From http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ :
or desktop environments such as Wine
For some definitions of desktop environments.
Claire beuserie claire.beuse...@gmail.com writes:
That came out a bit weird: are you saying you knew about the bug for 2 years
but did not fix it?
Yes. Because the solution sucks. And all others we tried were just not
workable.
Just like we knew that executable stacks can be used for exploits
On Tue, Nov 3, 2009 at 1:52 PM, Henning Brauer lists-open...@bsws.de wrote:
pfctl -vvsI is what you're after.
Thanks Michael Henning :-)
--Siju
Hi all,
since the upgrade to version 4.6 had pf activated by default,
I was confronted with the question wheather it is reasonable to use it
on my desktop computer or not.
I would like to know if someone is using it that way and if it's worth
to invest my time into
the configuration of pf.
--- Moritz Herrmann [Wed, Nov 04, 2009 at 11:51:52AM +0100]: ---
Hi all,
since the upgrade to version 4.6 had pf activated by default,
I was confronted with the question wheather it is reasonable to use it
on my desktop computer or not.
I would like to know if someone is using it that way
since the upgrade to version 4.6 had pf activated by default,
I was confronted with the question wheather it is reasonable to use it
on my desktop computer or not.
The question you are confronted with has already been solved for you:
yes, it is reasonable - that's why it is the default.
I'm experiencing this problem since a few snapshots now:
[...]
While resizing, moving or hovering the xterm window with other windows, the
xterm window's content is refreshing painfully slowly. If someone else has
experienced this problem, I would really appreciate some ideas or
informations
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote:
Hi,
On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt dera...@cvs.openbsd.orgwrote:
2) At least three of our developers were aware of this exploitation
method going back perhaps two years before than the commit, but we
Dear all
i try install clamav from packages but get error like this , how to solved ?
- i try another mirror still same
- try donwload to local pc still same
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/
# pkg_add -i clamav
Premature end of archive
On Fri, 30 Oct 2009 07:59:30 + Jacob Meuser
jake...@sdf.lonestar.org wrote:
I still kind of want to trade it in but it's looking like there
might not be any other 4in/4out USB soundcard that's suitable
(they're all either too complex or appear to be old so probably
need custom
---
OK-mail
You have received this email because you are a registered member of
OK-mail.co.uk. If you no longer wish to receive emails like
this please see instructions at the bottom of the email.
Make sure you get the best from us
On Wed, Nov 4, 2009 at 5:49 AM, sonjaya sonj...@gmail.com wrote:
Dear all
i try install clamav from packages but get error like this , how to solved
?
- i try another mirror still same
- try donwload to local pc still same
# export
yes already pkg_delete but still same show up that problem
On Wed, Nov 4, 2009 at 7:11 PM, Nick Guenther kou...@gmail.com wrote:
On Wed, Nov 4, 2009 at 5:49 AM, sonjaya sonj...@gmail.com wrote:
Dear all
i try install clamav from packages but get error like this , how to solved
?
- i try
On Wed, Nov 4, 2009 at 12:49 PM, sonjaya sonj...@gmail.com wrote:
yes already pkg_delete but still same show up that problem
Delete the partial again and try pkg_add -r
Cheers,
Steph
On Wed, 4 Nov 2009 at 1:46 PM, Aaron Mason
simplersolut...@gmail.com wrote:
On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez
gonz...@sepp0.com.ar wrote:
2009/11/3 Claire beuserie claire.beuse...@gmail.com:
Hi,
On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
Theo wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer dereferencing in the
kernel) via the /proc/sys/vm/mmap_min_addr sysctl, which
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote:
Theo wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer
Otto Moerbeek wrote:
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote:
Theo wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
Since 2.6.23, it has been possible to prevent applications from
mapping low pages
Penned by Justin Smith on 20091104 15:45.33, we have:
| Theo wrote:
|
| For the record, this particular problem was resolved in OpenBSD a
| while back, in 2008.
|
| Nice, but:
|
| Since 2.6.23, it has been possible to prevent applications from
| mapping low pages (to prevent null pointer
On Tue, Nov 3, 2009 at 11:44 PM, Bob Beck b...@ualberta.ca wrote:
2009/11/3 Luis Useche use...@gmail.com:
I read in the 4.6 changelog that his was part of the release.
Am I missing something? Do I have to recompile? Or this is just a bug?
Yeah you are missing something. Listen to the
Good day to everyone,
I'm a happy PF user, and have been for over a decade now. I'm writing
to ask some questions about performance now that I've got a system
that needs to handle some real traffic. I've been digging up various
tweaks and settings from the archives (and elsewhere) over the
On Wed, Nov 04, 2009 at 10:26:50AM -0500, Luis Useche wrote:
OK. Sorry for the noise. In any case, this change is in the 4.6
changelog (twice, http://www.openbsd.org/plus46.html):
Added dynamic buffer cache sizing. The sysctl kern.bufcachepercent
will allow you to specify a high-water mark above
I don't know what version of plus46.html you are looking at - but that
text doesnt' appear in any version I look at.
