Re: Using the C programming language
On 07:32:54 Dec 23, Rico Secada wrote: > Now those two statements are somewhat in contradiction. You can't say > that Ada isn't an alternative to C without knowing what it is. Ada > fully serve as an alternative to C, but read up on that if you must > know. I have been wanting to ask this. Lot of people seem to be in favor of Ada. I had no clue that Ada was such an important language in embedded systems and mission critical applications. Anyway it is never too late to learn. Can someone give me a list of useful links on Ada so I can start learning the language? I did read the wikipedia entry though. Thanks. -Girish
Re: Using the C programming language
On Dec 22, 2007 5:53 PM, Rico Secada <[EMAIL PROTECTED]> wrote: > You are right, Ada is widely used in avionics, aerospace and defence > systems, systems that demand a VERY high level of security and safety > regarding lives and expensive equipment. And Ada is specifically > designed for embedded systems too. Ada's original foothold was gained because it was mandated by the US government for many projects and was standardized before C. If Ada's benefits were not realizable with other tools, the mandate would still be in place. > It is my understanding that C is the hackers tool while Ada is the tool > of the engineer. I think it is mostly because of tradition. Your understanding is wrong. I suspect that many professional engineers using C (and/or other languages) would strongly disagree with your offhand characterization. > You find Ada in almost all of Boings airplanes, and in most industry > critical systems. Ada was written with compile time protection against > bugs such as buffer-overflows and so on. Didn't I read a Slashdot article about the NYSE going to Linux? What language is medical software written in? What about the competing companies that aren't using Ada? How does their track record of software faults compare? Compile time protection isn't worth the time it takes to run them if your specification has flaws, your code doesn't match the spec, or the compiler has errors. There are MANY other types of errors that can never be caught at compile-time. Just because these errors SHOULD be accounted for in the program's spec doesn't mean that they WILL be. > But like many has stated, what makes programs good and secure is the > programmer, but IMHO the tools and languages are important too. > > You cannot use something like C in a really security demanding > situation, and here I think about humans lives, like in spacecrafts. Completely false. You can use any tool you want with an appropriate model of the system; this includes your tools and code. The software for the original US moon missions was written in assembly code; portions may still be in use today because of its extreme reliability. > A simple buffer overflow might crash the plane, and you have to have > some ways of eliminating that completely. That is why Ada was designed > the way it was. You can read about the history of Ada on Wikipedia. > > Why so much is written in C on Unix-like systems, I think its mainly > tradition. IMO Ada would be much better from a security point of view. Your opinion means nothing without code. Even with code, the OpenBSD project likely won't care anyways. You are barking up the wrong tree. > I agree that it would be better if OpenBSD or any other system for that > matter was written in Ada rather than C, and they could just as well, > but re-writing something as huge as OpenBSD is a MAJOR task, and what > would the real benefits be in this situation? > > The OpenBSD team knows exactly what they are doing hence the extra > security of Ada becomes almost un-necessary, but again I agree, had > OpenBSD been in Ada from day one, that would save them a LOT of time! > Bugs would be caught on compile time and bad-coding would almost be > eliminated. Go back to Wikipedia. OpenBSD was a fork and essentially worked from day one. However, as you say, rewriting something as big as OpenBSD is a MAJOR task in the timeframe of years or decades. Instead of improving security in a known system, all those years would be "wasted" reinventing the wheel and playing catch-up with the pre-existing feature set of modern operating systems. Your insistence on equating compile-time checks with secure programming is incorrect, and indicates your inexperience in secure programming. Academic questions like this should be googled or asked on comp.lang.ada. Good luck. --david
Re: Is there a L2TP daemon port?
On Dec 22, 2007, at 6:57 PM, Sunnz wrote: Yes I have tried an OpenVPN client on a Mac before... it feels kind of hackish to be honest... haven't tried the Windows one yet... but if that's the only thing that works then I don't have a choice I guess. I can understand that. What's worked really well, for me on 10.4 and 10.5, has been tunnelblick. Pop your config in to ~/Library/openvpn, provide a path to your keys, and it "just works." Even has a handy little icon on upper bar. On the back end, OpenBSD supports it beautifully. I have a system supporting two different VPN tunnels extremely well. Thanks for the advice! Not a problem. I recently went through a hunt for an L2TP daemon that would work with OpenBSD, and after a week of fruitless searching started hacking with IPsec for other routing/tunneling needs. Even with ipsecctl/ipsec.conf, I found things lacking. One of the biggest problems was a lack of fine tuned control between routers and clients. OpenVPN suffered none of these difficulties. Quick examples: - I could have the tunnel and the route through the tunnel, as separate and not related. - Another issue with NAT traversal was immediately solved. - The PF firewall could now be applied to a specific tun interface, and not tied to the enc0 interface (when running 2 or 3 tunnels each having different access needs, this counts for a fair amount). - complexity of setting up clients and server was reduced. I have to say I started in the same boat as yourself. I wanted simple L2TP tunneling to an OpenBSD server.
