged “wireguard” keep state -- -Luke
USA kernel hackers looking for a $120k+ job?
I’m applying for federal grant which will hopefully start about March or April and I’m looking for somebody who can work on OpenBSD and in C (perhaps with a touch of python) to do the server side of an extraordinary dating app which will be able to prove STD uninfectiousness! -- -Luke
fullscreen iridium stops me scrolling to another fvwm virt. desktop!
fullscreen iridium browser often stops letting me scroll to another fvwm virtual desktop, but I never have that problem with firefox! Whats the deal? On iridium, I either have to click on the browser window border or I have to unmaximize the browser window to leave space between the browser window and the virtual desktop border. -Luke
Re: strlcpy version speed tests?
Are you clinging to traditions for some purpose? I gave two different versions. strlcpy3 is clearly more easily understood and even slightly faster and strlcpy4 which sets up the following workhorse lines which through timing the functions is hands down faster on my Xeon chips: strlcpy4: while (--nleft != 0) if ((*++dst = *++src) == '\0') ... the others: while (--nleft != 0) if ((*dst++ = *src++) == '\0') ... I spoke to my favorite university computer science professor who said ++n is faster than n++ because the function needs to store the initial value, increment, then return the stored value in the former case, while the later merely increments, and returns the value. Apparently, he is still correct on modern hardware. -- -Luke
Re: strlcpy version speed tests?
I suppose this strlcpy4 without a goto is more elegant -Luke On Tue, Jun 30, 2020 at 10:07 PM Luke Small wrote: > I made it SUPER easy to test my assertion. The code is there. No > configuration needed. > > On Tue, Jun 30, 2020 at 9:59 PM Theo de Raadt wrote: > >> Luke Small wrote: >> >> > So did you run the program on one of those? >> >> Why would I? >> >> i see a sales pitch >> >> and i go BULLSHIT >> >> and I'm done >> >> -- > -Luke > #include #include #include #include #include #include /* cc strlcpy_test.c -pipe -O2 -o strlcpy_test && ./strlcpy_testfast */ /* * Copy string src to buffer dst of size dsize. At most dsize-1 * chars will be copied. Always NUL terminates (unless dsize == 0). * Returns strlen(src); if retval >= dsize, truncation occurred. */ static size_t strlcpy0(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; /* Copy as many bytes as will fit. */ if (nleft != 0) { while (--nleft != 0) { if ((*dst++ = *src++) == '\0') break; } } /* Not enough room in dst, add NUL and traverse rest of src. */ if (nleft == 0) { if (dsize != 0) *dst = '\0'; /* NUL-terminate dst */ while (*src++) ; } return(src - osrc - 1); /* count does not include NUL */ } static size_t strlcpy3(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; if (nleft != 0) { /* Copy as many bytes as will fit. */ while (--nleft != 0) if ((*dst++ = *src++) == '\0') return(src - osrc - 1); *dst = '\0'; } /* Not enough room in dst, traverse rest of src. */ while (*src++) ; return(src - osrc - 1); /* count does not include NUL */ } static size_t strlcpy4(char dst[], const char src[], size_t dsize) { const char *osrc = src; size_t nleft = dsize; if (nleft != 0) { if (--nleft == 0) { *dst = '\0'; /* NUL-terminate dst */ if (*src == '\0') return 0; } else { /* Copy as many bytes as will fit. */ if ((*dst = *src) == '\0') return 0; while (--nleft != 0) if ((*++dst = *++src) == '\0') return(src - osrc); dst[1] = '\0'; /* NUL-terminate dst */ } } else if (*src == '\0') return 0; /* Not enough room in dst, traverse rest of src. */ while (*++src) ; return(src - osrc); /* count does not include NUL */ } int main() { long double cpu_time_used; size_t y; struct timespec tv_start, tv_end; char *buffer, *buffer2; size_t n = 5; size_t m = n + 50; buffer = malloc(m); if (buffer == NULL) err(1, "malloc"); buffer2 = malloc(n); if (buffer2 == NULL) err(1, "malloc"); /* no intermediate '\0' */ for (y = 0; y < m; ++y) buffer[y] = arc4random_uniform(255) + 1; buffer[m - 1] = '\0'; clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy\n"); printf("time = %.9Lf\n\n\n", cpu_time_used); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy0(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy0\n"); printf("time = %.9Lf\n\n\n", cpu_time_used); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy3(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy3\n"); printf("time = %.9Lf\n\n\n", cpu_time_used); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy4(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy4\n"); printf("time = %.9Lf\n\n\n", cpu_time_used); return 0; }
strlcpy version speed tests?
I made a couple different versions if anybody is interested! -Luke #include #include #include #include #include #include /* cc strlcpy_test.c -pipe -O2 -o strlcpy_test && ./strlcpy_testfast */ /* * Copy string src to buffer dst of size dsize. At most dsize-1 * chars will be copied. Always NUL terminates (unless dsize == 0). * Returns strlen(src); if retval >= dsize, truncation occurred. */ static size_t strlcpy0(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; /* Copy as many bytes as will fit. */ if (nleft != 0) { while (--nleft != 0) { if ((*dst++ = *src++) == '\0') break; } } /* Not enough room in dst, add NUL and traverse rest of src. */ if (nleft == 0) { if (dsize != 0) *dst = '\0'; /* NUL-terminate dst */ while (*src++) ; } return(src - osrc - 1); /* count does not include NUL */ } static size_t strlcpy3(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; if (nleft != 0) { /* Copy as many bytes as will fit. */ while (--nleft != 0) if ((*dst++ = *src++) == '\0') return(src - osrc - 1); *dst = '\0'; } /* Not enough room in dst, traverse rest of src. */ while (*src++) ; return(src - osrc - 1); /* count does not include NUL */ } static size_t strlcpy4(char dst[], const char src[], size_t dsize) { const char *osrc = src; size_t nleft = dsize; if (nleft != 0) { if (--nleft == 0) { *dst = '\0'; if (*src == '\0') return 0; goto strlcpy_jump; } /* Copy as many bytes as will fit. */ if ((*dst = *src) == '\0') return 0; while (--nleft != 0) if ((*++dst = *++src) == '\0') return(src - osrc); dst[1] = '\0'; /* NUL-terminate dst */ } else if (*src == '\0') return 0; strlcpy_jump: /* Not enough room in dst, traverse rest of src. */ while (*++src) ; return(src - osrc); /* count does not include NUL */ } int main() { long double cpu_time_used; size_t y; struct timespec tv_start, tv_end; char *buffer, *buffer2; size_t n = 5; size_t m = n + 500; buffer = malloc(m); if (buffer == NULL) err(1, "malloc"); buffer2 = malloc(n); if (buffer2 == NULL) err(1, "malloc"); /* no intermediate '\0' */ for (y = 0; y < m; ++y) buffer[y] = arc4random_uniform(255) + 1; buffer[m - 1] = '\0'; clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy\n"); printf("time = %.9Lf\n\n\n", cpu_time_used); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy0(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy0\n"); printf("time = %.9Lf\n\n\n", cpu_time_used); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy3(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy3 \n"); printf("time = %.9Lf\n\n\n", cpu_time_used); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _start); strlcpy4(buffer2, buffer, n); clock_gettime(CLOCK_PROCESS_CPUTIME_ID, _end); cpu_time_used = (long double) (tv_end.tv_sec - tv_start.tv_sec) + (long double) (tv_end.tv_nsec - tv_start.tv_nsec) / (long double) 10; printf("\n\nstrlcpy4 \n"); printf("time = %.9Lf\n\n\n", cpu_time_used); return 0; }
why isn't strlcpy written like this:
strlcpy is: size_t strlcpy(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; /* Copy as many bytes as will fit. */ if (nleft != 0) { while (--nleft != 0) { if ((*dst++ = *src++) == '\0') break; } } /* Not enough room in dst, add NUL and traverse rest of src. */ if (nleft == 0) { if (dsize != 0) *dst = '\0'; /* NUL-terminate dst */ while (*src++) ; } return(src - osrc - 1); /* count does not include NUL */ } why isn't it like this (this version is faster too): size_t strlcpy2(char *dst, const char *src, size_t dsize) { const char *osrc = src; if (dsize != 0) { /* Copy as many bytes as will fit. */ while (--dsize != 0) if ((*dst++ = *src++) == '\0') return(src - osrc - 1); *dst = '\0'; } /* Not enough room in dst, traverse rest of src. */ while (*src++) ; return(src - osrc - 1); /* count does not include NUL */ } -Luke
Re: Filling a 4TB Disk with Random Data
if you have access to packages, you could "pkg_add pv" and: "dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m" It will show you in real time how much random data has been written to disk. -Luke On Wed, Jun 10, 2020 at 11:43 AM Luke Small wrote: > I mean: "dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m" > > -Luke > > > On Wed, Jun 10, 2020 at 11:41 AM Luke Small wrote: > >> if you have access to packages, you could "pkg_add pv" >> >> and: >> >> "dd if=/dev/random | pv | of=/dev/rsdXc bs=1m" >> >> It will show you in real time how much random >> >> data has been written to disk. >> >> -Luke >> >
realpath(3) to unveil() symbolic links!
