Re: isakmpd.policy check
On Thu, Jan 04, 2018 at 12:30:39PM +, Stuart Henderson wrote: > On 2018/01/04 12:47, Martin Pieuchot wrote: > > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane > > we do. > > This means you trust your ipsec peers not to request an invalid flow. > That's reasonable if you run both ends and trust yourself not to fat-finger > it but it's not really OK if you run tunnels to third parties. > I was running isakmpd -K for years without understanding the risk. Probably I'm not the exception. The isakmpd man page says: -K [...] This option can be used when policies for flows and SA establishment are arranged by other programs like ipsecctl(8) or bgpd(8). > > I'd like to enforce some policy based on what I write in > > ipsec.conf(5)... > > That would be a bigger change ;) That would be a much appreciated change ;-) > > So I don't understand why I have to pass '-K' in > > every of the machine I setup. If I don't specify any policy file, then > > I'd assume isakmpd(8) would do the right thing. > > > > Diff below makes '-K' the default if isakmpd.policy doesn't exist AND > > you didn't specify a "Policy-file". > > I have to say I'm not too keen on this. At the moment -K is "danger! > flows are not checked against policy".
Re: VMD: revise check for regular files on disks
On Wed, Jan 03 2018, Carlos Cardenaswrote: > Howdy. > > Attached is a patch to address a TOCTOU issue with checking to > ensure disks are regular files, reported by jca@ . > > Comments? Ok? A bit late, but ok. While here, if the S_ISREG check fails there is no meaningful errno to report. ok? Index: config.c === RCS file: /d/cvs/src/usr.sbin/vmd/config.c,v retrieving revision 1.39 diff -u -p -p -u -r1.39 config.c --- config.c4 Jan 2018 15:19:56 - 1.39 +++ config.c5 Jan 2018 07:24:41 - @@ -252,7 +252,7 @@ config_setvm(struct privsep *ps, struct goto fail; } if (S_ISREG(stat_buf.st_mode) == 0) { - log_warn("%s: cdrom %s is not a regular file", __func__, + log_warnx("%s: cdrom %s is not a regular file", __func__, vcp->vcp_cdrom); errno = VMD_CDROM_INVALID; goto fail; @@ -276,7 +276,7 @@ config_setvm(struct privsep *ps, struct goto fail; } if (S_ISREG(stat_buf.st_mode) == 0) { - log_warn("%s: disk %s is not a regular file", __func__, + log_warnx("%s: disk %s is not a regular file", __func__, vcp->vcp_disks[i]); errno = VMD_DISK_INVALID; goto fail; -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: ksh: Fix compilation without job control
On Thu, Jan 04 2018, Klemens Nanniwrote: > A few guards are missing, with this diff ksh compiles cleanly with JOBS > undefined. > > Found while looking for undesired changes after working on job control. > > Feedback? Looks good, ok jca@ I kinda take job control in my shell for granted. Todd, would it make sense to just delete the #ifdefs? I doubt that we'll want to ship a ksh with no job control in space-constrained installers. > diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c > index 53858a37d26..7e29c2f38b8 100644 > --- a/bin/ksh/jobs.c > +++ b/bin/ksh/jobs.c > @@ -201,6 +201,7 @@ j_suspend(void) > { > struct sigaction sa, osa; > > +#ifdef JOBS > /* Restore tty and pgrp. */ > if (ttypgrp_ok) { > tcsetattr(tty_fd, TCSADRAIN, _state); > @@ -218,6 +219,7 @@ j_suspend(void) > } > } > } > +#endif /* JOBS */ > > /* Suspend the shell. */ > memset(, 0, sizeof(sa)); > @@ -228,6 +230,7 @@ j_suspend(void) > > /* Back from suspend, reset signals, pgrp and tty. */ > sigaction(SIGTSTP, , NULL); > +#ifdef JOBS > if (ttypgrp_ok) { > if (restore_ttypgrp >= 0) { > if (setpgid(0, kshpid) < 0) { > @@ -246,6 +249,7 @@ j_suspend(void) > } > tty_init(true); > } > +#endif /* JOBS */ > } > > /* job cleanup before shell exit */ > @@ -1050,10 +1054,10 @@ j_waitj(Job *j, > j->flags &= ~(JF_WAITING|JF_W_ASYNCNOTIFY); > > if (j->flags & JF_FG) { > - int status; > - > j->flags &= ~JF_FG; > #ifdef JOBS > + int status; > + > if (Flag(FMONITOR) && ttypgrp_ok && j->pgrp) { > /* >* Save the tty's current pgrp so it can be restored > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: mg: extract child status with WEXITSTATUS
On Tue, Jan 02 2018, Scott Chelohawrote: > On Mon, Jan 01, 2018 at 09:07:25PM -0700, Todd C. Miller wrote: >> On Mon, 01 Jan 2018 19:54:07 -0600, Scott Cheloha wrote: >> >> > Hey, >> > >> > In the mg(1) *compile* buffer, currently you get incorrect >> > output like: >> > >> >Command exited abnormally with code 256 at [...] >> > >> > Using the W* macros in corrects this: >> > >> >Command exited abnormally with code 1 at [...] >> >> Is it worth using an explicit message if the command was terminated >> by a signal? > > Like in lieu of 128+WTERMSIG? I don't personally see my jobs in mg > get killed all that often, but if I did I think I'd prefer something > with the signal name, sure. > > While we're at it, I'd like to move the timestamp left so it's separate > from the other output. I'd also like to always print the exit status, > as "abnormally" is inapplicable for programs like diff and grep. "abnormally" doesn't seem very useful if the status is printed indeed; printing the status if zero doesn't look very useful though. > Thoughts? Disclaimer: I'm not an mg(1) user, but please see below. > -- > Scott Cheloha > > Index: usr.bin/mg/grep.c > === > RCS file: /cvs/src/usr.bin/mg/grep.c,v > retrieving revision 1.45 > diff -u -p -r1.45 grep.c > --- usr.bin/mg/grep.c 12 Oct 2017 14:12:00 - 1.45 > +++ usr.bin/mg/grep.c 3 Jan 2018 01:24:09 - > @@ -4,6 +4,8 @@ > > #include > #include > +#include > + > #include > #include > #include > @@ -180,7 +182,7 @@ compile_mode(const char *name, const cha > char*buf; > size_t sz; > ssize_t len; > - int ret, n; > + int ret, n, signo; > char cwd[NFILEN], qcmd[NFILEN]; > char timestr[NTIME]; > time_t t; > @@ -226,17 +228,19 @@ compile_mode(const char *name, const cha > t = time(NULL); > strftime(timestr, sizeof(timestr), "%a %b %e %T %Y", localtime()); > addline(bp, ""); > - if (ret != 0) > - addlinef(bp, "Command exited abnormally with code %d" > - " at %s", ret, timestr); > - else > - addlinef(bp, "Command finished at %s", timestr); > + if (WIFEXITED(ret)) { > + addlinef(bp, "[%s] Command exited with status %d", > + timestr, WEXITSTATUS(ret)); > + } else { This won't catch cases where the shell exits with 128 + the signal that killed its child process. > + signo = WTERMSIG(ret); > + addlinef(bp, "[%s] Command killed by %s: %s", > + timestr, sys_signame[signo], strsignal(signo)); I'm not thrilled by sys_signame, it's not portable, you need to do make sure that the signal number is valid, and when adding errno values the size of sys_signame changes -> libc major crank. It's a shame there are no sane standard accessors. (http://austingroupbugs.net/view.php?id=1138=8) Sorry for the bikeshed but wouldn't just printing the signal number be enough? Also, why change the way the timestamp is printed? I would probably do something like the diff below. Index: grep.c === RCS file: /d/cvs/src/usr.bin/mg/grep.c,v retrieving revision 1.45 diff -u -p -p -u -r1.45 grep.c --- grep.c 12 Oct 2017 14:12:00 - 1.45 +++ grep.c 5 Jan 2018 06:36:53 - @@ -4,6 +4,8 @@ #include #include +#include + #include #include #include @@ -226,10 +228,14 @@ compile_mode(const char *name, const cha t = time(NULL); strftime(timestr, sizeof(timestr), "%a %b %e %T %Y", localtime()); addline(bp, ""); - if (ret != 0) - addlinef(bp, "Command exited abnormally with code %d" - " at %s", ret, timestr); - else + if (WIFSIGNALED(ret) || WEXITSTATUS(ret) > 128) { + addlinef(bp, "Command killed by signal %d at %s", + WIFSIGNALED(ret) ? WTERMSIG(ret) : WEXITSTATUS(ret) - 128, + timestr); + } else if (WEXITSTATUS(ret)) { + addlinef(bp, "Command exited with status %d at %s", + WEXITSTATUS(ret), timestr); + } else addlinef(bp, "Command finished at %s", timestr); bp->b_dotp = bfirstlp(bp); -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: update Mesa to 17.2.6
The diff below helps, and will be in snaps until the situation is resolved. > On Fri, Jan 05, 2018 at 12:38:27AM +0200, Lauri Tirkkonen wrote: > > Hi, > > > > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > > > I'm interested in reports from people who saw corruption on Intel > > > graphics during the brief period when Mesa 17.1.6 was in the tree. > > > > Sorry for not testing this sooner; I had forgotten about seeing this > > corruption previously. Updating to a snapshot just now (from OpenBSD > > 6.2-current (GENERIC.MP) #305: Thu Dec 21 14:53:41 MST 2017 to OpenBSD > > 6.2-current (GENERIC.MP) #314: Wed Jan 3 13:14:26 MST 2018) did > > result in corruption on my X220 and jogged my memory that I've seen this > > problem in the past... dmesg follows. > > I wonder if this is exposing an inteldrm problem. > > Does switching to the intel driver with xorg.conf or the below > diff change anything? > > Index: xserver/hw/xfree86/common/xf86pciBus.c > === > RCS file: /cvs/xenocara/xserver/hw/xfree86/common/xf86pciBus.c,v > retrieving revision 1.15 > diff -u -p -r1.15 xf86pciBus.c > --- xserver/hw/xfree86/common/xf86pciBus.c8 Dec 2017 15:02:00 - > 1.15 > +++ xserver/hw/xfree86/common/xf86pciBus.c4 Jan 2018 22:57:20 - > @@ -1192,11 +1192,26 @@ xf86VideoPtrToDriverList(struct pci_devi > case 0xa011: > case 0x0042: /* XXX Ironlake is unstable with modesetting */ > case 0x0046: > - /* Use intel driver on 2nd and 3rd generation */ > + /* Sandy Bridge */ > + case 0x0102: > + case 0x0112: > + case 0x0122: > + case 0x010a: > + case 0x0106: > + case 0x0116: > + case 0x0126: > + /* Ivy Bridge */ > + case 0x0156: > + case 0x0166: > + case 0x0152: > + case 0x0162: > + case 0x015a: > + case 0x016a: > + /* Use intel driver until Ivy Bridge */ > driverList[0] = "intel"; > break; > default: > - /* Use modesetting driver on 4th generation and up */ > + /* Use modesetting driver on Haswell and up */ > driverList[0] = "modesetting"; > break; > } >
Re: update Mesa to 17.2.6
> > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > > > I'm interested in reports from people who saw corruption on Intel > > > graphics during the brief period when Mesa 17.1.6 was in the tree. The issue is back. x230. run xpdf on a document which large regions of black and white, and flip between pages. It looks like something is cached and not being pushed/invalidated/writethrough. so it does not make it onto the screen correctly. there are cache-streaks which don't update on an idle machine. If the machine is very busy, it is hard to see these because the cache lines get pushed earlier. But on an idle machine, documents are unreadable.
