: between NFSv2 and NFSv3.
:Yes, I concur with your patch whole-heartedly. Apparently last night I
:was too-tired, and not intoxicated enough to understand the nfs_serv.c code :)
:
:I alas will not be able to test it. The machine is up and stable with 3k
:mbufs in reserve.. maybe later :)
:
Julian Elischer wrote:
talk to terry on this topic :-)
He has a set of patches that straighten all this out
You know, I almost made that comment. But I'd rather not have Terry
started again. :-)
--
Daniel C. Sobral(8-DCS)
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Installing compat22 did it, thank you!
Matthew
At 04:40 PM 7/23/99 -0700, Matthew Dillon wrote:
:Install the compat22 dist; you have an old a.out binary there.
:
: Greetings,
:
: I have a 3.2 install from CD-ROM and I am trying to run a commerical
: program, i.e. I don't have the source, and
On Fri, Jul 23, 1999, Wes Peters wrote:
Do I get a discount for having the same first name?
Nope, you get charged double for attempting to share in the Matt-light.
I've got you _all_ beat. Both of their first names is my
middle name. I get through free!
--
|Chris Costello [EMAIL
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the upgrade procedure tries to build the elf version of
libmytinfo. It generates
On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
No answer on -current, any help appreciated.
We're probably all sitting here thinking "I'm sure this was asked and
answered recently. He can read his CURRENT mail like the rest of us."
For the terminally lazy, this was a bug in the pci
Sue Blake wrote:
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
A sandbox is a security term. It can mean two things:
* A process which is placed inside a set of virtual walls that are
designed to prevent someone who breaks into the process from being
able to break into the wider system.
The process is said to be able to "play"
Sue Blake wrote:
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
In message [EMAIL PROTECTED] "David E. Cross" writes:
: Any-who, is there a way I can get a look at the raw mbuf/mbuf-clusters?
: I have a feeling that seeing the data in them would speak volumes of
: information. Preferably a way to see them without DDB/panic would be ideal.
I've also seen
In message [EMAIL PROTECTED] Chris Costello writes:
:Are you going to be listing all the RFCs that apply? For
: example, DNS is 1033, 1034, and 1035, and NNTP is 0850 and 0977.
DNS is also 1123 and a few others in the 2xxx range. Then again, a
lot are 1123 :-) NNTP should just list 977,
On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon [EMAIL PROTECTED]
wrote:
A sandbox is a security term. It can mean two things:
[...]
UNIX implements two core sanboxes. One is at the process level, and one
is at the userid level.
Every UNIX process is
On Mon, 26 Jul 1999, Sue Blake wrote:
If nobody understands how this sandbox thing works, we should change
the named.conf that we supply. If somebody does, then they or someone
Understanding a sandbox only requires the ability to read on the part of
the user (something anyone in charge of
On Thu, Jul 22, 1999 at 04:47:15PM -0600, Ronald G. Minnich wrote:
I'm working with intermezzo now. It's interesting.
Note that the VFS is quite simple, and defines a simple kernel-user
channel which maps VFS ops to requests on an IPC channel. The
possibilities are endless ...
A freebsd
Sheldon Hearn wrote:
On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
No answer on -current, any help appreciated.
We're probably all sitting here thinking "I'm sure this was asked and
answered recently. He can read his CURRENT mail like the rest of us."
I have indeed read
Hello,
I am wondering if anyone has had success running bridging only between a
wavelan IEEE802.11 in a BSD machine and a WavepointII using an
IEEE802.11 card. I have had great succes using purely wavelan/BSD.
Kirk McDonald
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe
Vincent Poy wrote:
On Thu, 22 Jul 1999, Doug wrote:
On Wed, 21 Jul 1999, Vincent Poy wrote:
Greetings everyone,
What are the current good motherboards for FreeBSD for the pentium
II and III? I know on the Pentium, it was the ASUS board but for the
PII/PIII, is the
Apologies if this appears twice. The first attempt didn't appear to work.