You can use unveil() on both a symbolic link and the value recovered by putting it in realpath(3)! I used it in what I submitted for unveiling ftp(1) -- -Luke
Re: I unveil()ed ftp(1)!
I made symbolic links “ln -s /etc/ssl/cert.pem ”. I used the realpath command and it worked in the software I submitted. On Thu, Jun 4, 2020 at 11:06 AM Theo de Raadt wrote: > No. > > I'm guessing you don't understand symbolic links. > > Look, this is a waste of time. > > > Luke Small wrote: > > > --80daf105a7444c30 > > Content-Type: text/plain; charset="UTF-8" > > Content-Transfer-Encoding: 8bit > > > > In the case of 1 URLs couldn’t you at least merely unveil “./“ as > “cw”; > > make any specified cafile/capath including shortcut resolution as “r” > > (perhaps with the shell “x”) so that at worst, current directory files > > could be overwritten, but not read? > > > > On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt > wrote: > > > > > You really don't get it. > > > > > > + unveil_list = calloc(2 * argc, sizeof(char*)); > > > > > > Imagine argc is 1. > > > > > > + for (i = 2 * argc - 2; i >= 0; i -= 2) { > > > + if (unveil_list[i]) { > > > + if (unveil(unveil_list[i], > "r") == > > > -1) > > > ... > > > + if (unveil_list[i | 1]) { > > > + if (unveil(unveil_list[i | 1], > > > "cw") == -1) > > > + err(1, "unveil"); > > > ... > > > > > > > > > E2BIG The addition of path would exceed the > per-process > > > limit for unveiled paths. > > > > > > > > > Great, under fairly normal usage ftp aborts with an error. > > > > > > Since you start with up to 8 others, it looks like this limit is easily > > > hit at around 120 filenames. > > > > > > So ftp simply fails to perform the task it is designed for. > > > > > > Your proposal is to break the command. > > > > > > -- > > -Luke > > > > --80daf105a7444c30 > > Content-Type: text/html; charset="UTF-8" > > Content-Transfer-Encoding: 8bit > > > > In the case of 1 URLs couldn’t you at least > merely unveil “./“ as “cw”; make any specified cafile/capath including > shortcut resolution as “r” (perhaps with the shell “x”) so that at worst, > current directory files could be overwritten, but not > read? class="gmail_attr">On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt href="mailto:dera...@openbsd.org;>dera...@openbsd.org > wrote:You > really dont get it. > > > > + unveil_list = calloc(2 * argc, > sizeof(char*)); > > > > Imagine argc is 1. > > > > + for (i = 2 * argc - 2; i = 0; i -= 2) { > > + if (unveil_list[i]) { > > + if (unveil(unveil_list[i], > r) == -1) > > ... > > + if (unveil_list[i | 1]) { > > + if (unveil(unveil_list[i | 1], > cw) == -1) > > + err(1, > unveil); > > ... > > > > > > E2BIG The addition of path would exceed the > per-process > > limit for unveiled paths. > > > > > > Great, under fairly normal usage ftp aborts with an error. > > > > Since you start with up to 8 others, it looks like this limit is > easily > > hit at around 120 filenames. > > > > So ftp simply fails to perform the task it is designed for. > > > > Your proposal is to break the command. > > > > -- data-smartmail="gmail_signature">-Luke > > > > --80daf105a7444c30-- > -- -Luke
Re: I unveil()ed ftp(1)!
In the case of 1 URLs couldn’t you at least merely unveil “./“ as “cw”; make any specified cafile/capath including shortcut resolution as “r” (perhaps with the shell “x”) so that at worst, current directory files could be overwritten, but not read? On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt wrote: > You really don't get it. > > + unveil_list = calloc(2 * argc, sizeof(char*)); > > Imagine argc is 1. > > + for (i = 2 * argc - 2; i >= 0; i -= 2) { > + if (unveil_list[i]) { > + if (unveil(unveil_list[i], "r") == > -1) > ... > + if (unveil_list[i | 1]) { > + if (unveil(unveil_list[i | 1], > "cw") == -1) > + err(1, "unveil"); > ... > > > E2BIG The addition of path would exceed the per-process > limit for unveiled paths. > > > Great, under fairly normal usage ftp aborts with an error. > > Since you start with up to 8 others, it looks like this limit is easily > hit at around 120 filenames. > > So ftp simply fails to perform the task it is designed for. > > Your proposal is to break the command. > > -- -Luke
Re: I unveil()ed ftp(1)!
