-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
Joco Salvatti wrote:
1. Why doesn't passwd ask superuser's current password when it's run
by the superuser to change its own password? May not it be considered
a serious security flaw?
No. If you are already root, you could add easily
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don Boling wrote:
Wouldn't this be the main reason to use sudo?
Not at all.
If your box is not physically secure, even sudo wouldn't prevent an
attacker of joking around with your server...
Use sudo anyways, but keep your servers physically
You can use SNMP to monitor the wan interface on almost all routers,
(I know personally about the cisco), so you might set something up
that monitors taht, or you could using a dynamic routing protcocal,
even rip would do, just something interactive between OBSD firewall
and the router, the
Hi,
just a quick question, anyone running OpenBSD/amd64 on an Asus A8N-VM or
A8V-VM motherboard? Things that work/don't work?
Thanks,
Jasper
A8N-VM:
http://www.asus.com/products4.aspx?l1=3l2=15l3=231model=768modelmenu=1
A8V-VM:
Rekan Netter yang budiman, maafkan saya mengganggu waktu anda sebentar...
Hanya Dengan Mensponsori 4 Orang Saja. Sistem Afiliasi yang banyak beredar di
internet sekarang ini komisinya hanya dibatasi dari mulai Satu Level hingga
Lima Level saja. 'Sedangkan Program Afiliasi Multi Level' ini bekerja
Chris Zakelj schrieb:
Sounds great in theory, but as Theo gently reminded me when I asked this
a year or two ago, there's only so much space on a single 1.44M floppy.
Including even rudimentary PPPoE would crowd out other drivers and tools
that are much more useful during an install.
Why not
On 22.06.2006, at 10:06, Michael Lechtermann wrote:
Hi!
I doubt anyone would be totally angry when he needs to hit ENTER one
more time to skip that question.
No doubt my name is anyone. I'd be angry.
It's not about hitting Return one more time, it's integrating
something new into the
Falk Husemann wrote:
No doubt my name is anyone. I'd be angry.
It's not about hitting Return one more time, it's integrating something
new into the Installation Floppy. And you REALLY don't want to drop
Floppy Installation support or favor CDs.
If you had actually read what I have written
Michael Lechtermann schrieb:
Falk Husemann wrote:
No doubt my name is anyone. I'd be angry.
It's not about hitting Return one more time, it's integrating something
new into the Installation Floppy. And you REALLY don't want to drop
Floppy Installation support or favor CDs.
If you had
Ahh... Looks like a fully functional DMI (Detonate Machine Interface)
has arrived at last... Wonder how that would work out as a LART.
Tim Donahue
On Wed, 21 Jun 2006 21:20:31 +0200 (CEST)
[EMAIL PROTECTED] wrote:
Because I know some peoples here own DELL Notebooks:
It happened that such a
On Wed, Jun 21, 2006 at 11:32:50PM +0200, Laurens Vets wrote:
Matt Van Mater wrote:
I ran into a very similar (maybe same) problem here:
http://marc.theaimsgroup.com/?l=openbsd-miscm=113236417207016w=2
I have not found a solution to my problem yet unfortunately. One
thing I noticed is that
Guido Tschakert wrote:
You surely do not want to say no to dozens of network questions (and
maybe a lot of other stuff)
Thats why I suggested to make just one question that asks if you would
like to to any optional setup. Default answer [n]. If you choose yes,
only then you'll get the additional
On Wed, Jun 21, 2006 at 09:41:42AM +1200, Joshua Sandbrook wrote:
Gidday
Im writing a shell at the moment that chroots into a users home dir and then
runs only the sftp-server program ( which is in the uses home dir ).
Anyway, it wont work unless /dev/null is present in the chroot...
On 22.06.2006, at 12:04, Michael Lechtermann wrote:
Hi!
You surely do not want to say no to dozens of network questions (and
maybe a lot of other stuff)
Thats why I suggested to make just one question that asks if you would
like to to any optional setup. Default answer [n]. If you choose yes,
* Matthew R. Dempsky [EMAIL PROTECTED] [2006-06-20 16:50]:
Is it possible to configure dhclient(8) to automatically re-request a
DHCP lease on media changes (e.g., plugging in a new ethernet cable,
associating with a new wireless access point, trunk(4) switching between
interfaces)? If
* Anders J [EMAIL PROTECTED] [2006-06-20 21:06]:
Hello List.
A customer have a mailserver solution wich must be moved to a new
hardware, today its is running on a old suse 9.2 but i really want to
use OpenBSD if possible.