Re: relayd and PUT
On Wed, Dec 13, 2017 at 07:42:03AM +0100, Claudio Jeker wrote: > On Wed, Dec 13, 2017 at 12:25:39AM +, Rivo Nurges wrote: > > If you http PUT a "big" file through relayd, server<>relay read side > > will eventually get a EVBUFFER_TIMEOUT. Nothing comes back from the > > server until the PUT is done. I disabled server read timeouts for PUT > > requests. > > I have seen something similar and came to the conclusion that the timeout > handling of relayd is not correct. As long as traffic is flowing the > timeout should be reset (at least that is what every other implementation > does). This is not really happening in relayd. I have seen this on GET > requests that are huge (timeout hits in the middle of the transimit and > kills the session). I have commited more regression tests that check the timeout with unidirectional traffic flow. I could not find an error. In theory when we have an idle timeout in one direction, relayd checks wheter there is trafic flowing in the other direction. The tests set the timeout to 2 seconds and send 5 bytes while sleeping one second between each byte. The timeout does not trigger. So it seems that you encounter some corner case. I need more information. - Do you use http or https? - Do you use persistent connections? - Do you use chunked encoding? - Does it only occur with http or also with plain tcp? - Does disabling socket splicing help? - Does it happen when the connect to the server is slow? While testing I saw that with socket splicing the timeout is handled twice. We get an wakeup from the idle splicing and from libevent timeout. I think it is sufficient to only use the idle splicing if it is available. Does this diff help? bluhm Index: relay.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.237 diff -u -p -r1.237 relay.c --- relay.c 27 Dec 2017 15:53:30 - 1.237 +++ relay.c 4 Jan 2018 22:44:20 - @@ -733,16 +733,21 @@ relay_connected(int fd, short sig, void if ((rlay->rl_conf.flags & F_TLSCLIENT) && (out->tls != NULL)) relay_tls_connected(out); - bufferevent_settimeout(bev, - rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec); bufferevent_setwatermark(bev, EV_WRITE, RELAY_MIN_PREFETCHED * proto->tcpbufsiz, 0); bufferevent_enable(bev, EV_READ|EV_WRITE); if (con->se_in.bev) bufferevent_enable(con->se_in.bev, EV_READ); - if (relay_splice(>se_out) == -1) + switch (relay_splice(>se_out)) { + case 0: + bufferevent_settimeout(bev, + rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec); + break; + case -1: relay_close(con, strerror(errno)); + break; + } } void @@ -784,14 +789,19 @@ relay_input(struct rsession *con) if ((rlay->rl_conf.flags & F_TLS) && con->se_in.tls != NULL) relay_tls_connected(>se_in); - bufferevent_settimeout(con->se_in.bev, - rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec); bufferevent_setwatermark(con->se_in.bev, EV_WRITE, RELAY_MIN_PREFETCHED * proto->tcpbufsiz, 0); bufferevent_enable(con->se_in.bev, EV_READ|EV_WRITE); - if (relay_splice(>se_in) == -1) + switch (relay_splice(>se_in)) { + case 0: + bufferevent_settimeout(con->se_in.bev, + rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec); + break; + case -1: relay_close(con, strerror(errno)); + break; + } } void
Re: update Mesa to 17.2.6
On Fri, Jan 05, 2018 at 12:38:27AM +0200, Lauri Tirkkonen wrote: > Hi, > > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > > I'm interested in reports from people who saw corruption on Intel > > graphics during the brief period when Mesa 17.1.6 was in the tree. > > Sorry for not testing this sooner; I had forgotten about seeing this > corruption previously. Updating to a snapshot just now (from OpenBSD > 6.2-current (GENERIC.MP) #305: Thu Dec 21 14:53:41 MST 2017 to OpenBSD > 6.2-current (GENERIC.MP) #314: Wed Jan 3 13:14:26 MST 2018) did > result in corruption on my X220 and jogged my memory that I've seen this > problem in the past... dmesg follows. I wonder if this is exposing an inteldrm problem. Does switching to the intel driver with xorg.conf or the below diff change anything? Index: xserver/hw/xfree86/common/xf86pciBus.c === RCS file: /cvs/xenocara/xserver/hw/xfree86/common/xf86pciBus.c,v retrieving revision 1.15 diff -u -p -r1.15 xf86pciBus.c --- xserver/hw/xfree86/common/xf86pciBus.c 8 Dec 2017 15:02:00 - 1.15 +++ xserver/hw/xfree86/common/xf86pciBus.c 4 Jan 2018 22:57:20 - @@ -1192,11 +1192,26 @@ xf86VideoPtrToDriverList(struct pci_devi case 0xa011: case 0x0042: /* XXX Ironlake is unstable with modesetting */ case 0x0046: - /* Use intel driver on 2nd and 3rd generation */ + /* Sandy Bridge */ + case 0x0102: + case 0x0112: + case 0x0122: + case 0x010a: + case 0x0106: + case 0x0116: + case 0x0126: + /* Ivy Bridge */ + case 0x0156: + case 0x0166: + case 0x0152: + case 0x0162: + case 0x015a: + case 0x016a: + /* Use intel driver until Ivy Bridge */ driverList[0] = "intel"; break; default: - /* Use modesetting driver on 4th generation and up */ + /* Use modesetting driver on Haswell and up */ driverList[0] = "modesetting"; break; }
Re: update Mesa to 17.2.6