there was tiny error I created. -Luke On Wed, Jun 3, 2020 at 2:24 PM Luke Small wrote: > There! It doesn't use an unveil list. It has 2 dry runs as proposed. > It could just have a dry run to see if it goes into interactive mode > and then unveil as we go! but I like to see all the unveil calls before > the ftp output statements myself! > -Luke > > > On Wed, Jun 3, 2020 at 11:30 AM Luke Small wrote: > >> Or you could have 2 dry runs. One to merely see that it won't head into >> interactive mode >> and a second one to start the unveiling directly in fetch.c. Unless >> unveil itself will >> have too many entries! >> -Luke >> >> >> On Wed, Jun 3, 2020 at 11:12 AM Luke Small wrote: >> >>> I figure if it took up that much stack space from before, it'd start >>> needing to >>> dang near run the stack into on-disk virtual memory anyway. At that >>> point, >>> it'd perhaps be a better design choice to break up your ftp calls into >>> slightly >>> smaller chunks to avoid massively poor performance, yeah? LOL >>> >>> If you're really worried about it, perhaps you could put in a goto which >>> jumps >>> over the offending part, when argc is so massive that >>> it would cause such a thing...Hmmm. >>> -Luke >>> >>> >>> On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt >>> wrote: >>> >>>> You really don't get it. >>>> >>>> + unveil_list = calloc(2 * argc, sizeof(char*)); >>>> >>>> Imagine argc is 1. >>>> >>>> + for (i = 2 * argc - 2; i >= 0; i -= 2) { >>>> + if (unveil_list[i]) { >>>> + if (unveil(unveil_list[i], "r") >>>> == -1) >>>> ... >>>> + if (unveil_list[i | 1]) { >>>> + if (unveil(unveil_list[i | 1], >>>> "cw") == -1) >>>> + err(1, "unveil"); >>>> ... >>>> >>>> >>>> E2BIG The addition of path would exceed the >>>> per-process >>>> limit for unveiled paths. >>>> >>>> >>>> Great, under fairly normal usage ftp aborts with an error. >>>> >>>> Since you start with up to 8 others, it looks like this limit is easily >>>> hit at around 120 filenames. >>>> >>>> So ftp simply fails to perform the task it is designed for. >>>> >>>> Your proposal is to break the command. >>>> >>>> Common subdirectories: /usr/src/usr.bin/ftp/CVS and /home/luke/ftp/CVS diff -uNp /usr/src/usr.bin/ftp/extern.h /home/luke/ftp/extern.h --- /usr/src/usr.bin/ftp/extern.h Thu May 16 07:44:17 2019 +++ /home/luke/ftp/extern.h Wed Jun 3 13:41:49 2020 @@ -69,6 +69,7 @@ void abortrecv(int); void alarmtimer(int); int another(int *, char ***, const char *); int auto_fetch(int, char **, char *); +int auto_fetch_u(int, char **, char *, int, int); void blkfree(char **); void cdup(int, char **); void cmdabort(int); diff -uNp /usr/src/usr.bin/ftp/fetch.c /home/luke/ftp/fetch.c --- /usr/src/usr.bin/ftp/fetch.c Fri Feb 21 19:00:07 2020 +++ /home/luke/ftp/fetch.c Wed Jun 3 15:51:45 2020 @@ -68,8 +68,10 @@ struct tls; #include "ftp_var.h" #include "cmds.h" -static int file_get(const char *, const char *); +//~ static int file_get(const char *, const char *); +static int file_get_u(const char *, const char *, int, int); static int url_get(const char *, const char *, const char *, int); +static int url_get_u(const char *, const char *, const char *, int, int, int); static int save_chunked(FILE *, struct tls *, int , char *, size_t); static void aborthttp(int); static void abortfile(int); @@ -186,8 +188,14 @@ tooslow(int signo) * Copy a local file (used by the OpenBSD installer). * Returns -1 on failure, 0 on success */ +//~ static int +//~ file_get(const char *path, const char *outfile) +//~ { + //~ return file_get_u(path, outfile, 1, 0); +//~ } + static int -file_get(const char *path, const char *outfile) +file_get_u(const char *path, const char *outfile, int ready, int tout) { struct stat st; int fd, out, rval = -1, save_errno; @@ -200,17 +208,28 @@ file_get(const char *path, const char *outfile) direction = "received"; - fd = open(path, O_RDONLY); - if (fd == -1) { - warn("Can't open file %s", path); - return -1; - } + if (ready) { + +
Re: I unveil()ed ftp(1)!
There! It doesn't use an unveil list. It has 2 dry runs as proposed. It could just have a dry run to see if it goes into interactive mode and then unveil as we go! but I like to see all the unveil calls before the ftp output statements myself! -Luke On Wed, Jun 3, 2020 at 11:30 AM Luke Small wrote: > Or you could have 2 dry runs. One to merely see that it won't head into > interactive mode > and a second one to start the unveiling directly in fetch.c. Unless unveil > itself will > have too many entries! > -Luke > > > On Wed, Jun 3, 2020 at 11:12 AM Luke Small wrote: > >> I figure if it took up that much stack space from before, it'd start >> needing to >> dang near run the stack into on-disk virtual memory anyway. At that point, >> it'd perhaps be a better design choice to break up your ftp calls into >> slightly >> smaller chunks to avoid massively poor performance, yeah? LOL >> >> If you're really worried about it, perhaps you could put in a goto which >> jumps >> over the offending part, when argc is so massive that >> it would cause such a thing...Hmmm. >> -Luke >> >> >> On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt >> wrote: >> >>> You really don't get it. >>> >>> + unveil_list = calloc(2 * argc, sizeof(char*)); >>> >>> Imagine argc is 1. >>> >>> + for (i = 2 * argc - 2; i >= 0; i -= 2) { >>> + if (unveil_list[i]) { >>> + if (unveil(unveil_list[i], "r") >>> == -1) >>> ... >>> + if (unveil_list[i | 1]) { >>> + if (unveil(unveil_list[i | 1], >>> "cw") == -1) >>> + err(1, "unveil"); >>> ... >>> >>> >>> E2BIG The addition of path would exceed the per-process >>> limit for unveiled paths. >>> >>> >>> Great, under fairly normal usage ftp aborts with an error. >>> >>> Since you start with up to 8 others, it looks like this limit is easily >>> hit at around 120 filenames. >>> >>> So ftp simply fails to perform the task it is designed for. >>> >>> Your proposal is to break the command. >>> >>> /* $OpenBSD: fetch.c,v 1.194 2020/02/22 01:00:07 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- * Copyright (c) 1997 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Jason Thorpe and Luke Mewburn. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /* * FTP User Program -- Command line file retrieval */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef NOSSL #include #else /* !NOSSL */ struct tls; #endif /* !NOSSL */ #include "ftp_var.h" #include "cmds.h" //~ static int file_get(const char *, const char *); static int file_get_u(const char *, const char *, int, int); static int url_get(const char *, const char *, const char *, int); static int url_get_u(const char *, const char *, const char *, int, int, int); static int save_chunked(FILE *, struct
Re: I unveil()ed ftp(1)!
Or you could have 2 dry runs. One to merely see that it won't head into interactive mode and a second one to start the unveiling directly in fetch.c. Unless unveil itself will have too many entries! -Luke On Wed, Jun 3, 2020 at 11:12 AM Luke Small wrote: > I figure if it took up that much stack space from before, it'd start > needing to > dang near run the stack into on-disk virtual memory anyway. At that point, > it'd perhaps be a better design choice to break up your ftp calls into > slightly > smaller chunks to avoid massively poor performance, yeah? LOL > > If you're really worried about it, perhaps you could put in a goto which > jumps > over the offending part, when argc is so massive that > it would cause such a thing...Hmmm. > -Luke > > > On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt wrote: > >> You really don't get it. >> >> + unveil_list = calloc(2 * argc, sizeof(char*)); >> >> Imagine argc is 1. >> >> + for (i = 2 * argc - 2; i >= 0; i -= 2) { >> + if (unveil_list[i]) { >> + if (unveil(unveil_list[i], "r") >> == -1) >> ... >> + if (unveil_list[i | 1]) { >> + if (unveil(unveil_list[i | 1], >> "cw") == -1) >> + err(1, "unveil"); >> ... >> >> >> E2BIG The addition of path would exceed the per-process >> limit for unveiled paths. >> >> >> Great, under fairly normal usage ftp aborts with an error. >> >> Since you start with up to 8 others, it looks like this limit is easily >> hit at around 120 filenames. >> >> So ftp simply fails to perform the task it is designed for. >> >> Your proposal is to break the command. >> >>
Re: I unveil()ed ftp(1)!
I figure if it took up that much stack space from before, it'd start needing to dang near run the stack into on-disk virtual memory anyway. At that point, it'd perhaps be a better design choice to break up your ftp calls into slightly smaller chunks to avoid massively poor performance, yeah? LOL If you're really worried about it, perhaps you could put in a goto which jumps over the offending part, when argc is so massive that it would cause such a thing...Hmmm. -Luke On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt wrote: > You really don't get it. > > + unveil_list = calloc(2 * argc, sizeof(char*)); > > Imagine argc is 1. > > + for (i = 2 * argc - 2; i >= 0; i -= 2) { > + if (unveil_list[i]) { > + if (unveil(unveil_list[i], "r") == > -1) > ... > + if (unveil_list[i | 1]) { > + if (unveil(unveil_list[i | 1], > "cw") == -1) > + err(1, "unveil"); > ... > > > E2BIG The addition of path would exceed the per-process > limit for unveiled paths. > > > Great, under fairly normal usage ftp aborts with an error. > > Since you start with up to 8 others, it looks like this limit is easily > hit at around 120 filenames. > > So ftp simply fails to perform the task it is designed for. > > Your proposal is to break the command. > >
Re: I unveil()ed ftp(1)!
