Tomas wrote:
How can I make sure that httpd was patched? Is it enought to see
version of mod_rewrite.c (it should be 1.24.6.1)?
Yes, that should suffice.
# Han
Yes it's too late, but why to let a hacker to compile his exploits on
your system and to go compromising other PCs (from your DMZ or from
internet, it doesn't matter).
Stephan A. Rickauer wrote:
People from time to time say they don't want to have a compiler
installed on a productive system
Tomas wrote:
Yes it's too late, but why to let a hacker to compile his exploits on
your system and to go compromising other PCs (from your DMZ or from
internet, it doesn't matter).
If a hacker is on your system, he'll also manage to install the compiler
himself before using it.
Stephan
Well, given the prevalance of scripting languages and such, it seems
like a false sense of security.
And frankly, why can't the cracker that already knows what OS he's
working on, not just supply
a pre-compiled binary...
But whatever works for people.
Han Boetes wrote:
Tomas wrote:
Yes
2006/8/24, Stephan A. Rickauer [EMAIL PROTECTED]:
People from time to time say they don't want to have a compiler
installed on a productive system due to security issues. I don't
understand this. Isn't is too late anyway, if someone's already able to
make use of the compiler?
--
Removing
Even though I can mount the same encrypted folder with different users
and create files, and permissions are 644 or 755 it is not possible to
access files/folders created by other users, only own stuff.
Neither is it possible, even as the owner, to change the ownership of
files/folders inside
Ok I played around a bit and what I got so far is this.
A file or directory created by a common user can be access by root as it
should be. A file created by root can not read by a user even though the
permissions allow it (644). When I issue chmod 644 file as root, it
works. A directory
Packages are precompiled binary executable forms
of programs. They're typically located at
OpenBSD mirrors, and on the OpenBSD website.
http://www.openbsd.org/3.9_packages/
is one such location to start
finding packages for 3.9. If you're
running 3.8 or 3.7 just replace 3.9
with 3.8/3.7.
Hello,
I think that you can remove out obsolete holidays and put there our
current dates. Sorry, but references are in Polish language.
References
1.
http://pl.wikipedia.org/wiki/Narodowe_%C5%9Awi%C4%99to_Niepodleg%C5%82o%C5%9Bci
2.
Hello list,
I'm having problem upgrading a 3.8 stable to 3.9 stable. The server is
a Prolian dl380 g2 with a LSI MegaRAID 320-1. When booting the
CD it stops right after ami driver is loaded:
ami0 at pci3 dev 4 function 0 Symbios Logic MegaRAID rev 0x01: irq 7
Under 3.8 it works great. I have
Ok I played around a bit and what I got so far is this.
A file or directory created by a common user can be access by root as it
should be. A file created by root can not read by a user even though the
permissions allow it (644). When I issue chmod 644 file as root, it
works. A directory
Anton Karpov wrote:
2006/8/24, Stephan A. Rickauer [EMAIL PROTECTED]:
People from time to time say they don't want to have a compiler
installed on a productive system due to security issues. I don't
understand this. Isn't is too late anyway, if someone's already able to
make use of the
On 8/24/06, Stephan A. Rickauer [EMAIL PROTECTED] wrote:
People from time to time say they don't want to have a compiler
installed on a productive system due to security issues. I don't
understand this. Isn't is too late anyway, if someone's already able to
make use of the compiler?
I 'll
Hello people,
I'm looking for the best ways to create a line of code beautification
(reformatting) scripts -- one for C, one for Ruby, one for Bash and
one for web development languages like XHTML, XML, CSS, PHP and Ajax.
Whether as frontline warriors or household maids, they would ensure
On Wed, 2006-08-23 at 20:36 -0400, Daniel Ouellet wrote:
200.82.74.176 - - [23/Aug/2006:12:42:37 -0400] GET
/events/index.php?EventID=58 HTTP/1.1 200 5 - Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
the following URL may be of interest to you:
On Wed, 2006-08-23 at 21:53 -0700, Edward Ray wrote:
It has been awhile since I used ports, and have not kept up on the latest
OpenBSD stuff. What and where are packages?
everything that is in ports, just compiled for you already. check your
local mirror.
later.
ryanc
--
Ryan Corder [EMAIL
Anton Karpov wrote:
Removing compiler doesn't bring much more security to your system, but
it can make it a little bit safer. Very little bit, but safer. I mean,
if your system has local root hole, for example, in this case cracker
should compile his sploit somethere outside your box, and
On 24/08/2006, at 7:39 PM, Jonas Thambert wrote:
Hello list,
I'm having problem upgrading a 3.8 stable to 3.9 stable. The server is
a Prolian dl380 g2 with a LSI MegaRAID 320-1. When booting the
CD it stops right after ami driver is loaded:
can you try a snapshot and see if the problem still
Sean Hafeez wrote:
Can someone help me. I am quite stuck. I have spend hours trying
various combinations in order to get an 3.9 box bring up a tunnel to a
NetScreen 25.
