On 05/27/15 10:18, Simon wrote:
Le 2015-05-26 16:25, Theo de Raadt a écrit :
Le 2015-05-26 00:10, Miod Vallat a =C3=A9crit=C2=A0:
It is not the responsibility of the operating system to protect its
users against software which assumes using the pid as a random source=
=20
is
a bright and
it is hard to understand even for me only to follow thread .
so i write down at
http://openbsd-akita.blogspot.jp/2015/05/wifi-router-run0-192.html
if there are mistakes , please point them .
---
regards
Le 2015-05-26 16:25, Theo de Raadt a écrit :
Le 2015-05-26 00:10, Miod Vallat a =C3=A9crit=C2=A0:
It is not the responsibility of the operating system to protect its
users against software which assumes using the pid as a random source=
=20
is
a bright and wise idea.
=20
Isn't this the
On 2015-05-26, Felipe Scarel fbsca...@gmail.com wrote:
after reading some documentation on the NSD manpage and online, it
seems there's no support for views as offered with BIND. I've gathered
that the general suggestion is to run two separate instances (running
on 127.0.0.1, for example), and
On Tue, May 26, 2015 at 9:50 PM, Simon
openbsd.li...@whitewinterwolf.com wrote:
[...]
Unless specific cases, I do not think that programmers assume that PID
are especially sequential or not, but merely rely on the hypothesis
that:
- PID are unguessable,
- PID will not be reused quickly.
A 16 bit PID is suppsed to provide true safety?
Please.
Having PID's that are not easily predicable helps to reduce the attack
surface.
IMO that is a security measure, but YMMV.
Random PIDs is that plastic part, not the padlock.
--
May the most significant bit of your life be
On Wed, 27 May 2015, Joel Rees wrote:
Currently, when I connect to the server via the usual cvs command, it
responds with an ssh256 fingerprint.
For some reason, my brain is not helping me find a way to ask the
server to give me md5 fingerprints. Is there a way?
From what I've tried, the
Hi folks,
stable built fine, but make install failed with
:
cc -Werror -Wall -Wimplicit-function-declaration -Wno-main -Wno-uninitialized
-Wframe-larger-than=2047 -mcmodel=kernel -mno-red-zone -mno-sse2 -mno-sse
-mno-3dnow -mno-mmx -msoft-float -fno-omit-frame-pointer -fno-builtin-printf
On Wed, May 27, 2015 at 5:18 AM, Simon
openbsd.li...@whitewinterwolf.com wrote:
So do you confirm that random PID is actually not a security measure?
It is often presented as is, but it would not be the first time that some
wrong rumors get widespread enough to become accepted as a truth by
Le 2015-05-27 11:53, Fred a écrit :
On 05/27/15 10:18, Simon wrote:
Le 2015-05-26 16:25, Theo de Raadt a écrit :
A 16 bit PID is suppsed to provide true safety?
Please.
The problem is people who believe that shoving a 16 bit value into
a deterministic function gets them somewhere.
So do
Le 2015-05-27 14:01, Janne Johansson a écrit :
A 16 bit PID is suppsed to provide true safety?
Please.
Having PID's that are not easily predicable helps to reduce the attack
surface.
IMO that is a security measure, but YMMV.
Random PIDs is that plastic part, not the padlock.
You mean
Le 2015-05-27 14:29, Kenneth Gober a écrit :
On Wed, May 27, 2015 at 5:18 AM, Simon
openbsd.li...@whitewinterwolf.com wrote:
So do you confirm that random PID is actually not a security measure?
It is often presented as is, but it would not be the first time that
some
wrong rumors get
The fingerprints shown for anoncvs.jp.openbsd.org at
http://www.openbsd.org/anoncvs.html
are md5. Currently, when I connect to the server via the usual cvs
command, it responds with an ssh256 fingerprint.
For some reason, my brain is not helping me find a way to ask the
server to give me md5
On Wed, May 27, 2015 at 03:08:53PM +0200, Harald Dunkel wrote:
cmp -s bsd /bsd || ln -f /bsd /obsd
ln: /bsd: No such file or directory
*** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC (Makefile:904
'install-kernel-gate5c.example.com.')
I have rebuilt it *because* /bsd was deleted by
Just to be sure, do you have /bsd directory created?
Since the error is:
ln: /bsd: No such file or directory
Since your report is only the make install error and the error is that the
directory does not exist maybe you should start there before making other
assumptions about cleverness. Or maybe
Additionally to all this good advice, you can create multiple loopback
interfaces if you did want to use divert-to. 'ifconfig create lo1' then you
don't need to use weird ports to accomplish things.
On Wed, May 27, 2015 at 4:06 AM, Stuart Henderson s...@spacehopper.org
wrote:
On 2015-05-26,
Thanks for the input Stuart and Bryan, I think the dual-authoritative
setup might indeed be overkill.
I'll look into unbound local-data options, hadn't considered that.