Re: Using the C programming language
On Sat, 22 Dec 2007 17:04:05 +0530 Girish Venkatachalam <[EMAIL PROTECTED]> wrote: > > 1. If security is a major concern, or perhaps The Main Concern, why > > not use Ada? I specifically mention Ada since one of the most > > security demanding industries are building aircrafts and they use > > Ada. > > > > I dunno about ada. > > > 2. Rather than auditing a lot of code, correcting a lot of coding > > mistakes, like the OpenBSD security team has done, and still do, > > why not shift from C to something, just as fast and powerfull as C, > > but more secure? Again like Ada. (to completely avoid the > > possibilities of those errors). > > There is simply no alternative to C. Period. > Now those two statements are somewhat in contradiction. You can't say that Ada isn't an alternative to C without knowing what it is. Ada fully serve as an alternative to C, but read up on that if you must know. Regarding it being an alternative to C in BSD is another issue, you have to reprogram everything then.
Re: CARP + MS NLB Multicast Traffic
Hmm just noticed net.inet.ip.ifq.drops was skyrocketing. I suppose I'll start there. On Dec 22, 2007 4:59 PM, <[EMAIL PROTECTED]> wrote: > I'm having an issue, maybe someone has seen before or can help me with. > > Scenario: > I have 2 firewall boxes with carp on the outer and inner interfaces of our > network and pfsync running between them. On the inner side of the firewalls > they drop into 2 cisco 3750G switches that are stacked using stackwise. > There is a cluster of web servers sitting behind the firewalls running > Micosoft IIS and NLB in Multicast mode with IGMP. When packets come in > destined for the web cluster they are broadcast across all ports on the > switch due to the MAC being sent out multiple ports. The cisco's don't like > this and spit out the packet on all ports and igmp snooping doesnt work due > to the ms implementation. Cisco wont help us because they say that Microsoft > isnt following the RFC correctly and Microsoft says there is a patch for > this in the works but its been like this for years so I'm not holding my > breath. I'm not too concerned with this. We know how to deal with it by > mapping the multicast mac address to the static ports the webservers are on. > > > Situation: > The problem came into play when we needed to replace some of our cisco > switches and had to delete the static mac addresses on the ciscos in order > not to blackhole webservers during the transition. After we deleted the mac > addresses on the cisco's all ports were once again flooded with inbound web > traffic during the maintenance. This we expected. > > The Problem: > However what we didn't expect was our carp devices to go haywire. They > were flapping back and forth and we had intermittent connectivity issues > until we unplugged one of the boxes and our connection was stable again. It > didnt matter witch one we unplugged. As soon as we unplugged the opposite > device the connection was stable again. At the time there may have been > about 25mb of traffic to our webservers. > > The only thing that makes sense to me is some sort of race condition with > the broadcast messages. Does this make sense to anyone? Currently we have an > advbase of 1. Now I havent attempted to bump that up. Should I? I just > wanted to get some opinions on this before I make any changes. > > Has anyone seen this behavior before? and know how to solve it correctly? > Thanks.
Re: Is there a L2TP daemon port?
2007/12/23, johan beisser <[EMAIL PROTECTED]>: > No. > > After searching around, playing with PoPToP, and trying various other > solutions, I settled on OpenVPN. > > The advantages are pretty well spelled out. OpenVPN supports just > about ever OS out there. My only complaint is a lack of privsep. > > There are a multitude of guides and tutorials on how to have a simple > install package for OpenVPN for less technical users. Yes I have tried an OpenVPN client on a Mac before... it feels kind of hackish to be honest... haven't tried the Windows one yet... but if that's the only thing that works then I don't have a choice I guess. > > Good luck. > Thanks for the advice! -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Is there a L2TP daemon port?