Below is all the information. I have full control over both boxes and
I am willing to try anything at this point.
David Gwynne wrote:
On 24/08/2006, at 7:39 PM, Jonas Thambert wrote:
Hello list,
I'm having problem upgrading a 3.8 stable to 3.9 stable. The server is
a Prolian dl380 g2 with a LSI MegaRAID 320-1. When booting the
CD it stops right after ami driver is loaded:
can you try a snapshot and
And dammit don't top post. You're using outlook aren't you? God, fuck
outlook. Fuck outlook and it's shitty non-standard look let's pretend
the reply button is the forward button design. And then that forces
you into top posting because otherwise it looks like the way the
message looks now.
On Thu, Aug 24, 2006 at 10:51:48AM -0400, Dan Farrell wrote:
I'm forced to use Outlook at work (don't get me started, I hate it), as
I'm sure a few others here are... I've tried a few crappy add-ons that
will reverse the top-posting nature of Outlook, and they have all
failed. If anyone knows
I use hotplugd to attach my usbstick. I works well, but I miss a
detach script which I couldn't find as a example in the manual so I
wonder if it's necessary. I've tried once to just disconnect the stick
without umounting the FS manually, and it worked.
messages shows:
Aug 24 16:24:54 venus
Hi all,
Got this error trying to compile libiconv, which says obviously that I
need automake-1.7.
On my newly-installed obsd system I already have automake, automake-1.4,
automake-1.8, and automake-1.9, and I don't see automake-1.7 in ports or
packages.
Question: What's the best way to
I'm a new openbsd user (or I should say I'm attempting to be) and I'm not
having a ton of luck here. I bought the cd set (i386) and it arrived
yesterday. During the install, the base39.tgz file seemed to be corrupt and
the install would crash, the kernel would panic and the machine would
Jonas Thambert wrote:
Proliant bios Im using is P29 and MegaRAID bios is from mid 2004.
On HP/Compaq servers, P29 refers to the firmware class, i.e. what
motherboard is installed. (Also, if you really have P29 firmware,
you've got a DL380 G3.) You can find a revision history of the P29
On Thursday 24 August 2006 10:51, you wrote:
And dammit don't top post. You're using outlook aren't you? God, fuck
outlook. Fuck outlook and it's shitty non-standard look let's pretend
the reply button is the forward button design. And then that forces
you into top posting because
On 2006-08-24T16:56, Bachman Kharazmi wrote:
I use hotplugd to attach my usbstick. I works well, but I miss a
detach script which I couldn't find as a example in the manual so I
wonder if it's necessary. I've tried once to just disconnect the stick
without umounting the FS manually, and it
Stephan A. Rickauer [EMAIL PROTECTED] wrote:
People from time to time say they don't want to have a compiler
installed on a productive system due to security issues. I don't
understand this. Isn't is too late anyway, if someone's already able to
make use of the compiler?
Yes, its too late,
-- Original message --
From: Stephan A. Rickauer [EMAIL PROTECTED]
Tomas wrote:
Yes it's too late, but why to let a hacker to compile his exploits on
your system and to go compromising other PCs (from your DMZ or from
internet, it doesn't matter).
If a
blah blah blah
On Thu, Aug 24, 2006 at 11:16:46AM -0400, marrandy wrote:
On Thursday 24 August 2006 10:51, you wrote:
And dammit don't top post. You're using outlook aren't you? God, fuck
outlook. Fuck outlook and it's shitty non-standard look let's pretend
the reply button is the
Hi Siju,
I 'll stop installing compilers
Still a bad idea IMHO, but this has been discussed to death.
when OpenBSD incorporates binary system updates ;-)
Please, don't bug the developers about that.
They have explained several times why their time
is better put elsewhere.
Please also note
On Thu, Aug 24, 2006 at 10:51:48AM -0400, Dan Farrell
wrote:
I'm forced to use Outlook at work (don't get me
started, I hate it),
as I'm sure a few others here are... I've tried a
few crappy add-ons
that will reverse the top-posting nature of Outlook,
and they have all
failed. If anyone
Dan, is it possible for you to use a different mail server than your
work's
Exchange platforms? POP/IMAP and SMTP elsewhere? Yahoo, hotmail, or
gmail?