Of course it is in the cvs commit log, but that's not the same thing.
That same commit was backed out before 4.6 - and has since gone back
into current.
2009/11/4 Luis Useche
As I continue to work on my previous issue with my Sun V120 and network
hangs, I decided to install 4.6 release onto an HP DL360 G4 box with the
latest BIOS and firmware updates as a possible replacement for the Sun.
After many hours of load testing and changing configurations, I found that
I
On Wed, Nov 04, 2009 at 01:45:01AM -0800, J.C. Roberts wrote:
On Fri, 30 Oct 2009 07:59:30 + Jacob Meuser
jake...@sdf.lonestar.org wrote:
I still kind of want to trade it in but it's looking like there
might not be any other 4in/4out USB soundcard that's suitable
(they're all
* Jason Healy jhe...@logn.net [2009-11-04 16:37]:
The systems work great, but are chewing up about 60% of their time on
interrupts (~9000 according to vmstat, with ~7500 going to the LAN/WAN
cards). This is fine; everything is working and I know that high
interrupt load was inevitable at the
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer dereferencing in the
kernel) via the /proc/sys/vm/mmap_min_addr sysctl, which sets
On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries t...@fries.net wrote:
Penned by Justin Smith on 20091104 15:45.33, we have:
| Theo wrote:
|
| For the record, this particular problem was resolved in OpenBSD a
| while back, in 2008.
|
| Nice, but:
|
| Since 2.6.23, it has been possible
Maurice: Thanks for pointing that out.
Bob: At this point this is probably irrelevant. In any case, I found
it in the officiel webpage http://www.openbsd.org/plus46.html.
Thanks for your help!
Luis
On Wed, Nov 4, 2009 at 10:42 AM, Bob Beck b...@openbsd.org wrote:
I don't know what version of
Buenos dmas,
?Csmo esta?
Haga como la Mayorma de los Lmderes de Ventas estan haciendo. Venga a pasar
una maqana entera con Mario Borghino, en la conferencia Gestisn en Ventas
que se realizara el dma 21 de noviembre en el Hotel Melia Mixico Reforma.
ATENCISN: Mas de 130 personas ya confirmaron su
-Urspr|ngliche Nachricht-
Von: Donald Allen donaldcal...@gmail.com
Gesendet: 04.11.09 14:23:04
An: misc@openbsd.org
Betreff: Re:
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
Don Allen wrote
...
I realize that I'm preaching to the choir -- you know all this.
On Wed, Nov 4, 2009 at 10:55 AM, Justin Smith odnomz...@gmail.com wrote:
By default, Ubuntu 8.04 and later with a non-zero
/proc/sys/vm/mmap_min_addr setting were not vulnerable.
Ubuntu 8.04 released in 2008 april.
Ubuntu 8 also ships with a setuid pulseaudio by default, which renders
the
Your Email client is not formatted to view HTML emails. We have included the
text email of the message.
Purchase securely here:
iTunes: http://fburls.com/55-l467mT6S
DIABLITO RECORDS
sello indie alterlatino de mexico
distribuido por WARNER MUSIC MEXICO
PROMOCION DIABLITO - UN MP3 GRATIS!
BUSCA
it doesn't want to play nice with USB drives.
Ok: I finally found the problem: my test disks all were a portable
ones -powered from the USB bus-.
Cause that's what I had around the house.
I know the USB port needs to deliver enough juice to make it work, and
I had taken that into
account:
On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
And now we get into the fun stuff.
Ever heard of 'secure by default' ?
This knob is set to '0' by default.
How many Linux installations actually read the above paragraph, understood
what value it could have to set to
Running 4.3 GENERIC#698 i386
I have a VPN with a vendor using a I think he said it was a Sonic Wall
FW. We are able to get Phase 1 associations up and happy. But Phase 2
never seems to start, at least not from my side.
If he sends traffic from his side then his device makes a phase 2
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries t...@fries.net wrote:
Penned by Justin Smith on 20091104 15:45.33, we have:
| Theo wrote:
|
| For the record, this particular problem was resolved in OpenBSD a
| while back
And it is totally on on *all* 90239490234873984 distros right?
On Wed, Nov 04, 2009 at 06:43:14PM +0200, Ross Cameron wrote:
On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Hi,
On Mon, 2 Nov 2009 21:35:45 -0400
Ted Unangst ted.unan...@gmail.com wrote:
softraid offers a few advantages.
1. Better crypto. The crypto algorithm currently used by softraid is
designed a little better. It could, in theory, also use hardware,
except the choice of algorithm actually
Ross Cameron wrote:
Actually no it was turned on.
