afterboot.8 - Login in as root
afterboot.8 hasn't been changed to reflect the fact that a user can be created during installation and you have no other option but to login as root on first boot. comments/ok? -mark Index: afterboot.8 === RCS file: /cvs/src/share/man/man8/afterboot.8,v retrieving revision 1.130 diff -u -p -r1.130 afterboot.8 --- afterboot.8 21 Jan 2011 12:20:04 - 1.130 +++ afterboot.8 22 Jan 2011 11:27:25 - @@ -67,9 +67,7 @@ Any security or reliability fixes can be .Pa http://www.openbsd.org/errata.html . It is recommended that you check this page regularly. .Ss Login -Log in as -.Dq root . -You can do so on the console, or over the network using +You can login via the console, or over the network using .Xr ssh 1 . If you wish to deny root logins over the network, edit the .Pa /etc/ssh/sshd_config @@ -92,6 +90,11 @@ and .Xr sudo 8 commands when root privileges are required. This process is described in more detail later. +.Pp +During the installation you were given the option to create a regular user. +This user is automatically added to the +.Dq wheel +group. .Ss Root password Change the password for the root user. (Note that throughout the documentation, the term
[resend] ipv6 support for tftp
can anyone test this diff? your feedback will be most welcome On Wed, Sep 08, 2010 at 11:51:11AM -0300, Gleydson Soares wrote: hi, - ipv6 support for tftp client. based on an old itojun's diff. Index: tftpsubs.c === RCS file: /cvs/src/usr.bin/tftp/tftpsubs.c,v retrieving revision 1.14 diff -u -r1.14 tftpsubs.c --- tftpsubs.c 27 Oct 2009 23:59:44 - 1.14 +++ tftpsubs.c 8 Sep 2010 14:01:19 - @@ -258,7 +258,7 @@ { int i, j = 0; charrbuf[SEGSIZE_MIN]; - struct sockaddr_in from; + struct sockaddr_storage from; socklen_t fromlen; for (;;) { Index: tftp.c === RCS file: /cvs/src/usr.bin/tftp/tftp.c,v retrieving revision 1.22 diff -u -r1.22 tftp.c --- tftp.c 27 Oct 2009 23:59:44 - 1.22 +++ tftp.c 8 Sep 2010 14:01:39 - @@ -58,7 +58,7 @@ #include tftpsubs.h static int makerequest(int, const char *, struct tftphdr *, const char *); -static voidnak(int); +static voidnak(int, struct sockaddr *); static voidtpacket(const char *, struct tftphdr *, int); static voidstartclock(void); static voidstopclock(void); @@ -67,7 +67,7 @@ static voidoack(struct tftphdr *, int, int); static int oack_set(const char *, const char *); -extern struct sockaddr_in peeraddr; /* filled in by main */ +extern struct sockaddr_storage peeraddr; /* filled in by main */ extern int f; /* the opened socket */ extern int trace; extern int verbose; @@ -124,7 +124,8 @@ sendfile(int fd, char *name, char *mode) { struct tftphdr *dp, *ap; /* data and ack packets */ - struct sockaddr_in from; + struct sockaddr_storage from; + struct sockaddr_storage peer; struct pollfdpfd[1]; unsigned longamount; socklen_tfromlen; @@ -138,6 +139,7 @@ convert = !strcmp(mode, netascii); block = 0; amount = 0; + memcpy(peer, peeraddr, peeraddr.ss_len); do { /* read data from file */ @@ -146,7 +148,7 @@ else { size = readit(file, dp, convert, segment_size); if (size 0) { - nak(errno + 100); + nak(errno + 100, (struct sockaddr *)peer); break; } dp-th_opcode = htons((u_short)DATA); @@ -164,8 +166,8 @@ if (trace) tpacket(sent, dp, size + 4); if (sendto(f, dp, size + 4, 0, - (struct sockaddr *)peeraddr, - sizeof(peeraddr)) != size + 4) { + (struct sockaddr *)peer, + peer.ss_len) != size + 4) { warn(sendto); goto abort; } @@ -202,7 +204,19 @@ warn(recvfrom); goto abort; } - peeraddr.sin_port = from.sin_port; /* added */ + switch (peer.ss_family) { /* added */ + case AF_INET: + ((struct sockaddr_in *)peer)-sin_port = + ((struct sockaddr_in *)from)-sin_port; + break; + case AF_INET6: + ((struct sockaddr_in6 *)peer)-sin6_port = + ((struct sockaddr_in6 *)from)-sin6_port; + break; + default: + /* unsupported */ + break; + } if (trace) tpacket(received, ap, n); @@ -256,7 +270,8 @@ recvfile(int fd, char *name, char *mode) { struct tftphdr *dp, *ap; /* data and ack packets */ - struct sockaddr_in from; + struct sockaddr_storage from; + struct sockaddr_storage peer; struct pollfdpfd[1]; unsigned longamount; socklen_tfromlen; @@ -273,6 +288,7 @@ block = 1; amount = 0; firsttrip = 1; + memcpy(peer, peeraddr, peeraddr.ss_len); options: do { @@ -298,8 +314,8 @@ if (trace) tpacket(sent, ap, size); if (sendto(f, ackbuf, size, 0, -
Revealing secrets in netstart and other shell scripts
Hello all. Just got that: 1. ksh updates it's real argv when set -- is used. 2. /etc/netstart does the following (excerpts): while :; do if [ $cmd2 ]; then set -- $cmd2 # ... else read af name mask bcaddr ext1 ext2 || break fi case $af in # ... *) # ... case $dt in # ... *) cmd2=$dt $dtaddr ;; esac # ... esac # ... done /etc/hostname.$if You see - the possible secrets hiding in the /etc/hostname.* may be revealed by monitoring command arguments. /etc/hostname.* could be configuring tunnels or something hot-pluggable, it's legal to be called after system start. Even more, hotplugd(8) recommends this way of network interface initialization. The problem is that there is no good way to shift any array in shell. Best possible involves multiple translations from array to string and back, which is not acceptable, IMHO. So the possible choices I see are: 1. Make ksh does not update positional arguments (copy them on start). 2. Allow ksh to shift array operands when in non-POSIX mode by the following syntax: shift [arrayname] [count], being count distinguished from arrayname by checking is it a number or not. 3. Ignore possible problems with multiple translations, and do some tricks using them. What do you think? Also, other shell scripts dealing with secrets should be cheked too, of course; I'll try to do that, but a bit later. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
no /dev/usb means usb events are useless
NetBSD (where our usb stack came from) has a /dev/usb device node. this node exists primarily for reading usb events. however, we do not create /dev/usb, which means we have no way to get the usb events. usb events are device/driver attach/detachments. we have hotplug(4) to get this info. I don't see any reason to keep the usb event handling. thoughts? ok? PS notice how some drivers only do one of attach and detach instead of both, and that some drivers don't do either ... -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org Index: if_athn_usb.c === RCS file: /cvs/src/sys/dev/usb/if_athn_usb.c,v retrieving revision 1.6 diff -u -p -r1.6 if_athn_usb.c --- if_athn_usb.c 8 Jan 2011 15:18:01 - 1.6 +++ if_athn_usb.c 23 Jan 2011 03:54:07 - @@ -281,8 +281,6 @@ athn_usb_attach(struct device *parent, s mountroothook_establish(athn_usb_attachhook, usc); else athn_usb_attachhook(usc); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, usc-sc_udev, sc-sc_dev); } int @@ -304,7 +302,6 @@ athn_usb_detach(struct device *self, int athn_usb_free_tx_list(usc); athn_usb_free_rx_list(usc); - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, usc-sc_udev, sc-sc_dev); return (0); } Index: if_aue.c === RCS file: /cvs/src/sys/dev/usb/if_aue.c,v retrieving revision 1.83 diff -u -p -r1.83 if_aue.c --- if_aue.c6 Dec 2010 04:41:39 - 1.83 +++ if_aue.c23 Jan 2011 03:54:08 - @@ -837,9 +837,6 @@ aue_attach(struct device *parent, struct timeout_set(sc-aue_stat_ch, aue_tick, sc); splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc-aue_udev, - sc-aue_dev); } int @@ -886,9 +883,6 @@ aue_detach(struct device *self, int flag usb_detach_wait(sc-aue_dev); } splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc-aue_udev, - sc-aue_dev); return (0); } Index: if_axe.c === RCS file: /cvs/src/sys/dev/usb/if_axe.c,v retrieving revision 1.104 diff -u -p -r1.104 if_axe.c --- if_axe.c6 Dec 2010 04:41:39 - 1.104 +++ if_axe.c23 Jan 2011 03:54:09 - @@ -814,9 +814,6 @@ axe_attach(struct device *parent, struct timeout_set(sc-axe_stat_ch, axe_tick, sc); splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc-axe_udev, - sc-axe_dev); } int @@ -875,9 +872,6 @@ axe_detach(struct device *self, int flag usb_detach_wait(sc-axe_dev); } splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc-axe_udev, - sc-axe_dev); return (0); } Index: if_cdce.c === RCS file: /cvs/src/sys/dev/usb/if_cdce.c,v retrieving revision 1.48 diff -u -p -r1.48 if_cdce.c --- if_cdce.c 16 Jan 2011 22:35:29 - 1.48 +++ if_cdce.c 23 Jan 2011 03:54:10 - @@ -360,9 +360,6 @@ found: sc-cdce_attached = 1; splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc-cdce_udev, - sc-cdce_dev); } int @@ -387,9 +384,6 @@ cdce_detach(struct device *self, int fla sc-cdce_attached = 0; splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc-cdce_udev, - sc-cdce_dev); return (0); } Index: if_cue.c === RCS file: /cvs/src/sys/dev/usb/if_cue.c,v retrieving revision 1.58 diff -u -p -r1.58 if_cue.c --- if_cue.c17 Dec 2010 13:48:06 - 1.58 +++ if_cue.c23 Jan 2011 03:54:10 - @@ -542,9 +542,6 @@ cue_attach(struct device *parent, struct timeout_set(sc-cue_stat_ch, cue_tick, sc); splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc-cue_udev, - sc-cue_dev); } int @@ -585,9 +582,6 @@ cue_detach(struct device *self, int flag #endif splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc-cue_udev, - sc-cue_dev); return (0); } Index: if_kue.c === RCS file: /cvs/src/sys/dev/usb/if_kue.c,v retrieving revision 1.62 diff -u -p -r1.62 if_kue.c --- if_kue.c17 Dec 2010 13:48:06 - 1.62 +++ if_kue.c23 Jan 2011 03:54:11 - @@ -543,9 +543,6 @@ kue_attach(struct device *parent, struct mountroothook_establish(kue_attachhook, sc); else kue_attachhook(sc); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc-kue_udev, - sc-kue_dev); } int Index: if_mos.c
Re: no /dev/usb means usb events are useless
On Sun, Jan 23, 2011 at 05:03:18AM +, Jacob Meuser wrote: NetBSD (where our usb stack came from) has a /dev/usb device node. this node exists primarily for reading usb events. however, we do not create /dev/usb, which means we have no way to get the usb events. usb events are device/driver attach/detachments. we have hotplug(4) to get this info. I don't see any reason to keep the usb event handling. thoughts? ok? PS notice how some drivers only do one of attach and detach instead of both, and that some drivers don't do either ... snip @@ -717,83 +630,6 @@ usbioctl(dev_t devt, u_long cmd, caddr_t return (0); } -int -usbpoll(dev_t dev, int events, struct proc *p) -{ - int revents, mask, s; - - if (minor(dev) == USB_DEV_MINOR) { - revents = 0; - mask = POLLIN | POLLRDNORM; - - s = splusb(); - if (events mask usb_nevents 0) - revents |= events mask; - if (revents == 0 events mask) - selrecord(p, usb_selevent); - splx(s); - - return (revents); - } else { - return (POLLERR); - } -} sigh. this is needed as well. obviously. sorry about that ... -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org Index: conf.h === RCS file: /cvs/src/sys/sys/conf.h,v retrieving revision 1.109 diff -u -p conf.h --- conf.h 8 Jan 2011 19:45:09 - 1.109 +++ conf.h 23 Jan 2011 05:25:32 - @@ -396,7 +396,7 @@ extern struct cdevsw cdevsw[]; #definecdev_usb_init(c,n) { \ dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \ (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \ - (dev_type_stop((*))) enodev, 0, dev_init(c,n,poll), \ + (dev_type_stop((*))) enodev, 0, selfalse, \ (dev_type_mmap((*))) enodev } /* open, close, write, ioctl */