It is entirely possible as far as this list is concerned-- I suppose I
have been avoiding this because I wanted have my cake and eat it,
Ryan Corder wrote:
On Wed, 2006-08-23 at 20:36 -0400, Daniel Ouellet wrote:
200.82.74.176 - - [23/Aug/2006:12:42:37 -0400] GET
/events/index.php?EventID=58 HTTP/1.1 200 5 - Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
the following URL may be of interest to you:
It's still a valid concern. If someone's going to try to break into
your
system and do nefarious deeds, you should be trying to make them work
for
it as much as possible.
Physical security standards recommending not leaving toolboxes outside
your backdoor so that a thief won't take your
marrandy wrote:
On Thursday 24 August 2006 10:51, you wrote:
Remove signatures and footers.
Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
Would this not qualify as a signature and/or footer?
Other than that, I agree with Marco's comment.
On 8/24/06, Anton Karpov [EMAIL PROTECTED] wrote:
Removing compiler doesn't bring much more security to your system, but it
can make it a little bit safer. Very little bit, but safer. I mean, if your
system has local root hole, for example, in this case cracker should
compile his sploit
On Thu, 2006-08-24 at 12:30 -0400, Daniel Ouellet wrote:
I am now up to 11,149 simultaneous sources for the last 22 hours.
Someone is having fun at my expense.
But still holding on remarkably well!
sounds like it is time to deploy some PF hackery...
table bad_hosts persist
block in quick on
If I may ask. One part of my original question was if the CARP interface
is view as a bridge setup as far as Sync Proxy is concern. Is it the
case here? What I understand of the FaQ is clear for not working on
bridge setup, however, it's not clear to me if CARP setup is view as
bridge as well.
Hi Tomas,
Tomas wrote on Thu, Aug 24, 2006 at 09:18:26AM +0300:
Han Boetes wrote:
Tomas wrote:
Thank you very much, I think that's the way I will do it :)
Then do it very carefully!
I see at least one trap you might stumble into...
It's quicker then compilling all the release...
Probably;
On Thu, Aug 24, 2006 at 12:30:13PM -0400, Daniel Ouellet wrote:
Ryan Corder wrote:
On Wed, 2006-08-23 at 20:36 -0400, Daniel Ouellet wrote:
200.82.74.176 - - [23/Aug/2006:12:42:37 -0400] GET
/events/index.php?EventID=58 HTTP/1.1 200 5 - Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1;
If a hacker is on your system, he'll also manage to install
the compiler
himself before using it.
It's still a valid concern. If someone's going to try to
break into your system and do nefarious deeds, you should be
trying to make them work for it as much as possible.
Layered
Joachim Schipper wrote:
Did you already check that the page is, indeed, the page you expect it
to be? And not, say, some botnet-controller?
Yes I did and even moved it and replace it with special hacking of my
own there. (;
Not that dumm. But thanks for your concern. (;
Plus it is really
On Thu, Aug 24, 2006 at 04:56:03PM +0200, Bachman Kharazmi wrote:
I use hotplugd to attach my usbstick. I works well, but I miss a
detach script which I couldn't find as a example in the manual so I
wonder if it's necessary. I've tried once to just disconnect the stick
without umounting the FS
Many thanks,
Already have that in place.
But doesn't always help for AOL proxy for example that actually will
have more connection then this.
If you look here:
http://webmaster.info.aol.com/proxyinfo.html
I can have the list of Proxy used for them, so I can also allow this
list to connect
NetNeanderthal wrote:
On 8/24/06, Anton Karpov [EMAIL PROTECTED] wrote:
Removing compiler doesn't bring much more security to your system, but it
can make it a little bit safer. Very little bit, but safer. I mean, if
your
system has local root hole, for example, in this case cracker should
On 8/24/06, Jeff Bromberger [EMAIL PROTECTED] wrote:
I'm a new openbsd user (or I should say I'm attempting to be) and I'm not
having a ton of luck here. I bought the cd set (i386) and it arrived
yesterday. During the install, the base39.tgz file seemed to be corrupt and
the install would
On Thursday 24 August 2006 12:48, you wrote:
Would this not qualify as a signature and/or footer?
Other than that, I agree with Marco's comment.
I only bothered to respond with some comments and advice as this issue keeps
coming up every few months.