I’ll be the first to admit that I don’t completely understand the power that is the ftp client. but what I do understand of it, from the perspective of noninteractive commandline execution, it seems to fit the bill. For file and http(s) transfers. I didn’t see any buffer overflows and I’m sure that my solution would’ve thrown some segfaults if it had overrun a buffer in my testing. All the comments like how I needed to resolve soft links of cafile have been dealt with, but I’m not shy about putting in single letter variables to perform nested looping. But it seems that the task that said couldn’t be done, was done. It adds complexity that I’m sure you aren’t comfortable with; especially since your name is on the file as the last author, but you can’t say I’m not that demandy lazy ass that didn’t do anything about it now. On Wed, Jun 3, 2020 at 9:50 AM Theo de Raadt wrote: > I mean it is amusing, because this is never going to fly. > > This increase in complexity is completely unacceptable, what I see is > completely amateurish, and I also see overflows, a lack of testing > for edge conditions, and a lack of attention to how unveil works. > > > Luke Small wrote: > > > You're welcome! I figured you might not want a “massive” diff to cap off > your day to > > make a program that you apparently feel is secure enough, but I made > good that I got > > off my ass and did something anyway. I’m surprised that you even went to > the trouble of > > pledging it myself. It only took 2 or 3 days to figure out what it was > doing and change > > it. I left in the fprintf()s to so that I could amuse you. > > > > I’m kinda surprised that you didn’t go straight for the “submit a diff. > Anything you > > submit will just be rejected anyway!” > > > > On Wed, Jun 3, 2020 at 9:39 AM Theo de Raadt > wrote: > > > > Thank you for the laugh. > > > > Luke Small wrote: > > > > > I think I'm done tinkering. try these out in ftp folder. I left in > some > > > fprintf(ttyout,...) in main.c > > > to show what is being unveiled. It resolves shortcuts in SSL_CAFILE > > > and SSL_PATH variables. > > > It leaves in place the functionality of the original functions, but > adds > > > the availability to perform > > > a dry run pass to load an unveil list of potential files from which > to read > > > and create/write. > > > The only potential bug is perhaps if in the followup unveiled pass if > it > > > has a problem with dns resolution or > > > something, it may be unveiled and drop into a command line. I'm not > sure. > > > > > > The diff is of the three files below vs the originals since I last > updated > > > the source files. > > > > > > -Luke > > > -- > > > -Luke > > > > -- > > -Luke > > > -- -Luke
Re: I unveil()ed ftp(1)!
You're welcome! I figured you might not want a “massive” diff to cap off your day to make a program that you apparently feel is secure enough, but I made good that I got off my ass and did something anyway. I’m surprised that you even went to the trouble of pledging it myself. It only took 2 or 3 days to figure out what it was doing and change it. I left in the fprintf()s to so that I could amuse you. I’m kinda surprised that you didn’t go straight for the “submit a diff. Anything you submit will just be rejected anyway!” On Wed, Jun 3, 2020 at 9:39 AM Theo de Raadt wrote: > Thank you for the laugh. > > > Luke Small wrote: > > > I think I'm done tinkering. try these out in ftp folder. I left in some > > fprintf(ttyout,...) in main.c > > to show what is being unveiled. It resolves shortcuts in SSL_CAFILE > > and SSL_PATH variables. > > It leaves in place the functionality of the original functions, but adds > > the availability to perform > > a dry run pass to load an unveil list of potential files from which to > read > > and create/write. > > The only potential bug is perhaps if in the followup unveiled pass if it > > has a problem with dns resolution or > > something, it may be unveiled and drop into a command line. I'm not sure. > > > > The diff is of the three files below vs the originals since I last > updated > > the source files. > > > > -Luke > > -- > > -Luke > -- -Luke
I unveil()ed ftp(1)!
I think I'm done tinkering. try these out in ftp folder. I left in some fprintf(ttyout,...) in main.c to show what is being unveiled. It resolves shortcuts in SSL_CAFILE and SSL_PATH variables. It leaves in place the functionality of the original functions, but adds the availability to perform a dry run pass to load an unveil list of potential files from which to read and create/write. The only potential bug is perhaps if in the followup unveiled pass if it has a problem with dns resolution or something, it may be unveiled and drop into a command line. I'm not sure. The diff is of the three files below vs the originals since I last updated the source files. -Luke -- -Luke diff Description: Binary data /* $OpenBSD: main.c,v 1.131 2020/02/11 18:41:39 deraadt Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors *may be used to endorse or promote products derived from this software *without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright (c) 1985, 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors *may be used to endorse or promote products derived from this software *without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * FTP User Program -- Command Interface. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "cmds.h" #include "ftp_var.h" #ifndef SMALL #include "pathnames.h" #endif int connect_timeout; #ifndef NOSSL char * const ssl_verify_opts[] = { #define SSL_CAFILE 0 "cafile", #define SSL_CAPATH 1 "capath", #define SSL_CIPHERS 2 "ciphers", #define SSL_DONTVERIFY 3 "dont", #define SSL_DOVERIFY 4 "do", #define SSL_VERIFYDEPTH 5 "depth", #define SSL_MUSTSTAPLE 6 "muststaple", #define SSL_NOVERIFYTIME 7 "noverifytime", #define SSL_SESSION 8 "session", NULL }; struct tls_config *tls_config; int tls_session_fd = -1; static void process_ssl_options(char *cp, char *ca_file, char *ca_path) { const char *errstr; long long depth; char *str; while (*cp) { switch (getsubopt(, ssl_verify_opts, )) { case SSL_CAFILE: if (str == NULL) errx(1, "missing CA file");
Re: Could somebody please put unveil() in ftp(1)?
I think I'm done tinkering. try these out in ftp folder. I left in some fprintf(ttyout,...) in main.c to show what is being unveiled. It resolves shortcuts in SSL_CAFILE and SSL_PATH variables. It leaves in place the functionality of the original functions, but adds the availability to perform a dry run pass to load an unveil list of potential files from which to read and create/write. The only potential bug is perhaps if in the followup unveiled pass if it has a problem with dns resolution or something, it may be unveiled and drop into a command line. I'm not sure. The diff is of the three files below vs the originals since I last updated the source files. -Luke On Tue, Jun 2, 2020 at 12:43 PM Kevin Chadwick wrote: > On 2020-06-02 17:28, Luke Small wrote: > > I don’t have experience doing diffs. Are there flags I should be using > in diff > > or should I do diffs on each file? It’s just 3 files. > > I don't have that much experience myself, but if you look in tech@ you > will see > plenty of examples of cvs and git diffs for multiple files in one email > inlined > as text in the email itself. > > You may have to turn text wrapping off, etc. depending on your email > client. > diff Description: Binary data /* $OpenBSD: main.c,v 1.131 2020/02/11 18:41:39 deraadt Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors *may be used to endorse or promote products derived from this software *without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright (c) 1985, 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in the *documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors *may be used to endorse or promote products derived from this software *without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * FTP User Program -- Command Interface. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "cmds.h" #include "ftp_var.h" #ifndef SMALL #include "pathnames.h" #endif int connect_timeout; #ifndef NOSSL char * const ssl_verify_opts[] = { #define SSL_CAFILE 0 "cafile", #defi
Re: Could somebody please put unveil() in ftp(1)?