It uses postfix, cyrus-imap and mysql as the backend for users domain
[EMAIL PROTECTED] wrote:
Quoting [EMAIL PROTECTED]:
Quoting Nick Holland [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
...
The dmesg with the B1 card only lacks the three appropriate lines which
appear for the Rev A1 card when it is inserted in the same PCI slot:
IF that is true, your card
Dear folks,
some time ago, i posted a message asking about SMP support in openbsd.
I wondered what was the state-of-art algorithm for massive parallel
performance and the one openbsd picked.
Sorry, but i turn to this subject again because i don't have that
thread of conversation, so please,
On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote:
So the attacker could enter in single
user mode, without the need for the root password, and load a
malicious kernel module.
The attacker cannot load a malicious kernel module on OpenBSD, because
OpenBSD specifically does not support loadable
On 2006/06/22 12:04, Michael Lechtermann wrote:
Guido Tschakert wrote:
You surely do not want to say no to dozens of network questions (and
maybe a lot of other stuff)
Thats why I suggested to make just one question that asks if you would
like to to any optional setup. Default answer [n].
Hi,
After contemplating for sometime between buying a Zaurus C3100 and a
HPC jazjar/universal (aka Qtek 9000, i-mate, O2 XDA Exec, T-Mobile
MDA IV etc), to satisify my requirement for mobile remote
administration needs etc. I decided to go with the Jazjar, and try to
live with MS windows
On Thu, Jun 22, 2006 at 01:04:00PM +0100, Constantine A. Murenin wrote:
On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote:
So the attacker could enter in single
user mode, without the need for the root password, and load a
malicious kernel module.
The attacker cannot load a malicious
On Thu, Jun 22, 2006 at 08:32:00AM -0300, Gustavo Rios wrote:
Dear folks,
some time ago, i posted a message asking about SMP support in openbsd.
I wondered what was the state-of-art algorithm for massive parallel
performance and the one openbsd picked.
Sorry, but i turn to this subject
On Thu, Jun 22, 2006 at 01:04:00PM +0100, Constantine A. Murenin wrote:
On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote:
So the attacker could enter in single
user mode, without the need for the root password, and load a
malicious kernel module.
The attacker cannot load a malicious
Michael Lechtermann wrote:
Guido Tschakert wrote:
You surely do not want to say no to dozens of network questions (and
maybe a lot of other stuff)
Thats why I suggested to make just one question that asks if you would
like to to any optional setup. Default answer [n]. If you choose
2006/6/21, Joco Salvatti [EMAIL PROTECTED]:
Let's suppose an attacker entered the room where an OpenBSD server is
located in, and by mistake the system administrator has forgotten to
logout the root login session.
http://www.darkwing.com/idled/
So the attacker could enter in single
user
On 22/06/06, Ryan McBride [EMAIL PROTECTED] wrote:
On Thu, Jun 22, 2006 at 01:04:00PM +0100, Constantine A. Murenin wrote:
On 21/06/06, Joco Salvatti [EMAIL PROTECTED] wrote:
So the attacker could enter in single
user mode, without the need for the root password, and load a
malicious kernel
Matthias Kilian wrote:
On Tue, Jun 20, 2006 at 10:59:58AM +0200, Federico Giannici wrote:
[...]
The pc freezes (but only occasionally) during dumps of the entire
filesystem, using the system dump program. The dump is done while the
system is in use, so files may change during the dump.
i've had ufs2 done (well, the kernel part) on my laptop for almost six
months now :) most of it is in, although, as joachim pointed you to,
some essential parts had to be backed out cause compatibility with old
tools was broken, which is just not acceptable in openbsd.
and that was totally my
On Thu, Jun 22, 2006 at 03:25:41PM +0200, Federico Giannici wrote:
Yesterday another PC freezed!
It just crashed again!
did it freeze or did it crash?
can you try breaking into ddb?
-p.
Hi,
i've updated the kernel image on the download server
(http://cancel.adviseo.net/Open-BSD/bsd).
This includes a few bugfixes:
- Floating point instructions are now functionnal (it's possible they
even were on the old image)
- A random page fault in statclock() has been fixed
- Network
Pedro Martelletto wrote:
On Thu, Jun 22, 2006 at 03:25:41PM +0200, Federico Giannici wrote:
Yesterday another PC freezed!
It just crashed again!
did it freeze or did it crash?
