Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

We conducted experiments following the methodology of rop-benchmark on both *OpenBSD 6.5* and *OpenBSD 7.3* program testsuites. We injected a simple stack overflow vulnerability into each program set in these experiments. We attempted to construct an ROP

Re: Use of fw_update to bootstrap OBSD

On Sun, Oct 08, 2023 at 02:36:16PM +0200, Thomas wrote: > Hello, > > I am installing OpenBSD on an old xps13 9380. The WiFi is not supported and > so I am using a usb dongle for which I need the athn-firmware. I get it to > work and now wanting to prep a USB disk with all necessary firmware.

Re: relayd ssl termination advice

Maybe I am wrong, but I thought that relayd was not capable of doing TLS pass through? That would be preferable if it is possible. Courtney On 10/9/23 00:42, Kapetanakis Giannis wrote: On 08/10/2023 04:00, Courtney wrote: Ultimately, I want to serve a handful of services on 80/443 that are

Re: [solved] syslogd in 7.4 no longer likes self signed certificates for TLS remote logging

Ok I solved it. Two issues: 1. the ca.crt file differed on various VMs, possibly due to bitrot 2. the -C option for syslogd to use the ca.crt as distributed to all VMs now (wasn't the case as I would append it's content to /etc/ssl/cert.pem and that was sufficient up till now) allows for

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

Can you show how you arrived at these results? The more detailed the better. Perhaps this should be its own blog post somewhere as well. I can't speak to the suggested experiments other than to say that having a wider audience may be of help.       Sent: Saturday, October 07, 2023 at 8:13 PM

Re: OT: Paid Email Provider Options

hostinger.com has hosting plans that include email. Just forego the hosting part and use their system for email. Super inexpensive AFAIK they meet the rest of your requirements. On Mon, Oct 9, 2023 at 11:24 AM Kevin Williams wrote: > > I registered a new domain and I am looking for an

Re: rdiff-backup remotely

Just to let you know that after retried many backup solutions to solve the quiz of the making of local backups with a remote machine has file source, I turned again to Duplicity to produce that delta file that later on I can download to keep updated my local server backup. -- Daniele Bonini

Re: syslogd in 7.4 no longer likes self signed certificates for TLS remote logging

Hi Stuart, On 09/10/2023 23:01, Stuart Henderson wrote: any chance you previously had added certs to /etc/ssl/cert.pem but lost that when upgrading? I always readd the ca.crt used to sign the client certs to /etc/ssl/cert.pem and distribute the file at upgrade via siteXX.tgz It's hard to

Re: syslogd in 7.4 no longer likes self signed certificates for TLS remote logging

On 2023-10-09, Peter N. M. Hansteen wrote: > On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote: >> >>   I upgraded to 7.4 via CVS on my VMs but not my routers (yet). The 7.3 >> routers are still able to connect via TLS but the 7.4 VMs can't as they >> don't like the self signed certs. It'd be

Re: syslogd in 7.4 no longer likes self signed certificates for TLS remote logging

Hi On 09/10/2023 19:59, Peter N. M. Hansteen wrote: You are aware that OpenBSD 7.4 has not been released yet, right? Of course. On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote:   This wasn't covered in http://www.openbsd.org/plus74.html . I have a setup where various OpenBSD instances

Re: Smtpd is not adding message-id

On Mon, 09 Oct 2023 19:32:50 +0200, Nicolas Goy wrote: > I am hitting this issue with some go based process that send emails: > > https://github.com/OpenSMTPD/OpenSMTPD/issues/1068 > > Basically the client is not putting any Message-Id header and smtpd is > not adding it when sending the email.

Re: debugging "invalid argument" errors when loading elf files

On Mon, Oct 9, 2023 at 11:21 AM Lorenz (xha) wrote: > hi misc@, > > i'm currently porting the hare programming language to openbsd and i am > having quite a few problems trying to use a linker script. i am always > getting a "/bin/ksh: .bin/hare: Invalid argument" error. > > so far i tried a lot

Smtpd is not adding message-id

Hello, I am hitting this issue with some go based process that send emails: https://github.com/OpenSMTPD/OpenSMTPD/issues/1068 Basically the client is not putting any Message-Id header and smtpd is not adding it when sending the email. Do you have an idea how to work around it? Or do I need

OT: Paid Email Provider Options

I registered a new domain and I am looking for an email provider for it. I am happy with k9w.org hosted at fastmail.com and am not looking to change for that domain at this time. I heard good things about pobox.com, gandi.net, and protonmail. But I want something else. pobox.com is owned by

debugging "invalid argument" errors when loading elf files

hi misc@, i'm currently porting the hare programming language to openbsd and i am having quite a few problems trying to use a linker script. i am always getting a "/bin/ksh: .bin/hare: Invalid argument" error. so far i tried a lot of stuff like comparing a working version without a linker

Re: syslogd in 7.4 no longer likes self signed certificates for TLS remote logging

You are aware that OpenBSD 7.4 has not been released yet, right? On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote: > >   This wasn't covered in http://www.openbsd.org/plus74.html . I have a setup > where various OpenBSD instances log via TLS to a central logger, using self > signed

syslogd in 7.4 no longer likes self signed certificates for TLS remote logging

Hello,   This wasn't covered in http://www.openbsd.org/plus74.html . I have a setup where various OpenBSD instances log via TLS to a central logger, using self signed certificates I generated locally (10 year validity). Both the server and the clients verify each other using the -c & -s

Re: relayd ssl termination advice

On 08/10/2023 04:00, Courtney wrote: > Ultimately, I want to serve a handful of services on 80/443 that are > easily accessible internally and externally, and I don't want to have > unencrypted traffic between relayd and my server for the services that > are passing sessions and such. Then don't