I missed something. -Luke On Sat, May 30, 2020 at 2:53 PM Luke Small wrote: > I’ll get to looking at ftp(1) more when I get some physical contact with > my server. I’m quaranteaming with my girlfriend’s folks. > > I have a pkg_ping program (OpenBSD-specific, dns caching, latency-timed, > architecture and version specific mirror search; which doesn’t download > from OpenBSD.org/ftp.html anymore) that calls ftp to look up a random > mirror’s ftplist. and it seems unreasonable that with the availability of > unveil, that ftp is hardly secured at all outside of a program that must be > root and then change to an unprivileged user to have much of any real file > system safety. The fact that ftp even has an interactive mode suggests to > me that perhaps people do use, or at least, have used it as a normal user, > seeing that if you put yourself in a chroot and try to run it, it will in > most cases preclude your access to ftp(1) at all. > > I mentioned initially: > > It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c: > if (strcmp(outfile, "-")) > if (unveil(outfile, "cw") == -1) > err(1, "unveil"); > > but it could look at several of the options like the cookie and > certificate paths and such. > > I’d love to make it as safe to run as root as it is running it as an > unprivileged chrooted user! And I love C! > > The reason I mentioned: “unveil(“/“, “rx”)“ is because if you unveiled > anything like the “cw” privileges example, you’d obviously have to ensure > that the read and exec privileges, perhaps even global ones are granted too. > > On Fri, May 29, 2020 at 8:50 AM Stuart Henderson > wrote: > >> On 2020/05/29 08:30, Luke Small wrote: >> > You mention a lot of files that need to be read, but a program like >> pkg_add can make it the >> > _pkgfetch (57) user which has no directory and I’m guessing not in >> interactive mode. At the >> > very least, in noninteractive mode you could unveil(“/“, “rx”); and >> change the specified output >> > file discover the name of the file that is to be downloaded and unveil >> it as “cw” ! >> > -- >> > -Luke >> >> What problem are you trying to solve? >> >> If you are concerned about writes, use "ftp -o - $URL > somefile", it will >> run without cpath/wpath, which is functionally similar to unveil("/", >> "rx") >> (a bit stronger, because a program trying to write will be killed, rather >> than just having a file access error). >> >> pkg_add(1) already uses "ftp -o -": >> >> # ktrace -di pkg_add -u moo >> quirks-3.339 signed on 2020-05-27T20:05:28Z >> >> # kdump | grep promise= >> 61644 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" >> 41938 signify STRU promise="stdio rpath wpath cpath tty" >> 41938 signify STRU promise="stdio rpath" >> 24897 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" >> 54324 signify STRU promise="stdio rpath wpath cpath tty" >> 54324 signify STRU promise="stdio rpath" >> 9188 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" >> >> -- > -Luke > diff Description: Binary data
Re: Could somebody please put unveil() in ftp(1)?
I’ll get to looking at ftp(1) more when I get some physical contact with my server. I’m quaranteaming with my girlfriend’s folks. I have a pkg_ping program (OpenBSD-specific, dns caching, latency-timed, architecture and version specific mirror search; which doesn’t download from OpenBSD.org/ftp.html anymore) that calls ftp to look up a random mirror’s ftplist. and it seems unreasonable that with the availability of unveil, that ftp is hardly secured at all outside of a program that must be root and then change to an unprivileged user to have much of any real file system safety. The fact that ftp even has an interactive mode suggests to me that perhaps people do use, or at least, have used it as a normal user, seeing that if you put yourself in a chroot and try to run it, it will in most cases preclude your access to ftp(1) at all. I mentioned initially: It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c: if (strcmp(outfile, "-")) if (unveil(outfile, "cw") == -1) err(1, "unveil"); but it could look at several of the options like the cookie and certificate paths and such. I’d love to make it as safe to run as root as it is running it as an unprivileged chrooted user! And I love C! The reason I mentioned: “unveil(“/“, “rx”)“ is because if you unveiled anything like the “cw” privileges example, you’d obviously have to ensure that the read and exec privileges, perhaps even global ones are granted too. On Fri, May 29, 2020 at 8:50 AM Stuart Henderson wrote: > On 2020/05/29 08:30, Luke Small wrote: > > You mention a lot of files that need to be read, but a program like > pkg_add can make it the > > _pkgfetch (57) user which has no directory and I’m guessing not in > interactive mode. At the > > very least, in noninteractive mode you could unveil(“/“, “rx”); and > change the specified output > > file discover the name of the file that is to be downloaded and unveil > it as “cw” ! > > -- > > -Luke > > What problem are you trying to solve? > > If you are concerned about writes, use "ftp -o - $URL > somefile", it will > run without cpath/wpath, which is functionally similar to unveil("/", "rx") > (a bit stronger, because a program trying to write will be killed, rather > than just having a file access error). > > pkg_add(1) already uses "ftp -o -": > > # ktrace -di pkg_add -u moo > quirks-3.339 signed on 2020-05-27T20:05:28Z > > # kdump | grep promise= > 61644 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" > 41938 signify STRU promise="stdio rpath wpath cpath tty" > 41938 signify STRU promise="stdio rpath" > 24897 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" > 54324 signify STRU promise="stdio rpath wpath cpath tty" > 54324 signify STRU promise="stdio rpath" > 9188 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" > > -- -Luke
Re: Could somebody please put unveil() in ftp(1)?
You mention a lot of files that need to be read, but a program like pkg_add can make it the _pkgfetch (57) user which has no directory and I’m guessing not in interactive mode. At the very least, in noninteractive mode you could unveil(“/“, “rx”); and change the specified output file discover the name of the file that is to be downloaded and unveil it as “cw” ! -- -Luke
Could somebody please put unveil() in ftp(1)?
unveil is nowhere to be found in the ftp program source code. There’s probably another way to do it, but I wrote a program and searched all files in /usr/src/usr.bin/ftp/ contain no mention of “unveil”, but It mentions “pledge” It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c: if (strcmp(outfile, "-")) if (unveil(outfile, "cw") == -1) err(1, "unveil"); and an unveil for whatever (I presume config file(s)) ftp reads and whatever is executed. It has rpath and exec among other pledges, but has cpath and wpath only if a file is specified with the ‘-o’ flag. -- -Luke
Can root C program call to sysctl be pledge()ed?
I have need to call sysctl() in a C program to read “sysctl kern.version”. Will there be a pledge() to prohibit further calls to sysctl()? I’m kinda afraid that putting a sysctl call could conceivably leave it vulnerable to calling it again in the case the mitigations fail and sysctl() is run to cause damage. I want it to strstr() to find the existence of “beta” or “current” in “sysctl kern.version” -- -Luke
Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck
Yay! -Luke On Sun, Sep 8, 2019 at 8:07 PM David Gwynne wrote: > I think I see the problem. We're going to try and test this locally and > will hopefully have something committed in a few hours time. > > dlg > > > On 9 Sep 2019, at 10:33, Luke Small wrote: > > > > I have mfii too: > > dmesg | grep mfii: > > > > mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev > 0x05: > > msi > > mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache > > scsibus1 at mfii0: 64 targets > > scsibus2 at mfii0: 256 targets > > > >> On 8.9.2019. 18:19, Luke Small wrote: > >>> It doesn't work for me on the > >>> ftp.hostserver.de/archive/2019-08-29-0105/amd64/ > >>> bsd.rd! > >> > >> > >> Hi, > >> > >> do you maybe have mfii on that box ? > >> > >> I'm having same problem as Mischa and i have mfii. with bsd.rd fsck > >> stops with this command > >> > >> Which disk is the root disk? ('?' for details) [sd0] sd0 > >> Checking root filesystem (fsck -fp /dev/sd0a)... > >> > >> On other boxes without mfii bsd.rd and sysupgrade works just fine.. > >> > >> between 27.08 and 29.8 i saw this commit > >> > >> Changes by: d...@cvs.openbsd.org 2019/08/27 22:55:51 > >> > >> Modified files: > >> sys/dev/pci: mfii.c > >> > >> Log message: > >> implement a DV_POWERDOWN handler to flush cache and shutdown the > controller > >> > >> this has been in snaps for the last week without issue, and has > >> been running in production on a bunch of my boxes for a week before > >> that, also without issue. > >> > >> > >> > >
Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck
I have mfii too: dmesg | grep mfii: mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache scsibus1 at mfii0: 64 targets scsibus2 at mfii0: 256 targets > On 8.9.2019. 18:19, Luke Small wrote: > > It doesn't work for me on the > > ftp.hostserver.de/archive/2019-08-29-0105/amd64/ > > bsd.rd! > > > Hi, > > do you maybe have mfii on that box ? > > I'm having same problem as Mischa and i have mfii. with bsd.rd fsck > stops with this command > > Which disk is the root disk? ('?' for details) [sd0] sd0 > Checking root filesystem (fsck -fp /dev/sd0a)... > > On other boxes without mfii bsd.rd and sysupgrade works just fine.. > > between 27.08 and 29.8 i saw this commit > > Changes by: d...@cvs.openbsd.org2019/08/27 22:55:51 > > Modified files: > sys/dev/pci: mfii.c > > Log message: > implement a DV_POWERDOWN handler to flush cache and shutdown the controller > > this has been in snaps for the last week without issue, and has > been running in production on a bunch of my boxes for a week before > that, also without issue. > > >
Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck
Could it be? (from twitter): “deraadt@ modified a couple things: At startup, unveil entire filesystem to read-only. If after privdrop, some implausible bug existed in the socket setup (mostly dns-related and setsockopt) it would be largely neutered. of course, a very restrictive pledge is installed soon af...“ On Sun, Sep 8, 2019 at 11:19 AM Luke Small wrote: > It doesn’t work for me on the > ftp.hostserver.de/archive/2019-08-29-0105/amd64/ > bsd.rd! > > On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote: > >> Mine works on 8-27 >> -- >> -Luke >> > -- > -Luke > -- -Luke
Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck
It doesn’t work for me on the ftp.hostserver.de/archive/2019-08-29-0105/amd64/ bsd.rd! On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote: > Mine works on 8-27 > -- > -Luke > -- -Luke
Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck
Mine works on 8-27 -- -Luke
Re: Who has an ancient -current snapshot
Thanks, Somebody else directed me to it too! I got my server working again!!! -Luke On Sat, Sep 7, 2019 at 3:52 AM Marcus MERIGHI wrote: > Hello Luke, > > lukensm...@gmail.com (Luke Small), 2019.09.07 (Sat) 00:56 (CEST): > > I need an old kernel image older than maybe a couple weeks old. I have > the > > I think http://ftp.hostserver.de/archive/ has what you want. > > Marcus >
Who has an ancient -current snapshot
I need an old kernel image older than maybe a couple weeks old. I have the x8dth-6f motherboard and newer snapshots broke it. I made the mistake of trying to downgrade to 6.5 and now I can boot my machine! I made a not-bright decision. -- -Luke
Re: Can unveil pledge to only reduce?