On Wed, May 27, 2015 at 3:10 PM, Bryan Irvine sparcta...@gmail.com wrote:
Additionally to all this good advice, you can create
On 25 May 2015 at 14:33, Pablo Méndez Hernández pabl...@gmail.com wrote:
Hi,
Any statement for iked?
iked implements IKEv2 which doesn't use SSL/TLS. So this
attack doesn't directly apply to IKEv2. However we would
accept MODP 1024 and better by default. Perhaps we
should bump it to 2048
Thanks I managed to miss noting that I should look at
/usr/local/share/doc/pkg-readmes/sendmail-*
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of John
Merriam
Sent: Tuesday, May 26, 2015 12:20 PM
To: Peter Fraser
Cc: 'misc@openbsd.org'
On Wed, May 27, 2015 at 02:34:43PM +0200, Simon wrote:
Le 2015-05-27 11:53, Fred a écrit :
On 05/27/15 10:18, Simon wrote:
Le 2015-05-26 16:25, Theo de Raadt a écrit :
A 16 bit PID is suppsed to provide true safety?
Please.
The problem is people who believe that shoving a 16 bit value
Sorry for interruption. I have sent the message by mistake, please ignore
it.
2015ë
5ì 27ì¼ (ì) 23:17, yjh0...@gmail.comëì´ ìì±:
hi
2015-05-27 15:42 GMT+02:00 Joel Rees joel.r...@gmail.com:
On Tue, May 26, 2015 at 9:50 PM, Simon
openbsd.li...@whitewinterwolf.com wrote:
[...]
Unless specific cases, I do not think that programmers assume that PID
are especially sequential or not, but merely rely on the hypothesis
hi
On 2015-05-22 Fri 17:11 PM |, Antoine Jacoutot wrote:
On Fri, May 22, 2015 at 04:08:20PM +0100, Craig Skinner wrote:
On 2015-05-22 Fri 17:01 PM |, Antoine Jacoutot wrote:
What is the version of the cups package you are running?
$ pkg_info -I cups cups-filters foomatic-db-engine
Greetings everyone
I am playing with amazon virtual private clouds (VPC). I have set a few up. I
have no issues connecting ipsec from openbsd - amazon VPC. All of these
VPCs so far have their own internet connection going out from amazon that
works fine.
You can also use kopenbsd to load an OpenBSD kernel directly in grub, I did
just this to install OpenBSD from a previous Debian install (just
downloaded bsd.rd, rebooted, used grub to boot bsd.rd)
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs
How does the httpd authenticate option work? from httpd.conf(5):
[no] authenticate [realm] with htpasswd
Authenticate a remote user for realm by checking the credentials
against the user authentication file htpasswd. The file name is
relative to the chroot and must be
Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but
I wanted to find out if anyone has hit any major roadblocks using obsd 5.7
with this model. I know this is a fairly new machine and support is always
hit and miss, but any guidance on this machine would help.
Biggest
Hi Theo,
On 05/27/15 15:37, Theo Buehler wrote:
To fix your machine, either use the cp and mv commands as above or
simply issuing
# cp bsd /bsd
would be enough since `/bsd' isn't in the way.
The point is that make install didn't, because it expected
a previous /bsd in the destination
Hi Shaun,
On 05/28/15 01:48, Shaun Reiger wrote:
Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but
I wanted to find out if anyone has hit any major roadblocks using obsd 5.7
with this model. I know this is a fairly new machine and support is always
hit and miss, but
On Wed, May 27, 2015 at 07:48:49AM -0400, cobalt wrote:
any idea on the the proper way to get grub to boot openbsd:
set root=(hd1,4) is what i have, but i am missing something and i do not
know what.
any thoughts would help.
regards.
gilles
I have an old netbook with sysutils/grub
ok, I'm probably being overly dense here, but ...
How does the httpd authenticate option work? from httpd.conf(5):
[no] authenticate [realm] with htpasswd
Authenticate a remote user for realm by checking the credentials
against the user authentication file htpasswd. The file name
On 05/27/15 22:42, Yegor Timoschenko wrote:
How does the httpd authenticate option work? from httpd.conf(5):
[no] authenticate [realm] with htpasswd
Authenticate a remote user for realm by checking the credentials
against the user authentication file htpasswd. The file name is
any idea on the the proper way to get grub to boot openbsd:
set root=(hd1,4) is what i have, but i am missing something and i do not
know what.
any thoughts would help.
regards.
gilles
I built the userland with a GENERIC kernel. Then I looked at the dmesg and
realized I had wanted the GENERIC.MP kernel.
I'm going to re-build userland anyway, but how different is the resulting
userland?
Not a single bit different.
I built the userland with a GENERIC kernel. Then I looked at the dmesg and
realized I had wanted the GENERIC.MP kernel.
I'm going to re-build userland anyway, but how different is the resulting
userland?
Joel Rees
Computer memory is just fancy paper,
CPUs just fancy pens.
All is a stream of
36 matches
Mail list logo