I left it in on purpose. Are you always
This sounds like bad hardware to me. Have you tried installing your CD set
elsewhere?
/marco
On Thu, Aug 24, 2006 at 10:00:50AM -0500, Jeff Bromberger wrote:
I'm a new openbsd user (or I should say I'm attempting to be) and I'm not
having a ton of luck here. I bought the cd set (i386) and
Those are intermittent errors that are not relevant to your failure. I did fix
those in -current.
You simply have a dying HDD.
On Thu, Aug 24, 2006 at 06:09:11PM +0200, Hans van Leeuwen wrote:
Hello misc,
I run a server with two harddiscs running as a software RAID1 using ccd.
Yesterday
I just spent more time than I would have liked to searching for info
on providing HA/LB via CARP (and possibly other tools) for individual
services (such as http) rather than IP addresses. I was surprised to
find just about nothing on the topic since it seems like something
people would want to
Hi ben,
On 2006-08-24T12:00, ben wrote:
I just spent more time than I would have liked to searching for info
on providing HA/LB via CARP (and possibly other tools) for individual
services (such as http) rather than IP addresses. I was surprised to
find just about nothing on the topic since it
On Thu, Aug 24, 2006 at 06:09:11PM +0200, Hans van Leeuwen wrote:
Hello misc,
I run a server with two harddiscs running as a software RAID1 using ccd.
Erm... search the archives for why you shouldn't use ccd to mirror and
then think you have a RAID.
Yesterday I started to import a large
On Thu, Aug 24, 2006 at 12:00:10PM -0700, ben wrote:
I just spent more time than I would have liked to searching for info
on providing HA/LB via CARP (and possibly other tools) for individual
services (such as http) rather than IP addresses. I was surprised to
find just about nothing on the
* ben [EMAIL PROTECTED] [2006-08-24 21:11]:
I just spent more time than I would have liked to searching for info
on providing HA/LB via CARP (and possibly other tools) for individual
services (such as http) rather than IP addresses. I was surprised to
find just about nothing on the topic since
I have a machine with FreeBSD (5.3). I cannot use the CD nor the
floppy disk. I have just an access with ssh and KVM.
Which is best the way of installing OpenBSD in this situation?
Can you take the HDD out and install it on a machine you do have access to
working CDROM or floppy at?
Hello misc,
I have been installing 4.0- beta snapshots via FTP on a few machines
(i386 and amd64) and after installation, one of the sysctl
modifications I always make is increasing net.inet.tcp.recvspace so I
can make full use of my 9Mbit ADSL2+ line.
While performing installs, I have
On 8/24/06, Manuel Lamas [EMAIL PROTECTED] wrote:
Hi,
I have a machine with FreeBSD (5.3). I cannot use the CD nor the
floppy disk. I have just an access with ssh and KVM.
Which is best the way of installing OpenBSD in this situation?
Thank you very much
Manuel
If you have a keyboard and
Here is an interesting approach. Could spamd be use here?
I was suggested that may be I fight to much spamer and that I got
reposted to this. Well very possible.
I got a suggested that may be trapitting the connections might help.
Hmmm. Could this be done. Obviously not want to delay
David Terrell wrote:
On Thu, Aug 24, 2006 at 12:38:26PM -0700, Nick Shank wrote:
Through all of this, and maybe I've just missed it, what happens when a
user tries to make spl01t.c?
stop it, please, you're killing me.
There is nothing special about your machine that makes binaries
Hello,
You may use a TFTP server on another box.
The simple way may be to use PXE boot method.
You can also use a grub boot sector with grub compiled with support for
your network card. Grub can be compiled with a tftp server, dhcp client
and support for some network cards.
You can build a
Scott Plumlee wrote:
NetNeanderthal wrote:
On 8/24/06, Anton Karpov [EMAIL PROTECTED] wrote:
Removing compiler doesn't bring much more security to your system,
but it
can make it a little bit safer. Very little bit, but safer. I mean,
if your
system has local root hole, for example, in this
On Thu, Aug 24, 2006 at 12:38:26PM -0700, Nick Shank wrote:
Through all of this, and maybe I've just missed it, what happens when a
user tries to make spl01t.c?
stop it, please, you're killing me.
There is nothing special about your machine that makes binaries compiled
somewhere else not be
Hello list!
We are planning to buy some Dell PowerEdge 2850's with PERC4e/DCs and
redundant powersupply for good availability. It looks like the
PERC4e/DC (PCIe) is well supported and that's not a problem, it doesnt
mention the PCI-Express version thou.