I wrote it into the first email: it freezes with no error at all, no
network, only freezed video.
can you try
On Thu, Jun 22, 2006 at 03:59:30PM +0200, Federico Giannici wrote:
I commented the ddb.panic=0, but nothing changed.
can you try setting ddb.console=1, and after the box freezes, see if
ctrl+alt+esc gets you in ddb?
I have read that now you are Italian, do you speak italian too? ;-)
nope :(
On Wed, 2006-06-21 at 17:49 +0200, Bihlmaier Andreas wrote:
Sorry, for that but I thought it wouldn't matter:
I dont mean to offend you, but... i think test environment matter.
All hosts are in the same network and can talk directly to each other,
but for unsecure protocols (NFS, HTTP) I
Federico Giannici schrieb:
Matthias Kilian wrote:
On Tue, Jun 20, 2006 at 10:59:58AM +0200, Federico Giannici wrote:
[...]
The pc freezes (but only occasionally) during dumps of the entire
filesystem, using the system dump program. The dump is done while
the system is in use, so files may
On Thu, Jun 22, 2006 at 04:03:58PM +0200, Massimo Lusetti wrote:
On Wed, 2006-06-21 at 17:49 +0200, Bihlmaier Andreas wrote:
Sorry, for that but I thought it wouldn't matter:
I dont mean to offend you, but... i think test environment matter.
All hosts are in the same network and can
Bihlmaier Andreas wrote:
My problem with the speed is that compared to the performance I get out
of openssl (by USERcrypto) the IPSEC (in kernel) performance is terrible.
AFAIK right now it doesn't even make use of the crypto hardware because
I can get the same throughput with a comparable
Dries Schellekens wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
Sam Leffler of FreeBSD did some work in improving the performance of the
OpenBSD kernel crypto framework:
hi folks,
my setup
pc1 - soekris 4801 - soekris 4801 - pc2
between the soekris boxes wlan with ralink (2561)
default 3.9 setup without isakmp ...
pc1
ifconfig eth0 192.168.20.2 netmask 255.255.255.0 up
route add default gw 192.168.20.1 eth0
box1
sysctl -w net.inet.ip.forwarding=1
ifconfig
an additional info:
in the first step i use the ralink RT2561T.
now i tried the ralink RT2560F and i must
press ifconfig sis0 up every 3 seconds and
the throughput is also very bad.
i think it's can also be a problem of the
ralink driver.
-Thomas
hi folks,
my setup
pc1 - soekris 4801 -
On Thu, Jun 22, 2006 at 05:08:07PM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
My problem with the speed is that compared to the performance I get out
of openssl (by USERcrypto) the IPSEC (in kernel) performance is terrible.
AFAIK right now it doesn't even make use of the
Howdy folks,
I've been following an example in the Absolute OpenBSD book on how to
setup two separate child queues for traffic going to two different
networks over the same interface.
This server runs OpenBSD 3.8(Generic kernel with raidframe and MP),
has two NICs (internal/external) and serves
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm sorry, I didn't get it the first time, but I get it know :)
This is what I was seeking for, an answer.
Now I have to greatly improve my C
2006/6/22, Michael Lechtermann [EMAIL PROTECTED]:
Why not just make it a special feature for people who buy the CD?
Go ahead. Roll your own version of OpenBSD with your special installer
and sell the CDs.
Best
Martin
On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote:
Oops. :) I guess I misunderstood
http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems
where Kernel type refers solely to the provided kernel of the OS
itself, not of the OS features that may be (ab)used by some
On 2006/06/22 17:38, Thomas Bvrnert wrote:
pc1 - soekris 4801 - soekris 4801 - pc2
between the soekris boxes wlan with ralink (2561)
all works fine, but if i copy a file with 500MB from
pc2 to pc1 with scp i got a break on the communication
on the sis0 on box1 after some seconds.
please
At 11:13 PM 6/21/2006 -0700, Lawrence Horvath wrote:
You can use SNMP to monitor the wan interface on almost all routers,
(I know personally about the cisco), so you might set something up
that monitors taht, or you could using a dynamic routing protcocal,
even rip would do, just something
Hi there,
$subject sums it up real nice :)
I'm trying to get access to two older harddisks on my -current box, but I
can't even finish to boot the kernel. dmesg and page fault are provided.
Please CC me, as I'm currently not tracking [EMAIL PROTECTED]
If you need more information, I'd be
I'm testing a pair of bgpd systems with
OpenBSD 3.9-current (GENERIC.MP) #790: Wed Jun 21 14:47:17 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
at both sides. if I use
ipsec esp ike
or ipsec ah ike
in a neighbour definition, and copy the public keys across, I
On Thu, Jun 22, 2006 at 10:22:08AM -0700, Joe wrote:
Dries Schellekens wrote:
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm interested in purchasing one of these boards for my
ok i tried it and it works, ... strange ...
the throughout is a little bit higher, without the
patch it was 2,4 MB/s and with the patch 2,7 MB/s.
(scp) and i've 1500 total interrupts more.
But i think the problem is on another place in the code.
Thomas
On Thu, 2006-06-22 at 17:59 +0100, Stuart
On 6/22/06, L. V. Lammert [EMAIL PROTECTED] wrote:
At 11:13 PM 6/21/2006 -0700, Lawrence Horvath wrote:
You can use SNMP to monitor the wan interface on almost all routers,
(I know personally about the cisco), so you might set something up
that monitors taht, or you could using a dynamic routing
On Thu, Jun 22, 2006 at 06:36:04PM +0200, Martin Schr?der wrote:
2006/6/22, Michael Lechtermann [EMAIL PROTECTED]:
Why not just make it a special feature for people who buy the CD?
Go ahead. Roll your own version of OpenBSD with your special installer
and sell the CDs.
Or, rather, don't. It
On 22/06/06, Ted Unangst [EMAIL PROTECTED] wrote:
On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote:
Oops. :) I guess I misunderstood
http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems
where Kernel type refers solely to the provided kernel of the OS
itself, not
Lawrence Horvath wrote:
On 6/22/06, L. V. Lammert [EMAIL PROTECTED] wrote:
At 11:13 PM 6/21/2006 -0700, Lawrence Horvath wrote:
...
Keep in mind also that redundancy is fine for outgoing traffic, but
to actually route incoming traffic you must also have an upstream
ISP(s) that can handle
On Thu, 22 Jun 2006 12:04:25 +0200
Michael Lechtermann [EMAIL PROTECTED] wrote:
: Guido Tschakert wrote:
: You surely do not want to say no to dozens of network questions (and
: maybe a lot of other stuff)
: Thats why I suggested to make just one question that asks if you would
: like to to any
On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote:
On 22/06/06, Ted Unangst [EMAIL PROTECTED] wrote:
On 6/22/06, Constantine A. Murenin [EMAIL PROTECTED] wrote:
Oops. :) I guess I misunderstood
http://en.wikipedia.org/wiki/Comparison_of_open_source_operating_systems
where Kernel
Hi,
I'm wondering whether it's possible to have dhcpd give out addresses more
randomly and changing the addresses more for hosts that renew their lease.
I don't understand DHCP too well but I'm trying to make sense of the RFC.
Is it not wanted that hosts on DHCP enjoy a random IP? Or is use of
On Wed, Jun 21, 2006 at 06:39:28PM -0400, Hugo Villeneuve wrote:
Here is what I stuck in my sendmail .mc file:
define(`confMESSAGEID_HEADER', `[EMAIL PROTECTED]')dnl
Put that in submit.mc and recreate submit.cf.
Sendmail doesn't allow the rewriting of message-id, that rule is
used
On Thu, Jun 22, 2006 at 06:30:27PM +0200, Dries Schellekens wrote:
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm sorry, I didn't get it the first time, but I get it know :)
This is
Bihlmaier Andreas [EMAIL PROTECTED] wrote:
Since I have no glue at all how IPSEC goes about looking for crypto
accelerator hardware and making use of it, I'm kind of stuck. Because
everything I have found so far by google and archives was that it should
just work.
Not directly applicable to
From: [EMAIL PROTECTED]
Is it not wanted that hosts on DHCP enjoy a random IP? Or is
use of DHCP
mainly for making configuration of hosts easier in a large network?
Does a random IP taste better to the interface card than a static one?
The *whole* point of DHCP is to make configuration of
Well I've implicated timed(8) and nailed it to a master clock on the
network and it seems to be holding, so far so good! I look at using this
solution as applying band-aid im hoping to find out why this problem
happens in the first place. If anyone has any ideas let me know.
Thanks for the input
Since some people are so nice and started bitching around like they
were some 12 year olds, I feel the need to set something straight here.
Personally, I really don't care if there is an additional, optional,
setup routine for anything since I don't need it, would probably never
use it and will
On 2006/06/22 19:44, Thomas Bvrnert wrote:
ok i tried it and it works, ... strange ...
the throughout is a little bit higher, without the
patch it was 2,4 MB/s and with the patch 2,7 MB/s.