2007/12/23, Lars NoodC)n <[EMAIL PROTECTED]>: > Sunnz wrote: > > I submitted it as a bug report to Apple, Problem ID: #5517198 > It is currently marked duplicate of #4316417 for what that's worth. > Myself, I got a blow-off answer from them written in marketese beginning > with "Engineering is aware and tracking this issue ..." > > http://bugreport.apple.com > Right, I am interested to see what bug are you talking about? However I cannot log on to that Apple's bugreport things, apparently there is a bug of the bugreport system and and need to report that bug... shame on them... Otherwise, there are L2TP/IPsec support as I can see on OS X Tiger... -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
CARP + MS NLB Multicast Traffic
I'm having an issue, maybe someone has seen before or can help me with. Scenario: I have 2 firewall boxes with carp on the outer and inner interfaces of our network and pfsync running between them. On the inner side of the firewalls they drop into 2 cisco 3750G switches that are stacked using stackwise. There is a cluster of web servers sitting behind the firewalls running Micosoft IIS and NLB in Multicast mode with IGMP. When packets come in destined for the web cluster they are broadcast across all ports on the switch due to the MAC being sent out multiple ports. The cisco's don't like this and spit out the packet on all ports and igmp snooping doesnt work due to the ms implementation. Cisco wont help us because they say that Microsoft isnt following the RFC correctly and Microsoft says there is a patch for this in the works but its been like this for years so I'm not holding my breath. I'm not too concerned with this. We know how to deal with it by mapping the multicast mac address to the static ports the webservers are on. Situation: The problem came into play when we needed to replace some of our cisco switches and had to delete the static mac addresses on the ciscos in order not to blackhole webservers during the transition. After we deleted the mac addresses on the cisco's all ports were once again flooded with inbound web traffic during the maintenance. This we expected. The Problem: However what we didn't expect was our carp devices to go haywire. They were flapping back and forth and we had intermittent connectivity issues until we unplugged one of the boxes and our connection was stable again. It didnt matter witch one we unplugged. As soon as we unplugged the opposite device the connection was stable again. At the time there may have been about 25mb of traffic to our webservers. The only thing that makes sense to me is some sort of race condition with the broadcast messages. Does this make sense to anyone? Currently we have an advbase of 1. Now I havent attempted to bump that up. Should I? I just wanted to get some opinions on this before I make any changes. Has anyone seen this behavior before? and know how to solve it correctly? Thanks.
Re: Using the C programming language
On Sat, 22 Dec 2007 15:08:05 +0100 Erik Wikstrvm <[EMAIL PROTECTED]> wrote: > I'm not very familiar with Ada so I do not know if it allows for the > same kinds of low-level programming (which is necessary when writing > an OS or code that interacts with hardware) that C does. It does. > Again, I do not know Ada so I do not know how it achieves its high > level > of safety but I would think that runtime checks is part of it. Yes. Use of Ada: http://www.adacore.com/home/ada_answers/lookwho
Re: Using the C programming language
> Hi. > > I address this issue on this list, because a lot of people here are > very skillfull C programmers. > > When looking at some of the different "reasons for security problems" > such as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why > not use Ada? I specifically mention Ada since one of the most > security demanding industries are building aircrafts and they use Ada. You are right, Ada is widely used in avionics, aerospace and defence systems, systems that demand a VERY high level of security and safety regarding lives and expensive equipment. And Ada is specifically designed for embedded systems too. It is my understanding that C is the hackers tool while Ada is the tool of the engineer. I think it is mostly because of tradition. You find Ada in almost all of Boings airplanes, and in most industry critical systems. Ada was written with compile time protection against bugs such as buffer-overflows and so on. But like many has stated, what makes programs good and secure is the programmer, but IMHO the tools and languages are important too. You cannot use something like C in a really security demanding situation, and here I think about humans lives, like in spacecrafts. A simple buffer overflow might crash the plane, and you have to have some ways of eliminating that completely. That is why Ada was designed the way it was. You can read about the history of Ada on Wikipedia. Why so much is written in C on Unix-like systems, I think its mainly tradition. IMO Ada would be much better from a security point of view. > 2. Rather than auditing a lot of code, correcting a lot of coding > mistakes, like the OpenBSD security team has done, and still do, why > not shift from C to something, just as fast and powerfull as C, but > more secure? Again like Ada. (to completely avoid the possibilities > of those errors). Some has stated that "the speed of comes, among other things, from the lack of security checks and by allowing potentially unsafe operations." But that's not the reason. You just cannot do it in Ada instead, you have to re-write the OS. OpenBSD like other BSD's are written in C. To use Ada instead you have to re-write the kernel and base system and so on. You talk about what the OpenBSD security team are doing and this means that you are talking about the kernel and base system, not ports and packages. The kernel and base system is in C. I agree that it would be better if OpenBSD or any other system for that matter was written in Ada rather than C, and they could just as well, but re-writing something as huge as OpenBSD is a MAJOR task, and what would the real benefits be in this situation? The OpenBSD team knows exactly what they are doing hence the extra security of Ada becomes almost un-necessary, but again I agree, had OpenBSD been in Ada from day one, that would save them a LOT of time! Bugs would be caught on compile time and bad-coding would almost be eliminated. > 3. Are there any real benefits in using C++ over C regarding > security? Are C++ really "better" from a security perspective? You didn't ask this, but there is certainly no benefit in using C or C+ + over Ada, regarding security or other issues. Whatever you can do in C and C ++ you can do in Ada, but the Ada code is much better because it is so much more easy to read and thus more easy to maintain and the result is a hundred times safer. This has been clearly proven in the industry over the past two decades. Just ask Boing or NASA :-) Whether there is any benefits in using C++ over C from a security perspective, IMO not really. C++ has some "better" ways to do some things to prevent some of the "errors" of C, but then it has its own problems. The language is bloated with functions, it is constantly changing making backwards compatibility difficult, and really.. Its just C "and then some" more crap. You cannot beautify what is born "ugly". Rico Secada.
Re: Is there a L2TP daemon port?