Hi, On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > I'm interested in reports from people who saw corruption on Intel > graphics during the brief period when Mesa 17.1.6 was in the tree. Sorry for not testing this sooner; I had forgotten about seeing this corruption previously. Updating to a snapshot just now (from OpenBSD 6.2-current (GENERIC.MP) #305: Thu Dec 21 14:53:41 MST 2017 to OpenBSD 6.2-current (GENERIC.MP) #314: Wed Jan 3 13:14:26 MST 2018) did result in corruption on my X220 and jogged my memory that I've seen this problem in the past... dmesg follows. OpenBSD 6.2-current (GENERIC.MP) #314: Wed Jan 3 13:14:26 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8451125248 (8059MB) avail mem = 8188076032 (7808MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries) bios0: vendor LENOVO version "8DET73WW (1.43 )" date 10/12/2016 bios0: LENOVO 42915CG acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache acpihpet0: recalibrated TSC frequency 2491918253 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus -1 (EXP7) acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0020" at acpi0 not configured "SMO1200" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1172" serial 403 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured acpivideo1 at acpi0: VID_ cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09 drm0 at inteldrm0 inteldrm0: msi inteldrm0: 1366x768, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0:
ksh: Fix compilation without job control
A few guards are missing, with this diff ksh compiles cleanly with JOBS undefined. Found while looking for undesired changes after working on job control. Feedback? diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c index 53858a37d26..7e29c2f38b8 100644 --- a/bin/ksh/jobs.c +++ b/bin/ksh/jobs.c @@ -201,6 +201,7 @@ j_suspend(void) { struct sigaction sa, osa; +#ifdef JOBS /* Restore tty and pgrp. */ if (ttypgrp_ok) { tcsetattr(tty_fd, TCSADRAIN, _state); @@ -218,6 +219,7 @@ j_suspend(void) } } } +#endif /* JOBS */ /* Suspend the shell. */ memset(, 0, sizeof(sa)); @@ -228,6 +230,7 @@ j_suspend(void) /* Back from suspend, reset signals, pgrp and tty. */ sigaction(SIGTSTP, , NULL); +#ifdef JOBS if (ttypgrp_ok) { if (restore_ttypgrp >= 0) { if (setpgid(0, kshpid) < 0) { @@ -246,6 +249,7 @@ j_suspend(void) } tty_init(true); } +#endif /* JOBS */ } /* job cleanup before shell exit */ @@ -1050,10 +1054,10 @@ j_waitj(Job *j, j->flags &= ~(JF_WAITING|JF_W_ASYNCNOTIFY); if (j->flags & JF_FG) { - int status; - j->flags &= ~JF_FG; #ifdef JOBS + int status; + if (Flag(FMONITOR) && ttypgrp_ok && j->pgrp) { /* * Save the tty's current pgrp so it can be restored
Re: cross ref ocspcheck in httpd.conf(5)
On Wed, Dec 20, 2017 at 08:43:35AM +0100, Paul de Weerd wrote: > I've been playing a bit with OCSP stapling in httpd and found the > documentation a bit lacking / confusing. httpd says: > > ocsp file > Specify an OCSP response to be stapled during TLS > handshakes with this server. The file should contain a > DER-format OCSP response retrieved from an OCSP server > for the certificate in use. The default is to not use > OCSP stapling. If the OSCP response in file is empty, > OCSP stapling will not be used. > > But from this bit of text it's not clear that we have ocspcheck(8) to > create these files. Only much further down is there a Xr to this > program. I've added a Xr in the description of the ocsp option to > make this easier to find for the uninitiated. > > While there, I was rather surprised that the file argument is relative > to the root of the system, not the chroot of the httpd process. That > suggests (at least to me) that cron(8)'ing staple updates with > ocspcheck will require an httpd reload. Why can't that simply be read > from the chroot during runtime, so updates to the file take effect > without a restart? I have my staple file in the docroot (since I > understand it to be public data), is that a bad idea? > > Anyway, thought it prudent to also add some words about this too, but > am less convinced it's correct. > > Cheers, > > Paul > a tweaked version of this diff committed. thanks, jmc > Index: httpd.conf.5 > === > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.87 > diff -u -p -r1.87 httpd.conf.5 > --- httpd.conf.5 29 Nov 2017 16:55:08 - 1.87 > +++ httpd.conf.5 20 Dec 2017 07:26:20 - > @@ -557,10 +557,16 @@ should contain a DER-format OCSP respons > OCSP server for the > .Ar certificate > in use. > +The > +.Xr ocspcheck 8 > +utility can be used to create files in the proper format. > The default is to not use OCSP stapling. > If the OSCP response in > .Ar file > is empty, OCSP stapling will not be used. > +Note that the path to > +.Ar file > +is not relative to the chroot. > .It Ic protocols Ar string > Specify the TLS protocols to enable for this server. > If not specified, the value > > > -- > >[<++>-]<+++.>+++[<-->-]<.>+++[<+ > +++>-]<.>++[<>-]<+.--.[-] > http://www.weirdnet.nl/ >
Re: VMD: revise check for regular files on disks
