Re: possibility to disable relink in conf

2017-09-14 Thread sven falempin 
On Thu, Sep 14, 2017 at 10:26 AM, sven falempin  wrote:
>
>
> On Wed, Sep 13, 2017 at 9:07 PM, Theo de Raadt  wrote:
>>
>> > +[[ $reorder != NO ]] && /usr/libexec/reorder_kernel &
>>
>> No.  Kernels get relinked.
>>
>> if you don't like it, make your own personal changes and suffer
>> the consequences.
>>
>> We are not going to add buttons for 1 person.
>>
>> Stop suggesting changes which reduce safety.  You provided no
>> justifaction.  "Here have a diff" is a stupid process.  Ever wonder
>> why you don't have an account?  Hint: You don't discuss, you
>> don't read commit messages, you don't read our justifications,
>> you don't act in the same directions.  D.
>>
>
>
> I completly missed the
>
> library_aslr
>
> and/but  for kernel
>
> # Skip if /usr/share is on a nfs mounted filesystem.
>
> So yes, Kernels  _often_ get relinked,
> instead of being smart and guessing the NFS
> is the only problem, being to explicitly in local conf
is the only problem, being ABLE to explicitly WRITE in local conf
> droping the cool re-link would be more visible
THAT  the cool re-link  is being DROPPED ...
>
> and my diff is garbage.
>
> --
> --
> -
> The 1 %on



-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: possibility to disable relink in conf

2017-09-14 Thread sven falempin 
On Wed, Sep 13, 2017 at 9:07 PM, Theo de Raadt  wrote:

> > +[[ $reorder != NO ]] && /usr/libexec/reorder_kernel &
>
> No.  Kernels get relinked.
>
> if you don't like it, make your own personal changes and suffer
> the consequences.
>
> We are not going to add buttons for 1 person.
>
> Stop suggesting changes which reduce safety.  You provided no
> justifaction.  "Here have a diff" is a stupid process.  Ever wonder
> why you don't have an account?  Hint: You don't discuss, you
> don't read commit messages, you don't read our justifications,
> you don't act in the same directions.  D.
>
>

I completly missed the

library_aslr

and/but  for kernel

# Skip if /usr/share is on a nfs mounted filesystem.

So yes, Kernels  _often_ get relinked,
instead of being smart and guessing the NFS
is the only problem, being to explicitly in local conf
droping the cool re-link would be more visible

and my diff is garbage.

-- 
--
-
The 1 %on

Re: possibility to disable relink in conf

2017-09-13 Thread Theo de Raadt 
> +[[ $reorder != NO ]] && /usr/libexec/reorder_kernel &

No.  Kernels get relinked.

if you don't like it, make your own personal changes and suffer
the consequences.

We are not going to add buttons for 1 person.

Stop suggesting changes which reduce safety.  You provided no
justifaction.  "Here have a diff" is a stupid process.  Ever wonder
why you don't have an account?  Hint: You don't discuss, you
don't read commit messages, you don't read our justifications,
you don't act in the same directions.  D.

Re: possibility to disable relink in conf

2017-09-13 Thread sven falempin 
On Wed, Sep 13, 2017 at 11:58 AM, Theo de Raadt  wrote:
> Not going to do that.
>
>> Because sometimes you run not so good device,
>> and you boot often.
>>
>> or you do not want to write on boot.
>>
>> ( attached file got the tabulation to apply )
>>
>> Index: ./etc/rc.conf
>> ===
>> RCS file: /cvs/src/etc/rc.conf,v
>> retrieving revision 1.213
>> diff -u -p -r1.213 rc.conf
>> --- ./etc/rc.conf 26 Feb 2017 16:51:18 - 1.213
>> +++ ./etc/rc.conf 13 Sep 2017 14:35:21 -
>> @@ -51,6 +51,7 @@ rarpd_flags=NO
>>  rbootd_flags=NO
>>  relayd_flags=NO
>>  rebound_flags=NO
>> +reorder= # NO to disable relink on boot
>>  ripd_flags=NO
>>  route6d_flags=NO # be sure to set net.inet6.ip6.forwarding=1
>>  rtadvd_flags=NO # for normal use: list of interfaces
>> Index: ./etc/rc
>> ===
>> RCS file: /cvs/src/etc/rc,v
>> retrieving revision 1.493
>> diff -u -p -r1.493 rc
>> --- ./etc/rc 26 Feb 2017 16:51:18 - 1.493
>> +++ ./etc/rc 13 Sep 2017 14:35:21 -
>> @@ -411,7 +411,7 @@ mount -s /var >/dev/null 2>&1
>>
>>  random_seed
>>
>> -reorder_libs
>> +[[ $reorder != NO ]] && reorder_libs $reorder
>>
>>  # Clean up left-over files.
>>  rm -f /etc/nologin /var/spool/lock/LCK.*
>>
>> --
>> --
>> 
-
>> Knowing is not enough; we must apply. Willing is not enough; we must do
>>
>> --001a113fee683ba8120559132126
>> Content-Type: application/octet-stream; name=diff
>> Content-Disposition: attachment; filename=diff
>> Content-Transfer-Encoding: base64
>> X-Attachment-Id: f_j7j4r11g0
>>
>> SW5kZXg6IC4vZXRjL3JjLmNvbmYNCj09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09
>> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAv
Y3ZzL3NyYy9ldGMv
>> cmMuY29uZix2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMjEzDQpkaWZmIC11
IC1wIC1yMS4yMTMg
>> cmMuY29uZg0KLS0tIC4vZXRjL3JjLmNvbmYJMjYgRmViIDIwMTcgMTY6NTE6
MTggLTAwMDAJMS4y
>> MTMNCisrKyAuL2V0Yy9yYy5jb25mCTEzIFNlcCAyMDE3IDE0OjM1OjIxIC0w
MDAwDQpAQCAtNTEs
>> NiArNTEsNyBAQCByYXJwZF9mbGFncz1OTw0KIHJib290ZF9mbGFncz1OTw0K
IHJlbGF5ZF9mbGFn
>> cz1OTw0KIHJlYm91bmRfZmxhZ3M9Tk8NCityZW9yZGVyX2ZsYWdzPQkJIyBO
TyB0byBkaXNhYmxl
>> IHJlbGluayBvbiBib290DQogcmlwZF9mbGFncz1OTw0KIHJvdXRlNmRfZmxh
Z3M9Tk8JIyBiZSBz
>> dXJlIHRvIHNldCBuZXQuaW5ldDYuaXA2LmZvcndhcmRpbmc9MQ0KIHJ0YWR2
ZF9mbGFncz1OTwkJ
>> IyBmb3Igbm9ybWFsIHVzZTogbGlzdCBvZiBpbnRlcmZhY2VzDQpJbmRleDog