No. After searching around, playing with PoPToP, and trying various other solutions, I settled on OpenVPN. The advantages are pretty well spelled out. OpenVPN supports just about ever OS out there. My only complaint is a lack of privsep. > Hi, > > I have been thinking to set up a VPN on my OpenBSD server using L2TP > over IPsec... the IPsec stuff seem to be built-in and good... but what > about L2TP? Is there a L2TP daemon or LNS in the ports tree somewhere? > Or am I missing something? No. After searching around, playing with PoPToP, and trying various other solutions, I settled on OpenVPN. The advantages are pretty well spelled out. OpenVPN supports just about ever OS out there. My only complaint is a lack of privsep. > I like to set it up so less-technical users on a Win or Mac laptop and > come and connect to my VPN. There are a multitude of guides and tutorials on how to have a simple install package for OpenVPN for less technical users. Good luck.
Re: Is there a L2TP daemon port?
Sunnz wrote: > I like to set it up so less-technical users on a Win or Mac laptop and > come and connect to my VPN. I submitted it as a bug report to Apple, Problem ID: #5517198 It is currently marked duplicate of #4316417 for what that's worth. Myself, I got a blow-off answer from them written in marketese beginning with "Engineering is aware and tracking this issue ..." http://bugreport.apple.com The bug report is the slow way around, but IMHO the correct one in the long term. So whatever your short term solutions, I would recommend having those users file bug reports with Apple. Regards, -Lars
Is there a L2TP daemon port?
Hi, I have been thinking to set up a VPN on my OpenBSD server using L2TP over IPsec... the IPsec stuff seem to be built-in and good... but what about L2TP? Is there a L2TP daemon or LNS in the ports tree somewhere? Or am I missing something? I like to set it up so less-technical users on a Win or Mac laptop and come and connect to my VPN. Thanks. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Problems with USB sticks on 4.2-current. (Panic)
I am very frequently using usb sticks (as in "many times a day") and I have never had a problem, on different hardware, with different obsd: 4.0, 4.1, 4.2, -current 2007/12/22, Vijay Sankar <[EMAIL PROTECTED]>: > On December 22, 2007 06:20:55 am Edd Barrett wrote: > > Hi there, > > > > I have been seeing some very odd behavior on 4.2-current recently. > > > > I use hotplug. My workstation at work frequently reboots upon insertion of > > a usb stick. This may be an electronic fault, but my main workstation at > > home (same hardware exactly), can panic like so: > > > > ---8<--- > > cd /mnt/hot/sd0 > > mkdir mo > > uvm_fault(0xd07a2040, 0xf2e7b000, 0, 1) -> e > > kernel: page fault trap, code=0 > > Stopped at updatefats+0x3ctestl%eax,0(%esi,%edx,4) > > ddb> > > ---8<--- > > > > Unfortunatley the ddb prompt does not respond to my USB keyboard. It seems > > to be repeatable, so I will dig around for a serial line or ps2 keyboard if > > I don't hear anything back before sunday (when I have time). Hopefully then > > I can get a backtrace. > > > > Dmesg follows (with USB stick inserted): > > ---8<--- > > OpenBSD 4.2-current (GENERIC) #592: Sun Dec 9 17:44:05 MST 2007 > > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > > cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz > > cpu0: > > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFL > >USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = > > 2397855744 (2286MB) > > avail mem = 2310959104 (2203MB) > > mainbus0 at root > > bios0 at mainbus0: AT/286+ BIOS, date 04/05/04, BIOS32 rev. 0 @ 0xf0010, > > SMBIOS rev. 2.3 @ 0xfbe40 (76 entries) > > bios0: vendor Intel Corp. version "BF86510A.86A.0058.P15.0404050012" date > > 04/05/2004 > > bios0: Intel Corporation D865GLC > > apm0 at bios0: Power Management spec V1.2 > > apm0: AC on, battery charge unknown > > acpi at bios0 function 0x0 not configured > > pcibios0 at bios0: rev 2.1 @ 0xf/0x1 > > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/224 (12 entries) > > pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev > > 0x00) pcibios0: PCI bus #2 is the last bus > > bios0: ROM list: 0xc/0xa200! 0xca800/0x1000 0xcb800/0x1000 > > cpu0 at mainbus0 > > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > > pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02 > > agp0 at pchb0: aperture at 0xf000, size 0x800 > > vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02 > > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > > ppb0 at pci0 dev 3 function 0 "Intel 82865G/PE/P CPU-CSA" rev 0x02 > > pci1 at ppb0 bus 1 > > em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547EI)" rev 0x00: irq 10, > > address 00:0c:f1:f5:13:3c > > uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11 > > uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 5 > > uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: irq 10 > > uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: irq 11 > > ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 9 > > usb0 at ehci0: USB revision 2.0 > > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > > ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 > > pci2 at ppb1 bus 2 > > ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02: 24-bit > > timer at 3579545Hz > > pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, > > channel 0 configured to compatibility, channel 1 configured to > > compatibility wd0 at pciide0 channel 0 drive 0: > > wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors > > wd1 at pciide0 channel 0 drive 1: > > wd1: 16-sector PIO, LBA48, 78533MB, 160836480 sectors > > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 > > wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 > > wd2 at pciide0 channel 1 drive 0: > > wd2: 16-sector PIO, LBA48, 58644MB, 120103200 sectors > > atapiscsi0 at pciide0 channel 1 drive 1 > > scsibus0 at atapiscsi0: 2 targets > > cd0 at scsibus0 targ 0 lun 0: SCSI0 > > 5/cdrom removable > > wd2(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 > > cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 > > pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, > > channel 0 configured to native-PCI, channel 1 configured to native-PCI > > pciide1: using irq 10 for native-PCI interrupt > > ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: irq 3 > > iic0 at ichiic0 > > adt0 at iic0 addr 0x2e: emc6d100 rev 0x65 > > spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 > > spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC2700CL2.5 > > spdmem2 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5 > > spdmem3 at iic0 addr 0x53: 1GB DDR SDRAM non-parity PC3200CL3.0 > > usb1 at uhci0: USB