I'm not sure that I wasn't ambiguous. I want to be able to set up all necessary unveil promises then from that point on, be able to only reduce unveil permissions. I don't know the mechanism by which is unveil works, but perhaps it could be an unveil command similar to unveil(NULL, NULL) instead of a pledge command? It apparently knows if it is an increase in permissions, can't it be set to only permit them? On Thu, Aug 16, 2018 at 2:00 PM Luke Small wrote: > Ok. Thanks. > On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote: > >> Luke Small wrote: >> > Could you have a promise for unveil reductions only? >> >> That won't actually help much, and people will fall into some >> pretty significant traps. >> >> Sorry it would require a really long explanation. >> >
Make new OpenBSD 2.5 daemon art!!!
Re: Can unveil pledge to only reduce?
Ok. Thanks. On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote: > Luke Small wrote: > > Could you have a promise for unveil reductions only? > > That won't actually help much, and people will fall into some > pretty significant traps. > > Sorry it would require a really long explanation. >
Can unveil pledge to only reduce?
Could you have a promise for unveil reductions only?
anybody installed angr, eg. pip install angr
It doesn't natively support OpenBSD.
This a good place to find a Sr. C coder 4 app server?
I have what I feel to be a profound idea that is in need of someone with a strong resume. I have a patent. I want to use it to enable users to get tested for sexually transmitted diseases, then use iris scanning smartphones to compare their disease sets. There is a strong epidemiological component that the US National Institutes of Health could like. I am applying for grants. I have multiple HIV prevention scientists willing to help me with this. At the end of he grants, I feel, is likely to be strong possibility that we could use an existing mechanism to force the health insurance companies to cover their customers for these services, and cover it FOR FREE! The government doesn't consider costs when it makes this decision. Also we could DOMINATE the dating app world by either making our app that is free and contains the functionality of identifying other users who won't transfer disease or plugging into tinder, match, and Grindr! 816-517-1996
Re: Can SSH report successful connections to pf?
Cool! On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri < andreas.kah...@icm.uu.se> wrote: > On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote: > > > > You might want to parse /var/log/authlog and the logrotated > authlog.[0-9].gz > > for successful and unsuccessful logins and then add the unsuccessful > logins > > with pfctl to a blocked table. To have it permanent after a reboot you > can write > > with pfctl the blocked ip's to a file, which you re-read in a pf.conf > ruleset. > > > > Like > > table persist file "/etc/pf.bruteforce" > > block in quick proto tcp from to any > > > > Stefan > > This is *exactly* what sshguard does. I have an updated > security/sshguard port (previously posted to the ports list) that > understands our sshd's log output, but it has not yet been comitted. > There is currently some kind of issue with it preventing it from > starting at boot (but always starts with "rcctl start sshguard"). I > haven't looked too deeply at that yet though. > > Regards, > > > -- > Andreas Kusalananda Kähäri, > National Bioinformatics Infrastructure Sweden (NBIS), > Uppsala University, Sweden. >
Can SSH report successful connections to pf?
Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better?
Wouldn't it be cool...!
What if you could set up a pf rule to: overload an ip address into a table if they tried to access the wrong port on an address and overload flush global immediately into a blocklist ( max-src-states 0)! or with max-src-conn-rate 2/60 when sshd behaves in such a manner as to confirm that a successful connection has taken place, that max-src-conn-rate gets reset for that connection so that you could log in and log out faster than twice in a minute without getting put on a blocklist!
Re: Automatically restarting services/daemons after crash
I am not certain about Braille, but what I am sure of is there is no incremental process to guessing a 64 bit datum that changes every single execution. I typically don't state a fact unless I am willing to die if I am incorrect. At least https://en.m.wikipedia.org/wiki/Blind_return_oriented_programming seems to state so. I dont fully trust wikipedia. On Sat, Oct 14, 2017 at 3:06 AM Philip Guenther <guent...@gmail.com> wrote: > On Sat, Oct 14, 2017 at 12:49 AM, Luke Small <lukensm...@gmail.com> wrote: > >> If that's true, then why has Theo been speaking of the brop problems, >> when they begin with an incremental canary discovery that becomes all but >> impossible to guess when it becomes a random 4 byte datum each time rather >> than a datum that remains the same each restart? >> > > Because we are creatively optimistic pessimists: we can imagine > possibilities for how other might be able to get around our defenses. > Please watch review the presentation and read the source! > > > >> Braille should already be impossible to run on such a system, unless >> maybe a restart was not the result of an exec. >> > > The word "should" indicates that you are not certain. How would you go > about proving it? What would you do if you couldn't? > > Philip Guenther > >
Re: Automatically restarting services/daemons after crash
If that's true, then why has Theo been speaking of the brop problems, when they begin with an incremental canary discovery that becomes all but impossible to guess when it becomes a random 4 byte datum each time rather than a datum that remains the same each restart? Braille should already be impossible to run on such a system, unless maybe a restart was not the result of an exec.
Re: Automatically restarting services/daemons after crash
I am not versed in operating systems as well as you, but I would think that stack and buffer canaries would differ from each execution.