This is going to be a remote
Hello,
I'm looking for a volume manager comparable to LVM. Is there
a well-tended solution for openbsd? I want to be able to
create / resize partitions at runtime, raid functionality
is not needed.
Regards
Hagen Volpers
Good day.
This is not a request to do anything - just a statement of fact.
On the server-side, when performing DHE-enabled SSL_accept(), I have been
shown that several hundred malloc()/free() calls are made.
CHEERS
--
Jack Bates
Placitas, NM, USA
I play Texas Hold'Em at
This is annoying. Every time I try to build with packages I get an error
with libiconv-1.9.2p3 . Unfortunately, this failure screws up every other
package I try to install
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/
# pkg_add bash-3.1.1p0.tgz
Error from
I have used tidy (for html) and perltidy to clean up messy/generated
code in the past. Both are extremely customizable in the format they
output code.
Tim Donahue
On Thu, 24 Aug 2006 14:59:31 +0200
Kyrre Nygerd [EMAIL PROTECTED] wrote:
Hello people,
I'm looking for the best ways to create
On Thu, Aug 24, 2006 at 01:44:04PM -0700, Edward Ray wrote:
[...]
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/
# pkg_add bash-3.1.1p0.tgz
Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
Unknown command.
Not an ustar archive header
But, out of curiosity, is there a reasoning for not including the
sysctl binary on the install image, and hence not allowing sysctl
modifications during the installation of these snapshots?
Besides that the install media are totally full?
On 8/24/06, Nick Shank [EMAIL PROTECTED] wrote:
...
Regardless, I was simply asking if 1) The possibility of a user who has
access to the system had been thought of, and 2) Would it matter.
Umm, hasn't this whole discussion been about the situation when the
user has access? If they don't
[Bleat bleat.. Don't install the compiler it makes it a little bit safer]
[Bleat bleat No it doesn't make a difference]
Mooseapples. Both herds are wrong. *Not* having the compiler makes the system
*Less* secure, because it's more of a PITA for the admin to apply
fixes. Doesn't
matter in
This sounds like bad hardware to me. Have you tried installing your CD
set
elsewhere?
Ok, so I made a memtest86 boot cd to test out this machine. At the moment
it is 59% of the way through the testing and it's only found 7,016 memory
errors, that's not that bad, right? :-)
So bad hardware
On Thu, Aug 24, 2006 at 10:55:40PM +0200, openbsd misc wrote:
Hello,
I'm looking for a volume manager comparable to LVM. Is there
a well-tended solution for openbsd? I want to be able to
create / resize partitions at runtime, raid functionality
is not needed.
No.
You can just ccd every
On Thu, 24 Aug 2006 15:40:45 -0600
Theo de Raadt [EMAIL PROTECTED] wrote:
But, out of curiosity, is there a reasoning for not including the
sysctl binary on the install image, and hence not allowing sysctl
modifications during the installation of these snapshots?
Besides that the install
Kyrre Nygerd wrote:
Hello people,
I'm looking for the best ways to create a line of code beautification
(reformatting) scripts -- one for C, one for Ruby, one for Bash and one
for web development languages like XHTML, XML, CSS, PHP and Ajax.
Whether as frontline warriors or household maids,
The OpenBSD developers spend a lot of time making code fit what they
call KNF -- Kernel Normal Form, documented in style(7)
style(9)
-p.
But, out of curiosity, is there a reasoning for not including the
sysctl binary on the install image, and hence not allowing sysctl
modifications during the installation of these snapshots?
Besides that the install media are totally full?
Ok, hadn't considered that. I guess it may
On Thu, Aug 24, 2006 at 11:29:54AM +0200, Jan Johansson wrote:
Hello.
ssh on a recent snapshot does not like trying gssapi-with-mic when there
is no ticket file.
I did not see any relevant patches in the CVS web.
According to Simon Wilkinson (the author of the code that makes that
library
On Fri, Aug 25, 2006 at 05:38:19AM +1000, Scott Radvan wrote:
Or am I missing something which could allow the install to use all
available bandwidth?
Can you first choose S for shell, run the necessary sysctl commands,
then exit the shell and start the install process as usual?
Nick Holland wrote:
Use vi or emacs. :)
Additionally for emacs users: You can define how c code should be
indented for the openbsd project with this code in your .emacs.
(defun KNF-c-style ()
OpenBSD KNF C-style.
(interactive)
(local-set-key \C-c\C-c 'compile)
(c-set-style bsd)
(setq
82 matches
Mail list logo