On Thu, Jan 04, 2018 at 07:14:54AM -0800, Carlos Cardenas wrote: > Mike Larkinwrote: > > > On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote: > > > Howdy. > > > > > > Attached is a patch to address a TOCTOU issue with checking to > > > ensure disks are regular files, reported by jca@ . > > > > > > Comments? Ok? > > > > > > +--+ > > > Carlos > > > > > Index: config.c > > > === > > > RCS file: /home/los/cvs/src/usr.sbin/vmd/config.c,v > > > retrieving revision 1.38 > > > diff -u -p -a -u -r1.38 config.c > > > --- config.c 3 Jan 2018 05:39:56 - 1.38 > > > +++ config.c 4 Jan 2018 03:55:47 - > > > @@ -262,23 +262,23 @@ config_setvm(struct privsep *ps, struct > > > /* Open disk images for child */ > > > for (i = 0 ; i < vcp->vcp_ndisks; i++) { > > > /* Stat disk[i] to ensure it is a regular file */ > > > - if (stat(vcp->vcp_disks[i], _buf) == -1) { > > > + if ((diskfds[i] = > > > + open(vcp->vcp_disks[i], O_RDWR)) == -1) { > > > > O_RDONLY? Or do we actually support the SCSI write commands (ala > > writing ISO images?) > > vcp_disks represent the vioblk devices which are RDWR. > vcp_cdrom is RDONLY since it doesn't support writing ISOs. > Of course. I missed that bit. You're right. I thought this was only for the recent cdrom changes. No concern then. > > > > > log_warn("%s: can't open disk %s", __func__, > > > vcp->vcp_disks[i]); > > > errno = VMD_DISK_MISSING; > > > goto fail; > > > } > > > - if (S_ISREG(stat_buf.st_mode) == 0) { > > > - log_warn("%s: disk %s is not a regular file", __func__, > > > + if (fstat(diskfds[i], _buf) == -1) { > > > + log_warn("%s: can't open disk %s", __func__, > > > vcp->vcp_disks[i]); > > > - errno = VMD_DISK_INVALID; > > > + errno = VMD_DISK_MISSING; > > > > I'd probably stick with INVALID here since technically the image is not > > really "missing" > > Makes sense. > > > > > > goto fail; > > > } > > > - if ((diskfds[i] = > > > - open(vcp->vcp_disks[i], O_RDWR)) == -1) { > > > - log_warn("%s: can't open disk %s", __func__, > > > + if (S_ISREG(stat_buf.st_mode) == 0) { > > > + log_warn("%s: disk %s is not a regular file", __func__, > > > vcp->vcp_disks[i]); > > > - errno = VMD_DISK_MISSING; > > > + errno = VMD_DISK_INVALID; > > > goto fail; > > > } > > > } > > > > ok mlarkin otherwise
Re: Remove useless includes
On Thu, Jan 04, 2018 at 03:58:07PM +0100, Martin Pieuchot wrote: > 'struct socket' is exposed to userland via . Most of > our programs in base do not need it. Since I'm going to change the > content of this struct for MP works, I'd like to reduce the impact on > userland. > > Here's a diff to remove useless includes, ok? OK userland should not include this > Index: sbin/mount_nfs/mount_nfs.c > === > RCS file: /cvs/src/sbin/mount_nfs/mount_nfs.c,v > retrieving revision 1.53 > diff -u -p -r1.53 mount_nfs.c > --- sbin/mount_nfs/mount_nfs.c27 May 2016 19:45:04 - 1.53 > +++ sbin/mount_nfs/mount_nfs.c4 Jan 2018 14:48:07 - > @@ -36,7 +36,6 @@ > #include > #include > #include > -#include > #include > #include > > Index: sbin/nfsd/nfsd.c > === > RCS file: /cvs/src/sbin/nfsd/nfsd.c,v > retrieving revision 1.37 > diff -u -p -r1.37 nfsd.c > --- sbin/nfsd/nfsd.c 31 Aug 2017 06:50:56 - 1.37 > +++ sbin/nfsd/nfsd.c 4 Jan 2018 14:48:32 - > @@ -40,7 +40,6 @@ > #include > #include > #include > -#include > > #include > #include > Index: sbin/umount/umount.c > === > RCS file: /cvs/src/sbin/umount/umount.c,v > retrieving revision 1.27 > diff -u -p -r1.27 umount.c > --- sbin/umount/umount.c 16 Dec 2016 17:44:59 - 1.27 > +++ sbin/umount/umount.c 4 Jan 2018 14:48:56 - > @@ -34,7 +34,6 @@ > #include > #include > #include > -#include > > #include > #include > Index: usr.bin/showmount/showmount.c > === > RCS file: /cvs/src/usr.bin/showmount/showmount.c,v > retrieving revision 1.21 > diff -u -p -r1.21 showmount.c > --- usr.bin/showmount/showmount.c 21 Jan 2017 11:32:04 - 1.21 > +++ usr.bin/showmount/showmount.c 4 Jan 2018 14:50:45 - > @@ -36,7 +36,6 @@ > #include > #include > #include > -#include > > #include > #include > Index: usr.sbin/identd/identd.c > === > RCS file: /cvs/src/usr.sbin/identd/identd.c,v > retrieving revision 1.38 > diff -u -p -r1.38 identd.c > --- usr.sbin/identd/identd.c 4 Jul 2017 01:09:42 - 1.38 > +++ usr.sbin/identd/identd.c 4 Jan 2018 14:52:34 - > @@ -19,7 +19,7 @@ > #include > #include > #include > -#include > +#include > #include > #include > #include > Index: usr.sbin/npppd/common/radish.c > === > RCS file: /cvs/src/usr.sbin/npppd/common/radish.c,v > retrieving revision 1.5 > diff -u -p -r1.5 radish.c > --- usr.sbin/npppd/common/radish.c30 May 2017 17:52:05 - 1.5 > +++ usr.sbin/npppd/common/radish.c4 Jan 2018 14:52:58 - > @@ -41,7 +41,6 @@ > > #include > #include > -#include > #include > #include > #include > Index: usr.sbin/snmpd/agentx.c > === > RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v > retrieving revision 1.10 > diff -u -p -r1.10 agentx.c > --- usr.sbin/snmpd/agentx.c 5 Dec 2015 06:42:18 - 1.10 > +++ usr.sbin/snmpd/agentx.c 4 Jan 2018 14:53:30 - > @@ -17,7 +17,7 @@ > > #include > #include > -#include > +#include > #include > #include > > Index: usr.sbin/snmpd/traphandler.c > === > RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v > retrieving revision 1.9 > diff -u -p -r1.9 traphandler.c > --- usr.sbin/snmpd/traphandler.c 12 Aug 2017 04:29:57 - 1.9 > +++ usr.sbin/snmpd/traphandler.c 4 Jan 2018 14:53:42 - > @@ -18,7 +18,6 @@ > > #include > #include > -#include > #include > #include > #include > -- :wq Claudio
Re: VMD: revise check for regular files on disks