Re: Automatically restarting services/daemons after crash
Maybe more things should be randomized like the stack canaries. Is that a new idea? On Fri, Oct 13, 2017 at 11:34 PM Theo de Raadtwrote: > > I read "hacking blind." Can you restart a daemon with another forked > > process that's only job is to monitor a pipe or a waitpid()-like > operation > > and if the parent dies, it exec's to restart it, or even execs "rcctl > > restart ntpd" > > > > If the mitigations are successful at limiting execution to let's say, > > overwriting a canary that gets completely rerandomized with a fork-exec, > > instead of just a fork, it would stop a meaningful search for the correct > > canary to just blind luck instead of byte by byte discovery. > > your position is very roughly: that paper lays out the absolute limit > of what someone could learn from broken software, so as long as we run > a new copy of the broken software we'll be safe > > obviously, no downside. > > you say "completely rerandomized" -- uhm no, only a tiny fraction of > the program execution environment and runtime are randomized, in > particular same registers used everywhere, same instruction sequences, > same frame layouts, same register and stack leave-behinds, same > relative offsets inside each DSO > > nothing learned from re-running buggy software? sorry, that is BS. >
Re: Automatically restarting services/daemons after crash
I read "hacking blind." Can you restart a daemon with another forked process that's only job is to monitor a pipe or a waitpid()-like operation and if the parent dies, it exec's to restart it, or even execs "rcctl restart ntpd" If the mitigations are successful at limiting execution to let's say, overwriting a canary that gets completely rerandomized with a fork-exec, instead of just a fork, it would stop a meaningful search for the correct canary to just blind luck instead of byte by byte discovery.
pkg_add ignores -m
Using the -m flag it still gets warnings from pulseaudio and redis that I didn't use the -m flag
Pledge paths[ ]
Is paths[] going to have permissions defined for each path? Like: char *paths[], int *mode, where mode is the same as in dbopen(3). Maybe so you don't have to clean up previous pledge calls, any pledge calls with a NULL paths argument doesn't have anything specified for mode. for simplicity, modes could be only 2,4,5,6,7 So you could still do: pledge("stdio tmppath", NULL) Then have: char **temp_paths = calloc(2, sizeof(char*)); temp_paths[0] = malloc( strlen("/tmp/luke/file") + 1); strlcpy(temp_paths[0], "/tmp/luke/file", sizeof(temp_paths[0])); int *temp_modes = calloc(2, sizeof(int)); temp_modes[0] = 5; pledge("stdio tmppath", temp_paths, temp_modes); How about that?
How do you use EV_DISPATCH in kqueue(2)
Is EV_DISPATCH somehow like EV_ONESHOT or EVDISABLE ? What is a use case? If you have an open socket file descriptor with a EVEFILT_READ, does it close the socket upon getting some data? I don't run current.
why does unbound listen as root
pf rule execution says it listens as root, but it connects as the _unbound user, when configured to run as _unbound. Why doesn't it listen, bind, etc. as root, drop privileges and pledge away privilege escalation? Is it to avoid more #ifdef hell? Or can you not listen to a privileged port if you drop privileges?
Re: list all system users, eg. _x11
Well, actually I like to play with firewall configurations and I set up unbound and dnscrypt-proxy and I wanted to limit the users that are able to receive dns requests on localhost port 53. I was trying to figure out what user was listening. I haven't tried it yet, but I figure it is _dhcp and _unbound. It didn't work when I limited it to _unbound alone. Maybe I should have said that, but I wanted to generally know where the list was. On Tue, May 9, 2017 at 1:57 PM andrew fabbro <and...@fabbro.org> wrote: > Listing all users is trivial - I don't think that's what he's asking. > > He's asking is "how do I list all *system* users", presumably in a way > that differentiates them from user accounts in some kind of authoritative > way. > > I don't think there is a way. You could: > > - Assume all users < uid 1000 are system users, but that is not hard > enforced to my knowledge. IIRC the OS will start with 1001 but an admin > could override that at user creation time. > > - Use your preferred programming language or utility to parse out entries > that begin with _ in /etc/passwd. That won't get non-service-account > entries like root, bin, etc. Also, I don't think there's a technical > prohibition to creating a new user account that starts with an underscore. > > - Differentiate by groups. i.e., if all your users are in one group, then > you know who isn't. > > I think if your admins don't do stupid things (create user accounts under > 1000, create accounts starting with _, etc.) then just parsing /etc/passwd > would likely be the simplest way. > > As practical experience, that's what I've done when migrating systems, > etc. I assume that people play by the rules, so if I need to identify all > the user accounts (to recreate them on a new system or something), I > exclude uids under 1000 as a starting point. > > > On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at> > wrote: > >> and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST): >> > On 05/06/17 14:27, Luke Small wrote: >> > > Is there a way to determine all users on a system that the users >> command >> > > doesn't seem to show? like _x11 and _ntpd >> >> users(1) - list current users >> >> I'd try ps(1) and get all active users from there. >> >> If you are after *all* users (inactive ones as well) you could use >> "getent(1) passwd" and parse from there. >> >> Marcus >> >> > What's a user? >> > >> > Maybe you want to look at /etc/passwd. The first four lines are >> > >> > root:*:0:0:Charlie &:/root:/bin/ksh >> > daemon:*:1:1:The devil himself:/root:/sbin/nologin >> > operator:*:2:5:System &:/operator:/sbin/nologin >> > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin >> > >> > You can parse that with awk and do stuff. Read about passwd(5) to >> > understand the format. A login shell of /sbin/nologin means >> > it isn't interactive. That might get you started? >> > >> > --STeve Andre' >> > >> > >> > !DSPAM:590e28ea17913841584367! >> > >> >> > > > -- > andrew fabbro > and...@fabbro.org > >
list all system users, eg. _x11
Is there a way to determine all users on a system that the users command doesn't seem to show? like _x11 and _ntpd
Pf with secondary DNS resolution
Four words Peter..."dynamic IP address". I'm sure that there are folks that ssh into machines that are on a dynamic IP address that don't have a modem on a power backup, or even possibly on an ISP that may down, possibly when they are out of town. I don't know if it is possible or already done, but you could have a computer check into a target machine that often changes the ip address or system while the firewall is locked down to only send messages to that remote machine and if it is compromised, can't send it anywhere else. Or you ssh into the machine and it only accepts incoming port 22 requests from a machine that has a dynamic url and listed in your pf.conf. maybe you could even signify in the pf.conf that the url will often have a different ip address and it could request that ip address every time it gets a hit on that rule or a maximum upperbound.
Re: Pf with secondary DNS resolution
Four words Peter..."dynamic IP address". I'm sure that there are folks that ssh into machines that are on a dynamic IP address that don't have a modem on a power backup, or even possibly on an ISP that may down, possibly when they are out of town. I don't know if it is possible or already done, but you could have a computer check into a target machine that often changes the ip address or system while the firewall is locked down to only send messages to that remote machine and if it is compromised, can't send it anywhere else. On Wed, May 3, 2017 at 3:16 PM Luke Small <lukensm...@gmail.com> wrote: > Is it worthwhile to set up a hook for pf to load rules that have URLs > after the network services that can resolve them come into effect?
Pf with secondary DNS resolution
Is it worthwhile to set up a hook for pf to load rules that have URLs after the network services that can resolve them come into effect?
80 users
As I recall, there is a build configuration of 80 users for some kernel components. What happens if the system exceeds that number?