Re: Using the C programming language
Brian Hansen wrote: ... > I can't help wonder, why so much software are being developed using C. ... Because no one has done anything other than TALK about an alternative. People who talk, like alternatives. People who program seem to like C. Bringing up a general purpose OS on another language is going to be a major task, but if it is going to happen, people need to quit suggesting what other people do and start doing it and PROVE it is better by results, not talk. (hint: self-supporting OS on multiple different platforms, from amd64 to Zaurus. Self-supporting.) When you actually attempt this, you will probably find out: 1) It's a heck of a lot of work. 2) It's the people (programmers and management) that make an OS secure, not one tool. 3) why people write in C. 4) OpenBSD written in C is more secure, more stable, and more right than your alternative. You can do stupid stuff in C. You can do stupid stuff in any language. By lowering the bar and letting people think they are incapable of writing bad software, you will get entirely predictable results. There are things that can (and have!) been done to improve C, see the strl* functions for an example. But ultimately, people who write bad software will do it on any platform, with any set of tools. Make it easier, you just get more bad software. Nick.
Re: Using the C programming language
On Sat, Dec 22, 2007 at 09:25:14AM -0500, Douglas A. Tutty wrote: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > > Ada? I specifically mention Ada since one of the most security demanding > > industries are building aircrafts and they use Ada. > > I've been wondering the same thing ever since I started learning about > Ada. So many of the problems found during OpenBSD code audits would > have been found at compile time if written in Ada since the Ada compiler > itself looks for them. As you know, it also keeps track of things > during run-time. > > > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > > like the OpenBSD security team has done, and still do, why not shift from C > > to something, just as fast and powerfull as C, but more secure? Again like > > Ada. (to completely avoid the possibilities of those errors). > > Considering that Ada was written in a language design-competition (and > not written by a committee as is the common myth) to replace all the > hundreds of languages used in the US military, it has to be able to do > everything from low-level system programming to high-level computational > computer modeling. The amzing thing is that it does it all so well on > the full range of hardware from an anti-tank missle to a Cray. > > It also is trivial to write for multiple-threads or multiple processors. > Set up the program correctly and it will use whatever mult-* is > available at run-time with no change in compilation; if no threading or > only a single processor is available it will run just fine too. > > I haven't been able to find any OS that is written in Ada. There are > probably lots of propriatary ones. Ada is cool. Ada can be used for a lot of things, and it does them well. Ada is more complex, and that carries its own problems. C is really a very simple language. There are a handful of things about C that cause endless problems for people who have not learned the details of how C really works (this includes some people who have been writing C for a long time). But for those that know C well, it's very easy to write correct and readable code. C is also easily ported, which is why you often see other language compilers/interpreters written in C. If OpenBSD adopted Ada, there would still be the need for code audits. There is no magic bullet to solve all security problems. Security (and code quality) takes work, and a sensible development process. If you have a good process, the language matters less. If you have a bad process, then the language will not make things much better. C is used all over the world by a huge number of people. It's far easier to find coders who know how to write clean C than it is to find competent Ada coders. Others can say better why C is a better choice for systems-level programming, but the above points are still worth mentioning on their own. If other languages have addressed some failings of C, they have not done so in a compelling enough way to make it worthwhile to abandon the advantages of using C. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Using the C programming language
I can't help wonder, why so much software are being developed using C. C permits the programmer freedom to write code as the programmer sees fit. How the programmer uses that freedom, is up to the programmer. Putting 'training wheels' on a programming language not only limits the mistakes that can be made... it also limits the exceptionally creative code that can be written. I would rather force myself to become a better programmer... one worthy and capable of using C correctly, than to have myself 'protected' from making 'mistakes'. C give me enough rope to either hang myself, or pull myself up to the next level on the Learning Curve. "Live Free Or Die". -- -wittig http://www.robertwittig.com/ http://robertwittig.net/ http://robertwittig.org/ .
Re: Using the C programming language
On Sat, Dec 22, 2007 at 12:06:34PM +0100, Brian Hansen wrote: > > I address this issue on this list, because a lot of people here are very > skillfull C programmers. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada. I've been wondering the same thing ever since I started learning about Ada. So many of the problems found during OpenBSD code audits would have been found at compile time if written in Ada since the Ada compiler itself looks for them. As you know, it also keeps track of things during run-time. > > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). Considering that Ada was written in a language design-competition (and not written by a committee as is the common myth) to replace all the hundreds of languages used in the US military, it has to be able to do everything from low-level system programming to high-level computational computer modeling. The amzing thing is that it does it all so well on the full range of hardware from an anti-tank missle to a Cray. It also is trivial to write for multiple-threads or multiple processors. Set up the program correctly and it will use whatever mult-* is available at run-time with no change in compilation; if no threading or only a single processor is available it will run just fine too. I haven't been able to find any OS that is written in Ada. There are probably lots of propriatary ones. Doug.
Re: MacBook3,1 successful boot
On Fri, Dec 21, 2007 at 05:32:14PM +0100, Tim Saueressig, thepixelz.com wrote: > never mind, got it. > the build left out the "intel" driver. the xenocara build currently only builds the new intel driver on amd64, since it was needed there, but it was feared it might break some older hardware. Currently it appears quite stable, so may well be enabled on i386 soon. -- Every journalist has a novel in him, which is an excellent place for it.
Re: Using the C programming language
On 2007-12-22 12:06, Brian Hansen wrote: > Hi. > > I address this issue on this list, because a lot of people here are very > skillfull C programmers. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada. I'm not very familiar with Ada so I do not know if it allows for the same kinds of low-level programming (which is necessary when writing an OS or code that interacts with hardware) that C does. > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). The speed of comes, among other things, from the lack of security checks and by allowing potentially unsafe operations. Again, I do not know Ada so I do not know how it achieves its high level of safety but I would think that runtime checks is part of it. > 3. Are there any real benefits in using C++ over C regarding security? Are > C++ really "better" from a security perspective? C++ is not inherently safer than C (in fact much C code is also valid C++) but there are a number of mechanisms in C++ that makes some kinds of constructs easier/more convenient. But there is nothing that can be done in C++ that can not be done or emulated in C. What C++ does offer with its more extensive OO support is to make it easier to encapsulate potentially unsafe operations and constructs in higher-level objects. By making sure that those objects never perform any unsafe actions you eliminate some low-hanging fruit (one of the most common security problems comes from to small string-buffers, by using string classes instead the user does not have to concern him/her self with such things). Of course such encapsulation is not free and there are both speed and memory considerations. Having said that you should be aware that most of the tougher security issues are language independent, even code written in C# and similar languages can have security issues. -- Erik WikstrC6m
Re: Problems with USB sticks on 4.2-current. (Panic)
On December 22, 2007 06:20:55 am Edd Barrett wrote: > Hi there, > > I have been seeing some very odd behavior on 4.2-current recently. > > I use hotplug. My workstation at work frequently reboots upon insertion of > a usb stick. This may be an electronic fault, but my main workstation at > home (same hardware exactly), can panic like so: > > ---8<--- > cd /mnt/hot/sd0 > mkdir mo > uvm_fault(0xd07a2040, 0xf2e7b000, 0, 1) -> e > kernel: page fault trap, code=0 > Stopped at updatefats+0x3ctestl%eax,0(%esi,%edx,4) > ddb> > ---8<--- > > Unfortunatley the ddb prompt does not respond to my USB keyboard. It seems > to be repeatable, so I will dig around for a serial line or ps2 keyboard if > I don't hear anything back before sunday (when I have time). Hopefully then > I can get a backtrace. > > Dmesg follows (with USB stick inserted): > ---8<--- > OpenBSD 4.2-current (GENERIC) #592: Sun Dec 9 17:44:05 MST 2007 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFL >USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = > 2397855744 (2286MB) > avail mem = 2310959104 (2203MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 04/05/04, BIOS32 rev. 0 @ 0xf0010, > SMBIOS rev. 2.3 @ 0xfbe40 (76 entries) > bios0: vendor Intel Corp. version "BF86510A.86A.0058.P15.0404050012" date > 04/05/2004 > bios0: Intel Corporation D865GLC > apm0 at bios0: Power Management spec V1.2 > apm0: AC on, battery charge unknown > acpi at bios0 function 0x0 not configured > pcibios0 at bios0: rev 2.1 @ 0xf/0x1 > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/224 (12 entries) > pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev > 0x00) pcibios0: PCI bus #2 is the last bus > bios0: ROM list: 0xc/0xa200! 0xca800/0x1000 0xcb800/0x1000 > cpu0 at mainbus0 > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02 > agp0 at pchb0: aperture at 0xf000, size 0x800 > vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > ppb0 at pci0 dev 3 function 0 "Intel 82865G/PE/P CPU-CSA" rev 0x02 > pci1 at ppb0 bus 1 > em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547EI)" rev 0x00: irq 10, > address 00:0c:f1:f5:13:3c > uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11 > uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 5 > uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: irq 10 > uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: irq 11 > ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 9 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 > pci2 at ppb1 bus 2 > ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02: 24-bit > timer at 3579545Hz > pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, > channel 0 configured to compatibility, channel 1 configured to > compatibility wd0 at pciide0 channel 0 drive 0: > wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors > wd1 at pciide0 channel 0 drive 1: > wd1: 16-sector PIO, LBA48, 78533MB, 160836480 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 > wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 > wd2 at pciide0 channel 1 drive 0: > wd2: 16-sector PIO, LBA48, 58644MB, 120103200 sectors > atapiscsi0 at pciide0 channel 1 drive 1 > scsibus0 at atapiscsi0: 2 targets > cd0 at scsibus0 targ 0 lun 0: SCSI0 > 5/cdrom removable > wd2(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 > cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 > pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, > channel 0 configured to native-PCI, channel 1 configured to native-PCI > pciide1: using irq 10 for native-PCI interrupt > ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: irq 3 > iic0 at ichiic0 > adt0 at iic0 addr 0x2e: emc6d100 rev 0x65 > spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 > spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC2700CL2.5 > spdmem2 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5 > spdmem3 at iic0 addr 0x53: 1GB DDR SDRAM non-parity PC3200CL3.0 > usb1 at uhci0: USB revision 1.0 > uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb2 at uhci1: USB revision 1.0 > uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb3 at uhci2: USB revision 1.0 > uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb4 at uhci3: USB revision 1.0 > uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > isa0 at ichpcib0 > isadma0 at isa0 > pckbc0 at isa0
Problems with USB sticks on 4.2-current. (Panic)
Hi there, I have been seeing some very odd behavior on 4.2-current recently. I use hotplug. My workstation at work frequently reboots upon insertion of a usb stick. This may be an electronic fault, but my main workstation at home (same hardware exactly), can panic like so: ---8<--- cd /mnt/hot/sd0 mkdir mo uvm_fault(0xd07a2040, 0xf2e7b000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at updatefats+0x3ctestl%eax,0(%esi,%edx,4) ddb> ---8<--- Unfortunatley the ddb prompt does not respond to my USB keyboard. It seems to be repeatable, so I will dig around for a serial line or ps2 keyboard if I don't hear anything back before sunday (when I have time). Hopefully then I can get a backtrace. Dmesg follows (with USB stick inserted): ---8<--- OpenBSD 4.2-current (GENERIC) #592: Sun Dec 9 17:44:05 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 2397855744 (2286MB) avail mem = 2310959104 (2203MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/05/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfbe40 (76 entries) bios0: vendor Intel Corp. version "BF86510A.86A.0058.P15.0404050012" date 04/05/2004 bios0: Intel Corporation D865GLC apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xa200! 0xca800/0x1000 0xcb800/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02 agp0 at pchb0: aperture at 0xf000, size 0x800 vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 3 function 0 "Intel 82865G/PE/P CPU-CSA" rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547EI)" rev 0x00: irq 10, address 00:0c:f1:f5:13:3c uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: irq 10 uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: irq 11 ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 9 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 pci2 at ppb1 bus 2 ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors wd1 at pciide0 channel 0 drive 1: wd1: 16-sector PIO, LBA48, 78533MB, 160836480 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 wd2 at pciide0 channel 1 drive 0: wd2: 16-sector PIO, LBA48, 58644MB, 120103200 sectors atapiscsi0 at pciide0 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable wd2(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: irq 3 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x65 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem2 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5 spdmem3 at iic0 addr 0x53: 1GB DDR SDRAM non-parity PC3200CL3.0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by
Re: legitimate mail messages passing through SPAMD