This is from the commit to the Linux kernel:
The amount of space protected is indicated by the new proc tunable
proc/sys/vm/mmap_min_addr and defaults to 0, preserving existing behavior.
It was turned off, 0 means no protection.
Matthias Kilian wrote:
And if you install something like wine, the knob is set back to 0,
probably without any notice (at least in ubuntu-8.10).
That can explain why it's off on my system (karmic koala).
By the way, this is from the debian wiki:
Debian 5.0.3 ships with a default mmap_min_addr
Hi all,
I have full installation of i386 snapshot from 1.11.2009 (latest on
mirrors) and I can't use X. When I try startx either as root or normal
user I get :
$ startx
xauth: can't load library 'libXdmcp.so.10.0'
xauth: can't load library 'libXdmcp.so.10.0'
xauth: can't load library
On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen donaldcal...@gmail.com wrote:
[SNIP]
I realize that I'm preaching to the choir -- you know all this. But I
think it's a mistake for (especially) the OpenBSD community to speak
of OpenBSD as just about security, when it's so much more than that.
I
Hi, try this
# ldconfig -m /usr/X11R6/lib/
Saludos
2009/11/4 TomC!E! BodEC!r tomas.bod...@gmail.com
Hi all,
I have full installation of i386 snapshot from 1.11.2009 (latest on
mirrors) and I can't use X. When I try startx either as root or normal
user I get :
$ startx
xauth: can't load
On Wed, Nov 4, 2009 at 1:48 PM, Henry Sieff henry.si...@gmail.com wrote:
On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen donaldcal...@gmail.com wrote:
[SNIP]
I realize that I'm preaching to the choir -- you know all this. But I
think it's a mistake for (especially) the OpenBSD community to
On 2009-11-04, Dag Richards dagricha...@speakeasy.net wrote:
Running 4.3 GENERIC#698 i386
I have a VPN with a vendor using a I think he said it was a Sonic Wall
FW. We are able to get Phase 1 associations up and happy. But Phase 2
never seems to start, at least not from my side.
If he
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason simplersolut...@gmail.com wrote:
Wine is a good idea, but it's stifling an even better idea - making
applications compatible across multiple OSes, something that hasn't
needed to be done in the M$ world because of the stranglehold they
had/have
Greetings,
Can PF be programmed to block skype ? Provided we have port 80 and 443
Opened to the world, and perhaps DNS port too... skype finds any open
port to connect to.
Regards,
David Taveras
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason simplersolut...@gmail.com wrote:
Wine is a good idea, but it's stifling an even better idea - making
applications compatible across multiple OSes, something that hasn't
needed to be done in the M$ world because of the stranglehold they
had/have
On 04/11/2009 20:48, David Taveras wrote:
Greetings,
Can PF be programmed to block skype ? Provided we have port 80 and 443
Opened to the world, and perhaps DNS port too... skype finds any open
port to connect to.
Regards,
David Taveras
Hi,
Why having your users directly natted to the
David Taveras wrote:
Can PF be programmed to block skype? Provided we have port 80
and 443 Opened to the world, and perhaps DNS port too... skype
finds any open port to connect to.
I don't think so. But if you install snort you can. Google for
snort and skype and you'll find quite a few decent
Your saying that a skype client can proxy itself through another skype
client on the same network?
In any case, iam sure there must be a way if cisco can do it, pf can.
--David
On Wed, Nov 4, 2009 at 2:12 PM, Yamidt Henao yamidthe...@gmail.com wrote:
It is impossible, skype application, can
Skype is crap, but really good in going trough firewalls so if you
want to block this and you're company then prepare rules about using
of ICT for users and they must sign it. If they break those rules then
use sanctions against them. Of course that this will not stop experts.
Or if you want to be
Ok to add more idiotic ideas to debate about Linux/MS and
interoperability and so on why not add this one?
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2620blogid=
14
EU Wants to Re-define bClosedb as bNearly Openb
'.While there is a correlation between openness
But Cisco can do it on Application layer. I'm not sure about pf, but
last time I read man page about pf and pf.conf it wasn't able to do
that. I think that there was some post about it on Undeadly too.
On Wed, Nov 4, 2009 at 9:21 PM, David Taveras d3taveras3...@gmail.com wrote:
Your saying that
Not sure if this is any good, looks like it is opensource though.
http://www.lynanda.com/products/software-for-corporations/traffic-filtering/l
ynanda-skype-filter
Mark
2009/11/4 TomC!E! BodEC!r tomas.bod...@gmail.com
But Cisco can do it on Application layer. I'm not sure about pf, but
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ? I
once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the installing process of 4.6.
Regards
On Wednesday 04 November 2009 16:10:06 Jean-Frangois SIMON wrote:
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ? I
once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
Excelent answer.
Also try blocking skype netblock.