Re: pledge for sockets
I think I found a way to configure the redis.conf to connect to redis through a unix socket instead, which will seem to clean up some stuff. If I need to later, I could probably spawn a process to relay commands from a unix socket to an inet socket that is limited to a single port through a different user through pf (and when I get a more serious machine, possibly through a unique interface). Most importantly, I need it for session cache for multiple processes. On Sat, Apr 29, 2017 at 10:02 AM Luke Small <lukensm...@gmail.com> wrote: > I have a program that I believe needs inet to talk to a > database(libhiredis). I do pass file descriptors to it. I don't suppose > making it run as a different user and limiting the pf config would really > lock it down without losing functionality. Maybe I'm too paranoid. > On Sat, Apr 29, 2017 at 9:51 AM Reyk Floeter <r...@openbsd.org> wrote: > >> >> > Am 26.04.2017 um 13:38 schrieb Luke Small <lukensm...@gmail.com>: >> > >> > Pledge will presumably have per process (including fork()ed process) >> **path >> > limitations on rpath rpath and wpath calls, why not limitations on inet >> and >> > unix? >> >> We usually want to isolate our network speakers from the local system - >> combining inet and rpath/wpath should be avoided. >> >> Use privsep and fd passing to open the socket in another process with the >> capability to do so. >> >> This is what we do in most daemons. >> >> Or open the socket before pledge for static configurations. >> >> Reyk >> >> >> On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <icepic...@gmail.com> >> wrote: >> >> >> >> 2017-04-26 13:19 GMT+02:00 Luke Small <lukensm...@gmail.com>: >> >> >> >>> I'm not saying to alter pledge necessarily, maybe make new system call >> >>> like pledge. There aren't any per-process pf rules that are applied. >> >> >> >> >> >> If your daemon has a specific user, you can make such rules in PF. >> >> The goal you stated can be reached already, why keep on suggesting new >> >> syscalls? >> >> >> >> >> >> -- >> >> May the most significant bit of your life be positive. >> >> >> >>
Re: pledge for sockets
I have a program that I believe needs inet to talk to a database(libhiredis). I do pass file descriptors to it. I don't suppose making it run as a different user and limiting the pf config would really lock it down without losing functionality. Maybe I'm too paranoid. On Sat, Apr 29, 2017 at 9:51 AM Reyk Floeter <r...@openbsd.org> wrote: > > > Am 26.04.2017 um 13:38 schrieb Luke Small <lukensm...@gmail.com>: > > > > Pledge will presumably have per process (including fork()ed process) > **path > > limitations on rpath rpath and wpath calls, why not limitations on inet > and > > unix? > > We usually want to isolate our network speakers from the local system - > combining inet and rpath/wpath should be avoided. > > Use privsep and fd passing to open the socket in another process with the > capability to do so. > > This is what we do in most daemons. > > Or open the socket before pledge for static configurations. > > Reyk > > >> On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <icepic...@gmail.com> > wrote: > >> > >> 2017-04-26 13:19 GMT+02:00 Luke Small <lukensm...@gmail.com>: > >> > >>> I'm not saying to alter pledge necessarily, maybe make new system call > >>> like pledge. There aren't any per-process pf rules that are applied. > >> > >> > >> If your daemon has a specific user, you can make such rules in PF. > >> The goal you stated can be reached already, why keep on suggesting new > >> syscalls? > >> > >> > >> -- > >> May the most significant bit of your life be positive. > >> > >
Re: pledge for sockets
Pledge will presumably have per process (including fork()ed process) **path limitations on rpath rpath and wpath calls, why not limitations on inet and unix? On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <icepic...@gmail.com> wrote: > 2017-04-26 13:19 GMT+02:00 Luke Small <lukensm...@gmail.com>: > >> I'm not saying to alter pledge necessarily, maybe make new system call >> like pledge. There aren't any per-process pf rules that are applied. > > > If your daemon has a specific user, you can make such rules in PF. > The goal you stated can be reached already, why keep on suggesting new > syscalls? > > > -- > May the most significant bit of your life be positive. >
Re: pledge for sockets
I'm not saying to alter pledge necessarily, maybe make new system call like pledge. There aren't any per-process pf rules that are applied. When a socket connects to a remote or local server and pf makes a state, it has the originating randomized port. Pf rules can be made that target those randomized port numbers, but maybe there could be a more elegant way like intervening in connect() and bind() calls. >you can have rules to filter by user >for both >incoming and outgoing connections, see >http://man=2Eopenbsd=2Eorg/OpenBSD->6=2E1/pf=2Econf=2E5#user >I don't think there's too much gain in >adding >support for this kinda thing in pledge >but >that's for the devs to decide=2E=20
pledge for sockets?
Would it be a good idea to make a pledge like call that limits a process from connecting to ports and/or hosts? Maybe it could be done in way that the kernel is made aware of the limitations like in a pledge call and while the process is alive, the kernel spawns pf rules based upon the socket ports that are created to connect to remote host ports. You could conceivably do things like limiting ntpd to predetermined hosts and port 123 and 53 on the respective processes involved. It would make processes that need the inet pledge permission merely to use libhiredis to connect to a Redis database more safe.
Re: kqueue
It looks like you will be limited to 4096 timers and to valid file descriptors that don't exceed INT_MAX. My guess is that if you need more, you could run another kqueue for more timers or different kevents on identical file descriptors. Otherwise, the man page says: kevent() returns the number of events placed in the eventlist, up to the value given by nevents. If an error occurs while processing an element of the changelist and there is enough room in the eventlist, then the event will be placed in the eventlist with EV_ERROR set in flags and the system error in data. Otherwise, -1 will be returned, and errno will be set to indicate the error condition.
kqueue
I suspect that you will sooner run out of file descriptors. but I assume that if it runs into a problem, kevent() will return -1 and it may be unrecoverable. I suspect that it would first occur because the kernel is being overutilized. The information that is being created, I suspect, is being stored in the kernel. I may look into the source code and try to find out. You'd probably have to edit /etc/login.conf as root to allow enough file descriptors to be spawned in the first place. But maybe you could do it with EVFILT_TIMER calls, as they don't require a file descriptor as an 'ident'. I suspect that the whole kqueue is flushed if you exceed a specific level.
Re: Why isn't OpenBSD in Google Summer of Code 2017?...
I suspect that unless you really know what you are doing, you'll never satisfy the OpenBSD gods. I suspect that there is a good reason that pkg_add was rewritten in perl. I suspect because it may have been written in perl. And just like that a good idea wasn't completely done in another way. On Wed, Apr 5, 2017 at 9:55 AM Jacob L. Leifman <jac...@bitwise.net> wrote: > Security and correctness should never be an after-thought. Have you > done any real software development? And have you ever tried to find > your way through cruddy code? 999 times out of 1000 it is less painful > and much more effective to rewrite from scratch. So what's the point of > having that previous iteration? > > On 5 Apr 2017 at 13:10, Luke Small wrote: > > > I imagine there are some projects that need some love that are on the > back > > burner at the moment that could use some hacking; even if it is totally > > redone later by someone that wants to refactor it for privsep and such. > > On Tue, Apr 4, 2017 at 4:21 PM Theo de Raadt <dera...@openbsd.org> > wrote: > > > > > Pete, you propose a waste of time. > > > > > > Everyone has the source code. Everyone can run it. Everyone can see > > > the problems other people report, and the things which are not > supported. > > > > > > Everyone already can tell what needs improving. Everyone has a brain, > > > and can come up with their own goals. > > > > > > If they don't come up with goals, there's nothing we can write which > > > will change anything. > > > > > > Finally, not everyone has time. It would not be time spent well making > > > lists for other people who may or may not perform. > > > > > > > Would the devs consider compiling a list of specific improvements > they'd > > > like > > > > to see volunteer'd upon this summer? I'd love to help especially if > it > > > was a > > > > group effort/friendly competition. > > > > > > > > > > > > From: owner-m...@openbsd.org <owner-m...@openbsd.org> on behalf of > Bob > > > Beck > > > > <b...@obtuse.com> > > > > Sent: April 2, 2017 10:16:21 PM > > > > To: Luke Small > > > > Cc: openbsd-misc > > > > Subject: Re: Why isn't OpenBSD in Google Summer of Code 2017?... > > > > > > > > We tried it for two years, it was too much effort on the part of the > > > > foundation organizers mentors to deal with the bureaucracy involved, > and > > > we > > > > didn't really see enough > > > > return in terms of new developers to the project, which, frankly > being > > > > selfish on OpenBSD's part is the only reason for us to do it. > > > > > > > > Both Ken Westerback and I organized our end of it and dealt with the > > > google > > > > paperwork the two years we did it, Neither of us is willing to do it > > > again, > > > > and while I won't > > > > directly speak for Ken, I would not support us spending effort on > this > > > when > > > > there are lots of other things to do.. It just doesn't have the > benefit > > > for > > > > OpenBSD, especially > > > > in light of the effort of the volunteers necessary to participate. > > > > > > > > > > > > > > > > On Sun, Apr 2, 2017 at 8:54 AM, Luke Small <lukensm...@gmail.com> > wrote: