rcctl: un-hardcode /etc/rc.conf{.local}
Some notes to demo the diff below: # -=-=-=-=-=-=-= Assignment: me$ _STATIC_RCCONF='/etc/rc.conf' me$ _RCCONF=${_STATIC_RCCONF}.local # -=-=-=-=-=-=-= Test 1: me$ print ${_STATIC_RCCONF} ${_RCCONF} /etc/rc.conf /etc/rc.conf.local me$ print ${_RCCONF%/*} ${_RCCONF##*/} /etc rc.conf.local # -=-=-=-=-=-=-= Test 2: me$ _TMP_RCCONF=$(mktemp -p ${_RCCONF%/*} -t ${_RCCONF##*/}.XX) || print $? mktemp: cannot make temp file /etc/rc.conf.local.luzxGjy18I: Permission denied 1 # -=-=-=-=-=-=-= Reassignment: me$ _STATIC_RCCONF='/tmp/rc.conf' me$ _RCCONF=${_STATIC_RCCONF}.local # -=-=-=-=-=-=-= Test 3: me$ _TMP_RCCONF=$(mktemp -p ${_RCCONF%/*} -t ${_RCCONF##*/}.XX) || print $? me$ ls ${_TMP_RCCONF} /tmp/rc.conf.local.ZLyVBCNMtk Index: rcctl.sh === RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v retrieving revision 1.41 diff -u -p -r1.41 rcctl.sh --- rcctl.sh10 Oct 2014 15:59:36 - 1.41 +++ rcctl.sh11 Oct 2014 12:41:22 - @@ -18,7 +18,9 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. _special_services=accounting check_quotas ipsec multicast_host multicast_router pf spamd_black -readonly _special_services +_STATIC_RCCONF='/etc/rc.conf' +_RCCONF=${_STATIC_RCCONF}.local +readonly _special_services _STATIC_RCCONF _RCCONF # get local functions from rc.subr(8) FUNCS_ONLY=1 @@ -38,21 +40,21 @@ needs_root() rcconf_edit_begin() { - _TMP_RCCONF=$(mktemp -p /etc -t rc.conf.local.XX) || exit 1 - if [ -f /etc/rc.conf.local ]; then + _TMP_RCCONF=$(mktemp -p ${_RCCONF%/*} -t ${_RCCONF##*/}.XX) || exit + if [ -f ${_RCCONF} ]; then # only to keep permissions (file content is not needed) - cp -p /etc/rc.conf.local ${_TMP_RCCONF} || exit 1 + cp -p ${_RCCONF} ${_TMP_RCCONF} || exit 1 else - touch /etc/rc.conf.local || exit 1 + touch ${_RCCONF} || exit 1 fi } rcconf_edit_end() { sort -u -o ${_TMP_RCCONF} ${_TMP_RCCONF} || exit 1 - mv ${_TMP_RCCONF} /etc/rc.conf.local || exit 1 - if [ ! -s /etc/rc.conf.local ]; then - rm /etc/rc.conf.local || exit 1 + mv ${_TMP_RCCONF} ${_RCCONF} || exit 1 + if [ ! -s ${_RCCONF} ]; then + rm ${_RCCONF} || exit 1 fi } @@ -62,7 +64,7 @@ svc_default_enabled() [ -n ${_svc} ] || return local _ret=1 - _rc_parse_conf /etc/rc.conf + _rc_parse_conf ${_STATIC_RCCONF} svc_is_enabled ${_svc} _ret=0 _rc_parse_conf @@ -166,7 +168,7 @@ append_to_pkg_scripts() if [ -z ${pkg_scripts} ]; then echo pkg_scripts=${_svc} ${_TMP_RCCONF} elif ! echo ${pkg_scripts} | grep -qw ${_svc}; then - grep -v ^pkg_scripts.*= /etc/rc.conf.local ${_TMP_RCCONF} + grep -v ^pkg_scripts.*= ${_RCCONF} ${_TMP_RCCONF} echo pkg_scripts=${pkg_scripts} ${_svc} ${_TMP_RCCONF} fi rcconf_edit_end @@ -182,7 +184,7 @@ rm_from_pkg_scripts() rcconf_edit_begin sed /^pkg_scripts[[::]]/{s/[[::]]${_svc}[[::]]//g s/['\]//g;s/ *= */=/;s/ */ /g;s/ $//;/=$/d;} \ - /etc/rc.conf.local ${_TMP_RCCONF} + ${_RCCONF} ${_TMP_RCCONF} rcconf_edit_end } @@ -193,7 +195,7 @@ add_flags() if svc_is_special ${_svc}; then rcconf_edit_begin - grep -v ^${_svc}.*= /etc/rc.conf.local ${_TMP_RCCONF} + grep -v ^${_svc}.*= ${_RCCONF} ${_TMP_RCCONF} if ! svc_default_enabled ${_svc}; then echo ${_svc}=YES ${_TMP_RCCONF} fi @@ -219,7 +221,7 @@ add_flags() fi rcconf_edit_begin - grep -v ^${_svc}_flags.*= /etc/rc.conf.local ${_TMP_RCCONF} + grep -v ^${_svc}_flags.*= ${_RCCONF} ${_TMP_RCCONF} if [ -n ${_flags} ] || \ ( svc_is_base ${_svc} ! svc_default_enabled ${_svc} ); then echo ${_svc}_flags=${_flags} ${_TMP_RCCONF} @@ -234,12 +236,12 @@ rm_flags() rcconf_edit_begin if svc_is_special ${_svc}; then - grep -v ^${_svc}.*= /etc/rc.conf.local ${_TMP_RCCONF} + grep -v ^${_svc}.*= ${_RCCONF} ${_TMP_RCCONF} if svc_default_enabled ${_svc}; then echo ${_svc}=NO ${_TMP_RCCONF} fi else - grep -v ^${_svc}_flags.*= /etc/rc.conf.local ${_TMP_RCCONF} + grep -v ^${_svc}_flags.*= ${_RCCONF} ${_TMP_RCCONF} if svc_default_enabled ${_svc}; then echo ${_svc}_flags=NO ${_TMP_RCCONF} fi
Re: rcctl: un-hardcode /etc/rc.conf{.local}
Hi Craig, i consider system code easier to understand, more predictable, and hence easier to keep correct and secure when system files and directories are not configurable. Consequently, i don't like the direction you are taking here. Yours, Ingo Craig R. Skinner wrote on Sat, Oct 11, 2014 at 01:57:32PM +0100: [...] Index: rcctl.sh === RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v retrieving revision 1.41 diff -u -p -r1.41 rcctl.sh --- rcctl.sh 10 Oct 2014 15:59:36 - 1.41 +++ rcctl.sh 11 Oct 2014 12:41:22 - [...] @@ -62,7 +64,7 @@ svc_default_enabled() [ -n ${_svc} ] || return local _ret=1 - _rc_parse_conf /etc/rc.conf + _rc_parse_conf ${_STATIC_RCCONF} svc_is_enabled ${_svc} _ret=0 _rc_parse_conf [...]
Re: rcctl: un-hardcode /etc/rc.conf{.local}
i consider system code easier to understand, more predictable, and hence easier to keep correct and secure when system files and directories are not configurable. Consequently, i don't like the direction you are taking here. Hell yes. It is dangerously confusing abstraction. Only purpose it serves is to make simple stuff look magic. [...] Index: rcctl.sh === RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v retrieving revision 1.41 diff -u -p -r1.41 rcctl.sh --- rcctl.sh10 Oct 2014 15:59:36 - 1.41 +++ rcctl.sh11 Oct 2014 12:41:22 - [...] @@ -62,7 +64,7 @@ svc_default_enabled() [ -n ${_svc} ] || return local _ret=1 - _rc_parse_conf /etc/rc.conf + _rc_parse_conf ${_STATIC_RCCONF} svc_is_enabled ${_svc} _ret=0 _rc_parse_conf [...]