Li9ldGMvcmMNCj09
>> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09
>> PT09PT09PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMvcmMsdg0KcmV0cmll
dmluZyByZXZpc2lv
>> biAxLjQ5Mw0KZGlmZiAtdSAtcCAtcjEuNDkzIHJjDQotLS0gLi9ldGMvcmMJ
MjYgRmViIDIwMTcg
>> MTY6NTE6MTggLTAwMDAJMS40OTMNCisrKyAuL2V0Yy9yYwkxMyBTZXAgMjAx
NyAxNDozNToyMSAt
>> MDAwMA0KQEAgLTQxMSw3ICs0MTEsNyBAQCBtb3VudCAtcyAvdmFyID4vZGV2
L251bGwgMj4mMQ0K
>> IA0KIHJhbmRvbV9zZWVkDQogDQotcmVvcmRlcl9saWJzDQorW1sgJHJlb3Jk
ZXJfZmxhZ3MgIT0g
>> Tk8gXV0gJiYgcmVvcmRlcl9saWJzICRyZW9yZGVyX2ZsYWdzDQogDQogIyBD
bGVhbiB1cCBsZWZ0
>> LW92ZXIgZmlsZXMuDQogcm0gLWYgL2V0Yy9ub2xvZ2luIC92YXIvc3Bvb2wv
bG9jay9MQ0suKg0K
>> --001a113fee683ba8120559132126
>> Content-Type: application/octet-stream; name="diff.noflag"
>> Content-Disposition: attachment; filename="diff.noflag"
>> Content-Transfer-Encoding: base64
>> X-Attachment-Id: f_j7j4r1211
>>
>> SW5kZXg6IC4vZXRjL3JjLmNvbmYNCj09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09
>> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAv
Y3ZzL3NyYy9ldGMv
>> cmMuY29uZix2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMjEzDQpkaWZmIC11
IC1wIC1yMS4yMTMg
>> cmMuY29uZg0KLS0tIC4vZXRjL3JjLmNvbmYJMjYgRmViIDIwMTcgMTY6NTE6
MTggLTAwMDAJMS4y
>> MTMNCisrKyAuL2V0Yy9yYy5jb25mCTEzIFNlcCAyMDE3IDE0OjM1OjIxIC0w
MDAwDQpAQCAtNTEs
>> NiArNTEsNyBAQCByYXJwZF9mbGFncz1OTw0KIHJib290ZF9mbGFncz1OTw0K
IHJlbGF5ZF9mbGFn
>> cz1OTw0KIHJlYm91bmRfZmxhZ3M9Tk8NCityZW9yZGVyPQkJIyBOTyB0byBk
aXNhYmxlIHJlbGlu
>> ayBvbiBib290DQogcmlwZF9mbGFncz1OTw0KIHJvdXRlNmRfZmxhZ3M9Tk8J
IyBiZSBzdXJlIHRv
>> IHNldCBuZXQuaW5ldDYuaXA2LmZvcndhcmRpbmc9MQ0KIHJ0YWR2ZF9mbGFn
cz1OTwkJIyBmb3Ig
>> bm9ybWFsIHVzZTogbGlzdCBvZiBpbnRlcmZhY2VzDQpJbmRleDogLi9ldGMv
cmMNCj09PT09PT09
>> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09
>> PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMvcmMsdg0KcmV0cmlldmluZyBy
ZXZpc2lvbiAxLjQ5
>> Mw0KZGlmZiAtdSAtcCAtcjEuNDkzIHJjDQotLS0gLi9ldGMvcmMJMjYgRmVi
IDIwMTcgMTY6NTE6
>> MTggLTAwMDAJMS40OTMNCisrKyAuL2V0Yy9yYwkxMyBTZXAgMjAxNyAxNDoz
NToyMSAtMDAwMA0K
>> QEAgLTQxMSw3ICs0MTEsNyBAQCBtb3VudCAtcyAvdmFyID4vZGV2L251bGwg
Mj4mMQ0KIA0KIHJh
>> bmRvbV9zZWVkDQogDQotcmVvcmRlcl9saWJzDQorW1sgJHJlb3JkZXIgIT0g
Tk8gXV0gJiYgcmVv
>> cmRlcl9saWJzICRyZW9yZGVyDQogDQogIyBDbGVhbiB1cCBsZWZ0LW92ZXIg
ZmlsZXMuDQogcm0g
>> LWYgL2V0Yy9ub2xvZ2luIC92YXIvc3Bvb2wvbG9jay9MQ0suKg0K
>> --001a113fee683ba8120559132126--
>>
>