Mike Larkinwrote: > On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote: > > Howdy. > > > > Attached is a patch to address a TOCTOU issue with checking to > > ensure disks are regular files, reported by jca@ . > > > > Comments? Ok? > > > > +--+ > > Carlos > > > Index: config.c > > === > > RCS file: /home/los/cvs/src/usr.sbin/vmd/config.c,v > > retrieving revision 1.38 > > diff -u -p -a -u -r1.38 config.c > > --- config.c3 Jan 2018 05:39:56 - 1.38 > > +++ config.c4 Jan 2018 03:55:47 - > > @@ -262,23 +262,23 @@ config_setvm(struct privsep *ps, struct > > /* Open disk images for child */ > > for (i = 0 ; i < vcp->vcp_ndisks; i++) { > > /* Stat disk[i] to ensure it is a regular file */ > > - if (stat(vcp->vcp_disks[i], _buf) == -1) { > > + if ((diskfds[i] = > > + open(vcp->vcp_disks[i], O_RDWR)) == -1) { > > O_RDONLY? Or do we actually support the SCSI write commands (ala > writing ISO images?) vcp_disks represent the vioblk devices which are RDWR. vcp_cdrom is RDONLY since it doesn't support writing ISOs. > > > log_warn("%s: can't open disk %s", __func__, > > vcp->vcp_disks[i]); > > errno = VMD_DISK_MISSING; > > goto fail; > > } > > - if (S_ISREG(stat_buf.st_mode) == 0) { > > - log_warn("%s: disk %s is not a regular file", __func__, > > + if (fstat(diskfds[i], _buf) == -1) { > > + log_warn("%s: can't open disk %s", __func__, > > vcp->vcp_disks[i]); > > - errno = VMD_DISK_INVALID; > > + errno = VMD_DISK_MISSING; > > I'd probably stick with INVALID here since technically the image is not > really "missing" Makes sense. > > > goto fail; > > } > > - if ((diskfds[i] = > > - open(vcp->vcp_disks[i], O_RDWR)) == -1) { > > - log_warn("%s: can't open disk %s", __func__, > > + if (S_ISREG(stat_buf.st_mode) == 0) { > > + log_warn("%s: disk %s is not a regular file", __func__, > > vcp->vcp_disks[i]); > > - errno = VMD_DISK_MISSING; > > + errno = VMD_DISK_INVALID; > > goto fail; > > } > > } > > ok mlarkin otherwise
Re: Remove useless includes
> Date: Thu, 4 Jan 2018 15:58:07 +0100 > From: Martin Pieuchot> > 'struct socket' is exposed to userland via . Most of > our programs in base do not need it. Since I'm going to change the > content of this struct for MP works, I'd like to reduce the impact on > userland. > > Here's a diff to remove useless includes, ok? ok kettenis@ > Index: sbin/mount_nfs/mount_nfs.c > === > RCS file: /cvs/src/sbin/mount_nfs/mount_nfs.c,v > retrieving revision 1.53 > diff -u -p -r1.53 mount_nfs.c > --- sbin/mount_nfs/mount_nfs.c27 May 2016 19:45:04 - 1.53 > +++ sbin/mount_nfs/mount_nfs.c4 Jan 2018 14:48:07 - > @@ -36,7 +36,6 @@ > #include > #include > #include > -#include > #include > #include > > Index: sbin/nfsd/nfsd.c > === > RCS file: /cvs/src/sbin/nfsd/nfsd.c,v > retrieving revision 1.37 > diff -u -p -r1.37 nfsd.c > --- sbin/nfsd/nfsd.c 31 Aug 2017 06:50:56 - 1.37 > +++ sbin/nfsd/nfsd.c 4 Jan 2018 14:48:32 - > @@ -40,7 +40,6 @@ > #include > #include > #include > -#include > > #include > #include > Index: sbin/umount/umount.c > === > RCS file: /cvs/src/sbin/umount/umount.c,v > retrieving revision 1.27 > diff -u -p -r1.27 umount.c > --- sbin/umount/umount.c 16 Dec 2016 17:44:59 - 1.27 > +++ sbin/umount/umount.c 4 Jan 2018 14:48:56 - > @@ -34,7 +34,6 @@ > #include > #include > #include > -#include > > #include > #include > Index: usr.bin/showmount/showmount.c > === > RCS file: /cvs/src/usr.bin/showmount/showmount.c,v > retrieving revision 1.21 > diff -u -p -r1.21 showmount.c > --- usr.bin/showmount/showmount.c 21 Jan 2017 11:32:04 - 1.21 > +++ usr.bin/showmount/showmount.c 4 Jan 2018 14:50:45 - > @@ -36,7 +36,6 @@ > #include > #include > #include > -#include > > #include > #include > Index: usr.sbin/identd/identd.c > === > RCS file: /cvs/src/usr.sbin/identd/identd.c,v > retrieving revision 1.38 > diff -u -p -r1.38 identd.c > --- usr.sbin/identd/identd.c 4 Jul 2017 01:09:42 - 1.38 > +++ usr.sbin/identd/identd.c 4 Jan 2018 14:52:34 - > @@ -19,7 +19,7 @@ > #include > #include > #include > -#include > +#include > #include > #include > #include > Index: usr.sbin/npppd/common/radish.c > === > RCS file: /cvs/src/usr.sbin/npppd/common/radish.c,v > retrieving revision 1.5 > diff -u -p -r1.5 radish.c > --- usr.sbin/npppd/common/radish.c30 May 2017 17:52:05 - 1.5 > +++ usr.sbin/npppd/common/radish.c4 Jan 2018 14:52:58 - > @@ -41,7 +41,6 @@ > > #include > #include > -#include > #include > #include > #include > Index: usr.sbin/snmpd/agentx.c > === > RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v > retrieving revision 1.10 > diff -u -p -r1.10 agentx.c > --- usr.sbin/snmpd/agentx.c 5 Dec 2015 06:42:18 - 1.10 > +++ usr.sbin/snmpd/agentx.c 4 Jan 2018 14:53:30 - > @@ -17,7 +17,7 @@ > > #include > #include > -#include > +#include > #include > #include > > Index: usr.sbin/snmpd/traphandler.c > === > RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v > retrieving revision 1.9 > diff -u -p -r1.9 traphandler.c > --- usr.sbin/snmpd/traphandler.c 12 Aug 2017 04:29:57 - 1.9 > +++ usr.sbin/snmpd/traphandler.c 4 Jan 2018 14:53:42 - > @@ -18,7 +18,6 @@ > > #include > #include > -#include > #include > #include > #include > >
Remove useless includes