(scp) and i've 1500 total interrupts more.
But i think the problem is on another place in the code.
it's shure no power-saving problem, because:
i'm using the boxes as router with ral.
with the RT2561 Chip i had this problem only after 500MB
transferred data, with the RT2560 Chip i had this problem
after some MB and 3 seconds. And thats no power-saving
after 3 seconds. i've no problem with a
This is due to a problem in the ral driver. I have mailed damien, and
hopefully a fix will be written soon. (the same mistake is in some of
the other drivers drivers he has written too)
Theo de Raadt wrote:
This is due to a problem in the ral driver. I have mailed damien, and
hopefully a fix will be written soon. (the same mistake is in some of
the other drivers drivers he has written too)
Please post/have someone post a follow-up when this is done. I have,
what I believe,
Thanks for the reply...
It is sftp-server that tries to open /dev/null.
As I dont want to modify sftp-server or anything like that, I think im going
to just populate each chroot environment with a /dev/null. However, as I dont
want /home to have any devices on it, is there a way to have some
Hi, I've got a bridge firewall protecting some FTP servers. In the
past I've used ftpsesame to let people on the internet use passive
connections to my FTP servers. I hear that ftp-proxy in 3.9 is
supposed to have the functionality of ftpsesame, so I'm trying to
figure out how to make that work.
Jasper Lievisse Adriaanse wrote:
just a quick question, anyone running OpenBSD/amd64 on an Asus A8N-VM or
A8V-VM motherboard? Things that work/don't work?
Yes, I'm running -current on an A8V (it's full designation on the box is
A8V-UAYVZ) that I got about a month ago. Started with
On 6/22/06, Peter Philipp [EMAIL PROTECTED] wrote:
In my setup here at home the router changes addresses frequently (this has
many benefits, such as deterring people from using static ip's on the wifi)
however I'd like the DHCP clients to enjoy a rather ever changing address
as well, I've set
I started to submit this via sendbug, but I wanted to make sure I
wasn't missing something obvious. This is reproducible on OpenBSD
3.7, 3.8 and 3.9 releases.
Description:
=
When using nc to proxy syslog packets, inetd spawns excessive nc
processes. It creates anywhere from 16
My laptop has been crashing quite a bit lately. Because its running X, I
can't actually see anything in ddb. So I just type boot dump and wait
for it to reboot. Every time I do this though, trying to look at the
dump using gdb I get:
(gdb) target kvm /var/crash/bsd.3.core
#0 0xd0448f25 in
Hi Brauer and Anders
What is the diference between the actual threading library and rtheads?
I use MySQL 5.0.18 and OpenBSD 3.9 for AMD64 and work fine, and I used
a lot of insert / hour in it, using Innodb tables.
Thanks and Regards,
Julian Bolivar
Henning Brauer wrote:
* Anders J
On Wed, Jun 21, 2006 at 10:40:56PM -0400, Nick Holland wrote:
Przemys3aw Pawe3czyk wrote:
Hi,
How to change HDD parameters like this:
wd1 at pciide0 channel 1 drive 0: FUJITSU MPD3084AT
wd1: 16-sector PIO, LBA, 8063MB, 16514064 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
On Jun 22, 2006, at 9:43 PM, Jason Dixon wrote:
I started to submit this via sendbug, but I wanted to make sure I
wasn't missing something obvious. This is reproducible on OpenBSD
3.7, 3.8 and 3.9 releases.
snip
as soon as it sees the first syslog packet. This is repeatable on
both
On 6/22/06, Julian Bolivar [EMAIL PROTECTED] wrote:
Henning Brauer wrote:
* Anders J [EMAIL PROTECTED] [2006-06-20 21:06]:
Hello List.
A customer have a mailserver solution wich must be moved to a new
hardware, today its is running on a old suse 9.2 but i really want to
use OpenBSD if
On Thu, Jun 22, 2006 at 06:20:29AM +0200, Sebastian Reitenbach wrote:
Hi,
I have a problem with re0 Realtek 8169 Network card and OpenBSD 3.9. When
OpenBSD starts up, it recognizes the card, I can configure IP address... But
ifconfig -m re0 shows: none as the only available media option.
On Thu, 22 Jun 2006, Dylan Martin wrote:
Hi, I've got a bridge firewall protecting some FTP servers. In the
past I've used ftpsesame to let people on the internet use passive
connections to my FTP servers. I hear that ftp-proxy in 3.9 is
supposed to have the functionality of ftpsesame, so
80 matches
Mail list logo