Sorry, i did not know the stuff was sending text file like that.
The diff, from

Re: possibility to disable relink in conf

2017-09-13 Thread Theo de Raadt 
Not going to do that.

> Because sometimes you run not so good device,
> and you boot often.
> 
> or you do not want to write on boot.
> 
> ( attached file got the tabulation to apply )
> 
> Index: ./etc/rc.conf
> ===
> RCS file: /cvs/src/etc/rc.conf,v
> retrieving revision 1.213
> diff -u -p -r1.213 rc.conf
> --- ./etc/rc.conf 26 Feb 2017 16:51:18 - 1.213
> +++ ./etc/rc.conf 13 Sep 2017 14:35:21 -
> @@ -51,6 +51,7 @@ rarpd_flags=NO
>  rbootd_flags=NO
>  relayd_flags=NO
>  rebound_flags=NO
> +reorder= # NO to disable relink on boot
>  ripd_flags=NO
>  route6d_flags=NO # be sure to set net.inet6.ip6.forwarding=1
>  rtadvd_flags=NO # for normal use: list of interfaces
> Index: ./etc/rc
> ===
> RCS file: /cvs/src/etc/rc,v
> retrieving revision 1.493
> diff -u -p -r1.493 rc
> --- ./etc/rc 26 Feb 2017 16:51:18 - 1.493
> +++ ./etc/rc 13 Sep 2017 14:35:21 -
> @@ -411,7 +411,7 @@ mount -s /var >/dev/null 2>&1
> 
>  random_seed
> 
> -reorder_libs
> +[[ $reorder != NO ]] && reorder_libs $reorder
> 
>  # Clean up left-over files.
>  rm -f /etc/nologin /var/spool/lock/LCK.*
> 
> -- 
> --
> -
> Knowing is not enough; we must apply. Willing is not enough; we must do
> 
> --001a113fee683ba8120559132126
> Content-Type: application/octet-stream; name=diff
> Content-Disposition: attachment; filename=diff
> Content-Transfer-Encoding: base64
> X-Attachment-Id: f_j7j4r11g0
> 
> SW5kZXg6IC4vZXRjL3JjLmNvbmYNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMv
> cmMuY29uZix2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMjEzDQpkaWZmIC11IC1wIC1yMS4yMTMg
> cmMuY29uZg0KLS0tIC4vZXRjL3JjLmNvbmYJMjYgRmViIDIwMTcgMTY6NTE6MTggLTAwMDAJMS4y
> MTMNCisrKyAuL2V0Yy9yYy5jb25mCTEzIFNlcCAyMDE3IDE0OjM1OjIxIC0wMDAwDQpAQCAtNTEs
> NiArNTEsNyBAQCByYXJwZF9mbGFncz1OTw0KIHJib290ZF9mbGFncz1OTw0KIHJlbGF5ZF9mbGFn
> cz1OTw0KIHJlYm91bmRfZmxhZ3M9Tk8NCityZW9yZGVyX2ZsYWdzPQkJIyBOTyB0byBkaXNhYmxl
> IHJlbGluayBvbiBib290DQogcmlwZF9mbGFncz1OTw0KIHJvdXRlNmRfZmxhZ3M9Tk8JIyBiZSBz
> dXJlIHRvIHNldCBuZXQuaW5ldDYuaXA2LmZvcndhcmRpbmc9MQ0KIHJ0YWR2ZF9mbGFncz1OTwkJ
> IyBmb3Igbm9ybWFsIHVzZTogbGlzdCBvZiBpbnRlcmZhY2VzDQpJbmRleDogLi9ldGMvcmMNCj09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMvcmMsdg0KcmV0cmlldmluZyByZXZpc2lv
> biAxLjQ5Mw0KZGlmZiAtdSAtcCAtcjEuNDkzIHJjDQotLS0gLi9ldGMvcmMJMjYgRmViIDIwMTcg
> MTY6NTE6MTggLTAwMDAJMS40OTMNCisrKyAuL2V0Yy9yYwkxMyBTZXAgMjAxNyAxNDozNToyMSAt
> MDAwMA0KQEAgLTQxMSw3ICs0MTEsNyBAQCBtb3VudCAtcyAvdmFyID4vZGV2L251bGwgMj4mMQ0K
> IA0KIHJhbmRvbV9zZWVkDQogDQotcmVvcmRlcl9saWJzDQorW1sgJHJlb3JkZXJfZmxhZ3MgIT0g
> Tk8gXV0gJiYgcmVvcmRlcl9saWJzICRyZW9yZGVyX2ZsYWdzDQogDQogIyBDbGVhbiB1cCBsZWZ0
> LW92ZXIgZmlsZXMuDQogcm0gLWYgL2V0Yy9ub2xvZ2luIC92YXIvc3Bvb2wvbG9jay9MQ0suKg0K
> --001a113fee683ba8120559132126
> Content-Type: application/octet-stream; name="diff.noflag"
> Content-Disposition: attachment; filename="diff.noflag"
> Content-Transfer-Encoding: base64
> X-Attachment-Id: f_j7j4r1211
> 
> SW5kZXg6IC4vZXRjL3JjLmNvbmYNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMv
> cmMuY29uZix2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMjEzDQpkaWZmIC11IC1wIC1yMS4yMTMg
> cmMuY29uZg0KLS0tIC4vZXRjL3JjLmNvbmYJMjYgRmViIDIwMTcgMTY6NTE6MTggLTAwMDAJMS4y
> MTMNCisrKyAuL2V0Yy9yYy5jb25mCTEzIFNlcCAyMDE3IDE0OjM1OjIxIC0wMDAwDQpAQCAtNTEs
> NiArNTEsNyBAQCByYXJwZF9mbGFncz1OTw0KIHJib290ZF9mbGFncz1OTw0KIHJlbGF5ZF9mbGFn
> cz1OTw0KIHJlYm91bmRfZmxhZ3M9Tk8NCityZW9yZGVyPQkJIyBOTyB0byBkaXNhYmxlIHJlbGlu
> ayBvbiBib290DQogcmlwZF9mbGFncz1OTw0KIHJvdXRlNmRfZmxhZ3M9Tk8JIyBiZSBzdXJlIHRv
> IHNldCBuZXQuaW5ldDYuaXA2LmZvcndhcmRpbmc9MQ0KIHJ0YWR2ZF9mbGFncz1OTwkJIyBmb3Ig
> bm9ybWFsIHVzZTogbGlzdCBvZiBpbnRlcmZhY2VzDQpJbmRleDogLi9ldGMvcmMNCj09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMvcmMsdg0KcmV0cmlldmluZyByZXZpc2lvbiAxLjQ5
> Mw0KZGlmZiAtdSAtcCAtcjEuNDkzIHJjDQotLS0gLi9ldGMvcmMJMjYgRmViIDIwMTcgMTY6NTE6
> MTggLTAwMDAJMS40OTMNCisrKyAuL2V0Yy9yYwkxMyBTZXAgMjAxNyAxNDozNToyMSAtMDAwMA0K
> QEAgLTQxMSw3ICs0MTEsNyBAQCBtb3VudCAtcyAvdmFyID4vZGV2L251bGwgMj4mMQ0KIA0KIHJh
> bmRvbV9zZWVkDQogDQotcmVvcmRlcl9saWJzDQorW1sgJHJlb3JkZXIgIT0gTk8gXV0gJiYgcmVv
> cmRlcl9saWJzICRyZW9yZGVyDQogDQogIyBDbGVhbiB1cCBsZWZ0LW92ZXIgZmlsZXMuDQogcm0g
> LWYgL2V0Yy9ub2xvZ2luIC92YXIvc3Bvb2wvbG9jay9MQ0suKg0K
> --001a113fee683ba8120559132126--
>