'struct socket' is exposed to userland via . Most of our programs in base do not need it. Since I'm going to change the content of this struct for MP works, I'd like to reduce the impact on userland. Here's a diff to remove useless includes, ok? Index: sbin/mount_nfs/mount_nfs.c === RCS file: /cvs/src/sbin/mount_nfs/mount_nfs.c,v retrieving revision 1.53 diff -u -p -r1.53 mount_nfs.c --- sbin/mount_nfs/mount_nfs.c 27 May 2016 19:45:04 - 1.53 +++ sbin/mount_nfs/mount_nfs.c 4 Jan 2018 14:48:07 - @@ -36,7 +36,6 @@ #include #include #include -#include #include #include Index: sbin/nfsd/nfsd.c === RCS file: /cvs/src/sbin/nfsd/nfsd.c,v retrieving revision 1.37 diff -u -p -r1.37 nfsd.c --- sbin/nfsd/nfsd.c31 Aug 2017 06:50:56 - 1.37 +++ sbin/nfsd/nfsd.c4 Jan 2018 14:48:32 - @@ -40,7 +40,6 @@ #include #include #include -#include #include #include Index: sbin/umount/umount.c === RCS file: /cvs/src/sbin/umount/umount.c,v retrieving revision 1.27 diff -u -p -r1.27 umount.c --- sbin/umount/umount.c16 Dec 2016 17:44:59 - 1.27 +++ sbin/umount/umount.c4 Jan 2018 14:48:56 - @@ -34,7 +34,6 @@ #include #include #include -#include #include #include Index: usr.bin/showmount/showmount.c === RCS file: /cvs/src/usr.bin/showmount/showmount.c,v retrieving revision 1.21 diff -u -p -r1.21 showmount.c --- usr.bin/showmount/showmount.c 21 Jan 2017 11:32:04 - 1.21 +++ usr.bin/showmount/showmount.c 4 Jan 2018 14:50:45 - @@ -36,7 +36,6 @@ #include #include #include -#include #include #include Index: usr.sbin/identd/identd.c === RCS file: /cvs/src/usr.sbin/identd/identd.c,v retrieving revision 1.38 diff -u -p -r1.38 identd.c --- usr.sbin/identd/identd.c4 Jul 2017 01:09:42 - 1.38 +++ usr.sbin/identd/identd.c4 Jan 2018 14:52:34 - @@ -19,7 +19,7 @@ #include #include #include -#include +#include #include #include #include Index: usr.sbin/npppd/common/radish.c === RCS file: /cvs/src/usr.sbin/npppd/common/radish.c,v retrieving revision 1.5 diff -u -p -r1.5 radish.c --- usr.sbin/npppd/common/radish.c 30 May 2017 17:52:05 - 1.5 +++ usr.sbin/npppd/common/radish.c 4 Jan 2018 14:52:58 - @@ -41,7 +41,6 @@ #include #include -#include #include #include #include Index: usr.sbin/snmpd/agentx.c === RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v retrieving revision 1.10 diff -u -p -r1.10 agentx.c --- usr.sbin/snmpd/agentx.c 5 Dec 2015 06:42:18 - 1.10 +++ usr.sbin/snmpd/agentx.c 4 Jan 2018 14:53:30 - @@ -17,7 +17,7 @@ #include #include -#include +#include #include #include Index: usr.sbin/snmpd/traphandler.c === RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v retrieving revision 1.9 diff -u -p -r1.9 traphandler.c --- usr.sbin/snmpd/traphandler.c12 Aug 2017 04:29:57 - 1.9 +++ usr.sbin/snmpd/traphandler.c4 Jan 2018 14:53:42 - @@ -18,7 +18,6 @@ #include #include -#include #include #include #include
Re: isakmpd.policy check
On 2018/01/04 12:47, Martin Pieuchot wrote: > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane > we do. This means you trust your ipsec peers not to request an invalid flow. That's reasonable if you run both ends and trust yourself not to fat-finger it but it's not really OK if you run tunnels to third parties. > I'd like to enforce some policy based on what I write in > ipsec.conf(5)... That would be a bigger change ;) > So I don't understand why I have to pass '-K' in > every of the machine I setup. If I don't specify any policy file, then > I'd assume isakmpd(8) would do the right thing. > > Diff below makes '-K' the default if isakmpd.policy doesn't exist AND > you didn't specify a "Policy-file". I have to say I'm not too keen on this. At the moment -K is "danger! flows are not checked against policy".
isakmpd.policy check
I'm not writing any isakmpd.policy(5) file. I don't know anybody sane we do. I'd like to enforce some policy based on what I write in ipsec.conf(5)... So I don't understand why I have to pass '-K' in every of the machine I setup. If I don't specify any policy file, then I'd assume isakmpd(8) would do the right thing. Diff below makes '-K' the default if isakmpd.policy doesn't exist AND you didn't specify a "Policy-file". ok? Index: conf.c === RCS file: /cvs/src/sbin/isakmpd/conf.c,v retrieving revision 1.107 diff -u -p -r1.107 conf.c --- conf.c 27 Oct 2017 08:29:32 - 1.107 +++ conf.c 4 Jan 2018 11:41:25 - @@ -514,7 +514,6 @@ conf_load_defaults(int tr) conf_set(tr, "General", "Exchange-max-time", CONF_DFLT_EXCH_MAX_TIME, 0, 1); conf_set(tr, "General", "Use-Keynote", CONF_DFLT_USE_KEYNOTE, 0, 1); - conf_set(tr, "General", "Policy-file", CONF_DFLT_POLICY_FILE, 0, 1); conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0, 1); Index: policy.c === RCS file: /cvs/src/sbin/isakmpd/policy.c,v retrieving revision 1.97 diff -u -p -r1.97 policy.c --- policy.c22 Nov 2013 04:12:47 - 1.97 +++ policy.c4 Jan 2018 11:42:07 - @@ -1937,14 +1937,18 @@ policy_init(void) /* Get policy file from configuration. */ policy_file = conf_get_str("General", "Policy-file"); - if (!policy_file) - policy_file = CONF_DFLT_POLICY_FILE; - - /* Open policy file. */ - fd = monitor_open(policy_file, O_RDONLY, 0); - if (fd == -1) - log_fatal("policy_init: open (\"%s\", O_RDONLY) failed", - policy_file); + if (!policy_file) { + /* Try to open default policy file. */ + fd = monitor_open(CONF_DFLT_POLICY_FILE, O_RDONLY, 0); + if (fd == -1) + return; + } else { + /* Open policy file. */ + fd = monitor_open(policy_file, O_RDONLY, 0); + if (fd == -1) + log_fatal("policy_init: open (\"%s\", O_RDONLY) failed", + policy_file); + } /* Check file modes and collect file size */ if (check_file_secrecy_fd(fd, policy_file, )) {
Re: use inline functions instead of __statement
On Thu, Jan 04, 2018 at 09:35:36AM +1000, David Gwynne wrote: > these days you can use inline functions to get the same effect, but > it is a more obvious and standard language feature. If you want to go that way, you still should very likely mark the functions as always_inline, otherwise the debugging experience will be a lot more annoying. That said, at least for clang it would be even better to just use the builtin. Joerg