[SOLVED]: no respone on Passphrase after first boot on -current
Thu, Oct 09, 2014 at 11:54:12AM CEST, s...@stsp.name napsal(a): On Thu, Oct 09, 2014 at 06:23:17AM +0200, Jiri Navratil wrote: Hello, I bought acer TravelMate notebook TMB115-M-COEA to follow -current and partitipate on LibreSSL. I installed system from snapshot and used softraid0 crypto on whole sd0. After first boot I have Passsphrase prompt and I can't contine. It looks like keyboard is not working. No response after Enter. I assume, that I'm providing same password as during install. There is no response at all. Can I debug this somehow? I may install the machine again without crypto and then try to use softraid0 crypto on external drive, but not sure, if this can be helpfull for debuging and reporting. Is there something next I can experiment with and provide something valuable here? Thank you, Jiri -- Jiri Navratil, http://kouc.navratil.cz, +420 222 767 131 Did you try booting into the install media, select 'shell', and then attaching your softraid crypto disk with bioctl? Does that work? Can you provide a dmesg? Thank you Bio and Stefan for responses. I can boot now from installed system. Not sure, which step helped. The BIOS looks not fully ok for me. I did these steps Based on https://www.mail-archive.com/misc@openbsd.org/msg132652.html I looked in to BIOS and did the only thing possible with USB. I switched Boot Mode from Legacy to UEFI, which lead into error - no boot device. Then I switched back to legacy and booted USB stick with miniroot56.fs and attached softraid crypto disk just fine. Then I halted system. New boot directly from harddrive worked fine. (I wass able to answer Passphrase question and system booted fine). So thank you for your help. It's working now. I'm attaching first boot dmesg and dmesg from compiled kernel. They are already on dm...@openbsd.org. May be this can have value for someone. I noticed in dmesg this error: RTC BIOS diagnostic error 80clock_battery Can clock battery be dead on new machine? Or the BIOS is not good schape? WiFi is not working. I see Intel Dual Band Wireless AC 7260 in dmesg. Screen stay blank after resume from suspend (both console and X blank, machine accessible via network). Best regards, Jiri
Re: Shadow TCP stacks
On Sat, Oct 11, 2014 at 5:45 AM, Joachim Schipper joac...@joachimschipper.nl wrote: moved to misc@; it's still not on-topic, but this message may be somewhat interesting Moved back to tech for just this message: I am going to implement this inBSD, so I would still appreciate pointers and helpful tech advice, but please don't CC the list, just mail me privately. To prevent a flame war, please don't refute anything on the list without giving carefully considered, clear reasons why I and everyone else should agree with you, otherwise I will be obliged to respond to the list because I won't leave a falsehood uncontested on a public forum. The application is electronic democracy. I want to demonstrate how it is possible to do secure comms. over untrusted networks and hardware. But it *isn't* possible to do secure comms from/to compromised hardware; that is what compromised means. That's why I used the term untrusted: to make a distinction between the unknown status of security of the underlying media and compromised meaning definite knowledge that the hardware affects a compromise of privacy/integrity. Note that the thesis above merely aims at cryptographic port knocking; a global adversary can still just read the unencrypted traffic No, the pre-shared keys are communicated over the VPN, as are the keys which encrypt the VPN's own data as it appears in the actual TCP packets which carry the tunnel through which the VPN operates. This is not a common idea: that such a thing a thing is possible, so people should not be too quick to dismiss it solely on account of never having heard of the idea before. Dismiss it only when you have convinced yourself that it definitely won't work. Because otherwise you are rejecting something very valuable: perfectly secure communications. Also, note that securely pre-sharing keys is a pain even in a small group of friends; The purpose of the VPN is to provide this mechanism and make it automatic, that point should be fairly clear in my description. there is no way you can scale that to every human in the world. No, and that is certainly not the plan. The verification of the voting is as I explain in that document: it is that each voter certifies the votes of three others, and because people know this, they know that their own vote is only represented if the others certified theirs. So the knowledge doesn't exist in any one person's mind, it only exists in the combined minds of all the people. And the same principle applies to the knowledge of the VPN keys: that knowledge will be shared between four independent orthogonal VPNs and that information will simply not exist, so could never be compromised. Please don't be too quick to dismiss this. The idea is not an obvious one, but people who can think about systems are typically better at grasping this sort of thing that people who who work with systems of formal proof which work by symbolic substitution. This is not something you can make obvious by symbolic substitution because it is based on human knowledge, not concrete representation in some language: that knowledge is the knowledge that these really are three other independent VPNs that are providing the information I need to encrypt my traffic when it sending to this other machine.. I hope to be able do this by carrying out a global referendum. See http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html A very quick read shows that you want to do, roughly, electronic voting. A number of proposals exists to achieve secure (or verifiable) electronic voting; I believe you should be able to find fairly accessible introductions to the cryptographic scheme proposed by Ron Rivest (of RSA fame). No proposal that I'm aware of even contemplates using compromised hardware, though, and all proposals assume a functioning census. Well, now you _are_ aware of at least one: which is this one :-) And I am not the only one who believes that this is possible. Roger Schell (cc'ed), who was very influential in the development of the NSA's TCSEC wrote in https://www.acsac.org/invited-essay/essays/2001-schell.pdf: The science of computer and network information security has for some time given us the ability to purchase an information system from a mortal enemy and then assess its ability to enforce a well defined security policy, gaining sufficient assurance to confidently use the system to protect against massive loss and grave damage, and this has been actually been put into practice. This astonishing capability is known as “verified protection”. My plan is to use a virtual interface which magically shows behind the physical interface when connections are made with the right ISN key in the SYN packet. If the ISN is not one of the 'knocks' then the connection sees the ordinary physical interface. Then I want to make a connection between applications and the TCP stack so that the knocks can be determined only by data from