Re: possibility to disable relink in conf

2017-09-13 Thread Stuart Henderson 
On 2017/09/13 14:39, sven falempin wrote:
> Because sometimes you run not so good device,
> and you boot often.
> 
> or you do not want to write on boot.
> 
> ( attached file got the tabulation to apply )

Please check -current before proposing diffs.


revision 1.216
date: 2017/05/30 12:04:26;  author: tb;  state: Exp;  lines: +2 -1;  commitid: 
10TzgqVCDGumO7GM;
Introduce a scary rc.conf(8) knob library_aslr=(YES|NO) to turn off the
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.

Discussed with various;
input & ok from deraadt ajacoutot

possibility to disable relink in conf

2017-09-13 Thread sven falempin 
Because sometimes you run not so good device,
and you boot often.

or you do not want to write on boot.

( attached file got the tabulation to apply )

Index: ./etc/rc.conf
===
RCS file: /cvs/src/etc/rc.conf,v
retrieving revision 1.213
diff -u -p -r1.213 rc.conf
--- ./etc/rc.conf 26 Feb 2017 16:51:18 - 1.213
+++ ./etc/rc.conf 13 Sep 2017 14:35:21 -
@@ -51,6 +51,7 @@ rarpd_flags=NO
 rbootd_flags=NO
 relayd_flags=NO
 rebound_flags=NO
+reorder= # NO to disable relink on boot
 ripd_flags=NO
 route6d_flags=NO # be sure to set net.inet6.ip6.forwarding=1
 rtadvd_flags=NO # for normal use: list of interfaces
Index: ./etc/rc
===
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.493
diff -u -p -r1.493 rc
--- ./etc/rc 26 Feb 2017 16:51:18 - 1.493
+++ ./etc/rc 13 Sep 2017 14:35:21 -
@@ -411,7 +411,7 @@ mount -s /var >/dev/null 2>&1

 random_seed

-reorder_libs
+[[ $reorder != NO ]] && reorder_libs $reorder

 # Clean up left-over files.
 rm -f /etc/nologin /var/spool/lock/LCK.*

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do


diff
Description: Binary data


diff.noflag
Description: Binary data