Re: Intel CPU Security Flaw Kernel Memory Leak (no microcode update) SW workarounds only
Hello all, there are 2 papers on the following site discussing the CPU Security Flaws https://spectreattack.com/ I hope this helps Tom Smyth
Re: [PATCH] Additional pledge(2) documentation
On Thu, Jan 04, 2018 at 03:02:23AM -0600, William Orr wrote: > Hey, > > I was working on an application that uses pledge, and without diving > into the source, I found it difficult to figure out what sysctl's are > permitted at different pledge levels. > > This documents the set of different sysctl ops that are allowed at > different pledge levels, and adds some additional documentation around > ioctl's as well. > Documenting pledge(2) is complex: it should document the expected behaviour, and not the implementation details. Thanks. -- Sebastien Marie
[PATCH] Additional pledge(2) documentation
Hey, I was working on an application that uses pledge, and without diving into the source, I found it difficult to figure out what sysctl's are permitted at different pledge levels. This documents the set of different sysctl ops that are allowed at different pledge levels, and adds some additional documentation around ioctl's as well. Thanks! Index: lib/libc/sys/pledge.2 === RCS file: /cvs/src/lib/libc/sys/pledge.2,v retrieving revision 1.48 diff -u -b -w -p -r1.48 pledge.2 --- lib/libc/sys/pledge.2 12 Dec 2017 11:11:18 - 1.48 +++ lib/libc/sys/pledge.2 4 Jan 2018 08:51:41 - @@ -141,6 +141,25 @@ support: .Xr getifaddrs 3 , .Xr uname 3 , system sensor readings. +Specifically: +.Va hw.sensors.* , +.Va kern.domainname , +.Va kern.hostname , +.Va net.route.0.0.rt_ifnames , +.Va kern.ostype , +.Va kern.osrelease , +.Va kern.osversion , +.Va kern.clockrate , +.Va kern.argmax , +.Va kern.ngroups , +.Va kern.sysvshm , +.Va kern.posix1version , +.Va hw.machine , +.Va hw.pagesize , +.Va vm.psstrings , +.Va hw.ncpu , +and +.Va vm.loadavg . .Pp .It Fn pledge Can only reduce permissions for @@ -322,6 +341,14 @@ domains: .Xr setsockopt 2 , .Xr getsockopt 2 . .Pp +The following +.Xr sysctl 2 +operations are allowed: +.Pp +.Va net.route.0.0.rt_iflist , +.Va net.route.0.inet.rt_iflist , +.Va net.route.0.inet6.rt_iflist +.Pp .Xr setsockopt 2 has been reduced in functionality substantially. .It Va mcast @@ -390,6 +417,15 @@ a few system calls become able to allow .Xr recvfrom 2 , .Xr socket 2 , .Xr connect 2 . +.Pp +The following +.Xr sysctl 2 +operations are allowed: +.Pp +.Va net.route.0.0.rt_iflist , +.Va net.route.0.inet.rt_iflist , +.Va net.route.0.inet6.rt_iflist +.Pp .It Va getpw This allows read-only opening of files in .Pa /etc @@ -491,19 +527,39 @@ and .Xr adjfreq 2 system calls. .It Va ps -Allows enough +Allows the following .Xr sysctl 3 interfaces to allow inspection of processes operating on the system using programs like -.Xr ps 1 . +.Xr ps 1 : +.Pp +.Va kern.fscale , +.Va kern.boottime , +.Va kern.consdev , +.Va kern.cptime , +.Va kern.cptime2 , +.Va kern.procargs.* , +.Va kern.proc.* , +.Va kern.proc_cwd.* , +.Va kern.physmem , +.Va kern.ccpu , +.Va vm.maxslp .It Va vminfo -Allows enough +Allows the following .Xr sysctl 3 interfaces to allow inspection of the system's virtual memory by programs like .Xr top 1 and -.Xr vmstat 8 . +.Xr vmstat 8 : +.Pp +.Va vm.uvmexp , +.Va vfs.generic.bcachestat , +.Va kern.fscale , +.Va kern.boottime , +.Va kern.consdev , +.Va kern.cptime , +.Va kern.cptime2 .It Va id Allows the following system calls which can change the rights of a process: @@ -562,6 +618,85 @@ Allow operation for statistics collection from a .Xr bpf 4 device. +.It Va disklabel +Allows a subset of +.Xr ioctl 2 +operations on +.Xr diskmap 4 +devices: +.Pp +.Dv DIOCGDINFO , +.Dv DIOCGPDINFO , +.Dv DIOCRLDINFO , +.Dv DIOCWDINFO , +.Dv BIOCDISK , +.Dv BIOCINQ , +.Dv BIOCINSTALLBOOT , +.Dv BIOCVOL , +.Dv DIOCMAP . +.Pp +Also enables the use of the following +.Xr sysctl 2 +operations: +.Pp +.Va kern.rawpartition , +.Va kern.maxpartitions , +.Va machdep.chr2blk . +.It Va route +Allows a subset of read-only +.Xr ioctl 2 +operations on network interfaces: +.Pp +.Dv SIOCGIFADDR , +.Dv SIOCGIFAFLAG_IN6 , +.Dv SIOCGIFALIFETIME_IN6 , +.Dv SIOCGIFDESCR , +.Dv SIOCGIFFLAGS , +.Dv SIOCGIFMETRIC , +.Dv SIOCGIFGMEMB , +.Dv SIOCGIFRDOMAIN , +.Dv SIOCGIFDSTADDR_IN6 , +.Dv SIOCGIFNETMASK_IN6 , +.Dv SIOCGIFXFLAGS , +.Dv SIOCGNBRINFO_IN6 , +.Dv SIOCGIFINFO_IN6 , +.Dv SIOCGIFMEDIA . +.Pp +Also allows the following +.Xr sysctl 2 +operations: +.Pp +.Va net.route.0.*.dump , +.Va net.route.0.0.rt_table , +.Va net.route.0.inet.rt_table , +.Va net.route.0.inet6.rt_table , +.Va net.route.0.0.flags.llinfo , +.Va net.route.0.inet.flags.llinfo , +.Va net.route.0.inet6.flags.llinfo , +.Va net.route.0.0.rt_iflist , +.Va net.route.0.inet.rt_iflist , +.Va net.route.0.inet6.rt_iflist . +.It Va vmm +Allows the following +.Xr ioctl 2 +operations on the +.Xr vmm 4 +device: +.Pp +.Dv VMM_IOC_TERM , +.Dv VMM_IOC_RUN , +.Dv VMM_IOC_RESETCPU , +.Dv VMM_IOC_INTR , +.Dv VMM_IOC_READREGS , +.Dv VMM_IOC_WRITEREGS . +.Pp +In combination with +.Va proc , +it additionally allows: +.Pp +.Dv VMM_IOC_CREATE +and +.Dv VMM_IOC_INFO . .It Va error Rather than killing the process upon violation, indicate error with .Er ENOSYS .