-Mensagem original-
De: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Em nome de Laurent
CARON
Enviada em: quarta-feira, 4 de novembro de 2009 18:08
Para: misc@openbsd.org
Cc: David Taveras
Assunto: Re: Can be PF block skype?
Jean-Frangois SIMON schrieb:
...
Is there any particular problem with installing OpenBSD on a SSD HD ? I
Hello,
it is like for any OS on SSD HD. Make sure, you are using
no swap partition!
And if you are using an application, which is writing
a lot of things into files, put the respective
2009/11/4 Roger Schreiter ro...@planinternet.de:
it is like for any OS on SSD HD. Make sure, you are using
no swap partition!
This is ridiculous advice.
And if you are using an application, which is writing
a lot of things into files, put the respective dirs into
ramdisks!
Combined with
On Thu, Nov 5, 2009 at 9:12 AM, Ted Unangst ted.unan...@gmail.com wrote:
2009/11/4 Roger Schreiter ro...@planinternet.de:
it is like for any OS on SSD HD. Make sure, you are using
no swap partition!
This is ridiculous advice.
And if you are using an application, which is writing
a lot of
Hello,
I'm using a 32 GB SSD drive from approximatly one year with openBSD 4.4 into
a SOEKRIS and no troubles with that, the great think is NO NOISE, NO HEAT.
I used the soekris as firewall and the uptime is approximatly 178 days.
Regards
2009/11/4 Jean-Frangois SIMON jfsimon1...@gmail.com
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ?
I once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the installing process of 4.6.
Regards
2009/11/5 Jean-Frangois SIMON jfsimon1...@gmail.com:
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ? I
once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the
Ted Unangst schrieb:
...
no swap partition!
This is ridiculous advice.
...
a lot of things into files, put the respective dirs into
ramdisks!
Combined with this is even dumber.
Hi,
anyway, intensive swapping onto SDD HD will destroy your SDD HD.
If RAM is the limiting resource in
On Wed, 04 Nov 2009 23:00:39 +0100
Roger Schreiter ro...@planinternet.de wrote:
Jean-Frangois SIMON schrieb:
...
Is there any particular problem with installing OpenBSD on a SSD
HD ? I
Hello,
it is like for any OS on SSD HD. Make sure, you are using
no swap partition!
And if you
2009/11/4 Jean-Frangois SIMON jfsimon1...@gmail.com:
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ? I
once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the
hmm, on Wed, Nov 04, 2009 at 07:43:33PM +0100, TomC!E! BodEC!r said that
Hi all,
I have full installation of i386 snapshot from 1.11.2009 (latest on
mirrors) and I can't use X. When I try startx either as root or normal
user I get :
$ startx
xauth: can't load library 'libXdmcp.so.10.0'
Hello community,
I have a LAN of 10 users connected to a box that nats them all through
the external NIC and thus the default servers public IP. THat box has
several public IPs. Is there anyway I can NAT a specific user to use a
specific IP as their translated IP?
Thank you.
-- David
David Taveras wrote:
Can PF be programmed to block skype? Provided we have port 80
and 443 Opened to the world, and perhaps DNS port too... skype
finds any open port to connect to.
It has been discussed earlier. The short answer is yes with a little
help
It's all in here man.
http://www.openbsd.org/faq/pf/nat.html
Basically:
nat on $ext_if from $your_user to any - 1.2.3.4
On Wed, Nov 4, 2009 at 3:51 PM, David Taveras d3taveras3...@gmail.com wrote:
Hello community,
I have a LAN of 10 users connected to a box that nats them all through
the
On Wed, Nov 4, 2009 at 12:02 PM, umaxx um...@oleco.net wrote:
I have one advantage to mention:
I have done some comparison measurements (with bonnie benchmark) and
some self-written dd scripts under 4.5 - result: in my setup svnd seems to be
much faster.
I think this is maybe related to the
Boletmn Cientmfico Coband
Si utiliza Gmail o no ve correctamente este boletmn puede acceder a la versisn
online
_
2005-2009
4 aqos promoviendo el avance de la ciencia psicolsgica en Argentina
El Proyecto COBAND es una asociacisn cientmfica sin fines de lucro
Dear sweetheart,
On Thu, Nov 05, 2009 at 01:12:58AM +0100, Claire beuserie wrote:
Yes, I know, I was present in the room when Illja gave the talk in 2006 at
the CCC Kongress and the two OpenBSD developers in the room decided to
completely ignore the exploit he showed until Miod reproduced it
On Wed, Nov 04, 2009 at 07:02:54PM -0500, Brad Tilley wrote:
...Only /,
/usr and /var are clear text on my laptops and I'm OK with that. /home
is encrypted, swap in encrypted and /tmp is in memory. So I still have
some privacy.
Did you forget /var/tmp? :)
77 matches
Mail list logo