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the
On Sun, 25 Jul 1999, Doug wrote:
Vincent Poy wrote:
On Thu, 22 Jul 1999, Doug wrote:
On Wed, 21 Jul 1999, Vincent Poy wrote:
Greetings everyone,
What are the current good motherboards for FreeBSD for the pentium
II and III? I know on the Pentium, it was the
In article [EMAIL PROTECTED] you
write:
Yes, but /if/ KTRACE is present, today's code allows you to bypass
the lack of read permissions on an executable. That shouldn't be
allowed. The current behaviour could be regarded as a security
hole actually :).
No more so than core dumps do.
I vote
In message [EMAIL PROTECTED] Sheldon Hearn writes:
: This doesn't look right. If I can execute a binary, I can have the
: system allocate memory to me and but the binary image in it. It's my
: memory. :-)
Also, one can use a custom libc to get around the readonly ness, since
functions in libc
: between NFSv2 and NFSv3.
:Yes, I concur with your patch whole-heartedly. Apparently last night I
:was too-tired, and not intoxicated enough to understand the nfs_serv.c code :)
:
:I alas will not be able to test it. The machine is up and stable with 3k
:mbufs in reserve.. maybe later :)
:
Julian Elischer wrote:
talk to terry on this topic :-)
He has a set of patches that straighten all this out
You know, I almost made that comment. But I'd rather not have Terry
started again. :-)
--
Daniel C. Sobral(8-DCS)
d...@newsguy.com
d...@freebsd.org
Installing compat22 did it, thank you!
Matthew
At 04:40 PM 7/23/99 -0700, Matthew Dillon wrote:
:Install the compat22 dist; you have an old a.out binary there.
:
: Greetings,
:
: I have a 3.2 install from CD-ROM and I am trying to run a commerical
: program, i.e. I don't have the source, and it
On Fri, Jul 23, 1999, Wes Peters wrote:
Do I get a discount for having the same first name?
Nope, you get charged double for attempting to share in the Matt-light.
I've got you _all_ beat. Both of their first names is my
middle name. I get through free!
--
|Chris Costello
No answer on -current, any help appreciated.
Doug
Original Message
My boxes at work are -current from 7/16. They both use IDE disks since
other than system stuff the disk I/O for the real work is all NFS. In the
daily logs this morning I see this:
wd0:
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the upgrade procedure tries to build the elf version of
libmytinfo. It generates
Hi clever people
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
No answer on -current, any help appreciated.
We're probably all sitting here thinking I'm sure this was asked and
answered recently. He can read his CURRENT mail like the rest of us.
For the terminally lazy, this was a bug in the pci code,
Sue Blake wrote:
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
A sandbox is a security term. It can mean two things:
* A process which is placed inside a set of virtual walls that are
designed to prevent someone who breaks into the process from being
able to break into the wider system.
The process is said to be able to play
Sue Blake wrote:
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
Speaking of jail() ... it might be a good idea to change the int32 being
passed for the IP address to something a little more portable or it will
not be useable when IPV6 goes in. Perhaps a pointer and a length instead
of an int32, or even pass a structural pointer and a length
In message 199907240405.aaa04...@cs.rpi.edu David E. Cross writes:
: Any-who, is there a way I can get a look at the raw mbuf/mbuf-clusters?
: I have a feeling that seeing the data in them would speak volumes of
: information. Preferably a way to see them without DDB/panic would be ideal.
I've
In message 19990724082555.a40...@holly.dyndns.org Chris Costello writes:
:Are you going to be listing all the RFCs that apply? For
: example, DNS is 1033, 1034, and 1035, and NNTP is 0850 and 0977.
DNS is also 1123 and a few others in the 2xxx range. Then again, a
lot are 1123 :-) NNTP
On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon
dil...@apollo.backplane.com wrote:
A sandbox is a security term. It can mean two things:
[...]
UNIX implements two core sanboxes. One is at the process level, and one
is at the userid level.
Every UNIX process is
On Mon, 26 Jul 1999, Sue Blake wrote:
If nobody understands how this sandbox thing works, we should change
the named.conf that we supply. If somebody does, then they or someone
Understanding a sandbox only requires the ability to read on the part of
the user (something anyone in charge of
On Thu, Jul 22, 1999 at 04:47:15PM -0600, Ronald G. Minnich wrote:
I'm working with intermezzo now. It's interesting.
Note that the VFS is quite simple, and defines a simple kernel-user
channel which maps VFS ops to requests on an IPC channel. The
possibilities are endless ...
A freebsd
On Thu, Jul 15, 1999 at 07:14:03PM -0700, Jaye Mathisen wrote:
I could grow to like it.
I just wish that it was the other way around. I'd actually run
NT if I could get it in a VMWare compartment under FreeBSD.
Until that happens, I might just have to be content with slagging
it off, NT
I think committing this would be beneficial. Would someone w/ commit
privs care to review and then commit this bit?
I wrote it in rev 1.41 and gave it to the squid folks; it turned out
to cause X to fail in unexplained ways so we reverted it. Then I added
PRUS_MORETOCOME in rev 1.50,
Can anyone explain how or where the 199.15.320xc70f22 entry could
have come from? I've been unable to remove it ...
Have you tried
route -delete 199.15.32.0 -netmask 199.15.34.0? (I'm guessing at the .0
part; it got truncated. netstat -nrA might help figure out what it
really is)
(I can't
Sheldon Hearn wrote:
On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
No answer on -current, any help appreciated.
We're probably all sitting here thinking I'm sure this was asked and
answered recently. He can read his CURRENT mail like the rest of us.
I have indeed read my
Hello,
I am wondering if anyone has had success running bridging only between a
wavelan IEEE802.11 in a BSD machine and a WavepointII using an
IEEE802.11 card. I have had great succes using purely wavelan/BSD.
Kirk McDonald
To Unsubscribe: send mail to majord...@freebsd.org
with unsubscribe
Vincent Poy wrote:
On Thu, 22 Jul 1999, Doug wrote:
On Wed, 21 Jul 1999, Vincent Poy wrote:
Greetings everyone,
What are the current good motherboards for FreeBSD for the pentium
II and III? I know on the Pentium, it was the ASUS board but for the
PII/PIII, is the Abit
Apologies if this appears twice. The first attempt didn't appear to work.
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the
On Sun, 25 Jul 1999, Doug wrote:
Vincent Poy wrote:
On Thu, 22 Jul 1999, Doug wrote:
On Wed, 21 Jul 1999, Vincent Poy wrote:
Greetings everyone,
What are the current good motherboards for FreeBSD for the pentium
II and III? I know on the Pentium, it was the
jk The intent of this change is to prevent a user from seeing how an
jk executable with '--x--x--x' perms works by ktrace'ing its execution.
jk My question to -hackers is: is this a useful semantic? Would it break
jk anything if added?
nw If we make kernel auditing based upon KTRACE (which
:Understanding a sandbox only requires the ability to read on the part of
:the user (something anyone in charge of named administration has hopefully
:learned, else they don't need to be administrating anything).
:
:As for the current named.conf format... I agree that it should be
:changed.
In article 199907260450.vaa10559.kithrup.freebsd.hack...@freefall.freebsd.org
you write:
Yes, but /if/ KTRACE is present, today's code allows you to bypass
the lack of read permissions on an executable. That shouldn't be
allowed. The current behaviour could be regarded as a security
hole
:I wrote it in rev 1.41 and gave it to the squid folks; it turned out
:to cause X to fail in unexplained ways so we reverted it. Then I added
:PRUS_MORETOCOME in rev 1.50, which was supposed to have fixed the problem.
:Let's please not put the hack back in; if PRUS_MORETOCOME is broken
:let's
On Sun, 25 Jul 1999 21:50:55 MST, jko...@freebsd.org wrote:
Yes, but /if/ KTRACE is present, today's code allows you to bypass
the lack of read permissions on an executable. That shouldn't be
allowed. The current behaviour could be regarded as a security
hole actually :).
This doesn't
jk Yes, but /if/ KTRACE is present, today's code allows you to bypass
jkthe lack of read permissions on an executable. That shouldn't be
jkallowed. The current behaviour could be regarded as a security
jkhole actually :).
sef No more so than core dumps do.
Yes, but an application can protect
Yes, but an application can protect itself from an inadvertent core dump.
It can't (today) against being ktrace'd.
You'd better fix ptrace and procfs then. Of course, that breaks everything
that has always been true, but, hey, it's better to be wrong than right, I
guess?
if you care about
53 matches
Mail list logo