On December 22, 2007 05:47:56 am Jeff Santos wrote: > Hi, > > I posted a question earlier, but I guess I was not clear. > > I have a firewall running OpenBSD 4.2 and SPAMD to block spams. > I would like to know how many legitimate email messages SPAMD > is letting in. The default spamd setup that comes in pf.conf is > > no rdr on $ext_if proto tcp from to any port smtp > rdr pass on $ext_if proto tcp from any to any port smtp \ >-> 127.0.0.1 port spamd > > So I thought of using 'pfctl -vsn'. In the output of this command, > one of the values is the accumulated number of evaluations of > each rule. So my question is can I assume the number of > evaluations of the rule > 'no rdr pass on $ext_if proto tcp from ...' > > is also a good measure for the number of SMTP connections that > were forwarded to the MTA(s)? > > If not, is there another way to extract this number without > querying the MTA? > > Thanks in advance. > > Regards, > > Jeff > > -- > Want an e-mail address like mine? > Get a free e-mail account today at www.mail.com! What about a grep -c "stat=Sent (OK)" /var/log/maillog if you are using sendmail as the MTA? -- Vijay Sankar, M.Eng., P.Eng. President & CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
Re: OpenBSD 4.1 - NAT + ttl=0 trouble
Stuart Henderson wrote: > > I didn't give you rules to try, I was pointing out that you had > a problem because you had conflicting scrub rules. > > Since you didn't include pf.conf I can't make any suggestions > exactly what is conflicting, but if you look through it you'll find > some other scrub rules which you need to remove or re-order. > > > > Aha...probably i have conflicting rules. See my pf.conf below. fxp0 has 192.168.1.1/24 and rl0 10.10.10.1/24 My laptop receive IP via dhcp from OpenBSD server. I don't use switch to connect my laptop via 192.168.1.0/24... So I need to work via 10.10.10.0/24 network. Everything works fine until my ISP set ttl to 0. OK there is my pf.conf #macros ext_if="fxp0" int_if="rl0" tcp_services="{ 13, 21, 22, 37, 53, 80, 113, 139, 443, 445, 3:30005 }" #tcp_services="{ 13, 21, 22, 37, 80, 113, 139, 443, 445 }" icmp_types="echoreq" # options set block-policy return set loginterface $ext_if set skip on lo # scrub scrub in scrub in all fragment reassemble scrub in on $ext_if all min-ttl 15 max-mss 1400 fragment reassemble scrub out on $ext_if all min-ttl 15 max-mss 1400 fragment reassemble scrub in on $ext_if all no-df fragment reassemble scrub on $ext_if all reassemble tcp fragment reassemble # nat/rdr #nat on $ext_if from !($ext_if) -> ($ext_if:0) nat on fxp0 from rl0:network to any -> fxp0 #nat-anchor "ftp-proxy/*" # #rdr-anchor "ftp-proxy/*" #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 #rdr on $ext_if proto tcp from any to any port 80 -> $comp3 # filter rules block in pass out keep state #block drop in on $ext_if proto tcp from 192.168.1.100 \ # to $ext_if port 21 1,8 Top block in log quick on $ext_if proto tcp from 192.168.1.254 to any port { 113, 139, 445 } pass in on $ext_if proto tcp from 192.168.1.254 to any port { 21, 3:30005 } #pass in on $ext_if proto {tcp, udp} from 192.168.1.100 to any port { 111, 2049 } pass in on $ext_if proto { tcp, udp } from 192.168.1.0/24 to any port { 137, 138, 139, 445 } pass in on $ext_if proto { tcp, udp } from any to any port { 53 } block in log quick on $ext_if proto tcp from 77.232.66.61 to any port { 21, 3:30005 } #block in log quick on $ext_if proto {tcp, udp} from 192.168.1.100 to any port ftp #block out on $ext_if proto tcp from 192.168.1.100 \ to $ext_if port 80 #block in quick on fxp0 proto tcp from any to 192.168.1.100 port ftp #anchor "ftp-proxy/*" #set block-policy return block in log quick proto tcp flags FUP/WEUAPRSF block in log quick proto tcp flags WEUAPRSF/WEUAPRSF block in log quick proto tcp flags SRAFU/WEUAPRSF block in log quick proto tcp flags /WEUAPRSF block in log quick proto tcp flags SR/SR block in log quick proto tcp flags SF/SF # block in quick proto tcp all flags SF/SFRA block in quick proto tcp all flags FPU/SFRAUP block in quick proto tcp all flags /SFRA block in quick proto tcp all flags F/SFRA block in quick proto tcp all flags U/SFRAU antispoof quick for { lo $int_if } pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass quick on $int_if Thank you -- View this message in context: http://www.nabble.com/OpenBSD-4.1NAT-%2B-ttl%3D0-trouble-tp14463336p14468697.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
legitimate mail messages passing through SPAMD
Hi, I posted a question earlier, but I guess I was not clear. I have a firewall running OpenBSD 4.2 and SPAMD to block spams. I would like to know how many legitimate email messages SPAMD is letting in. The default spamd setup that comes in pf.conf is no rdr on $ext_if proto tcp from to any port smtp rdr pass on $ext_if proto tcp from any to any port smtp \ -> 127.0.0.1 port spamd So I thought of using 'pfctl -vsn'. In the output of this command, one of the values is the accumulated number of evaluations of each rule. So my question is can I assume the number of evaluations of the rule 'no rdr pass on $ext_if proto tcp from ...' is also a good measure for the number of SMTP connections that were forwarded to the MTA(s)? If not, is there another way to extract this number without querying the MTA? Thanks in advance. Regards, Jeff -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: Using the C programming language
On 12:06:34 Dec 22, Brian Hansen wrote: > Hi. > > I address this issue on this list, because a lot of people here are very > skillfull C programmers. Yes. OpenBSD not only is secure , the code is also exceedingly beautiful. You can discern a certain artistic beauty in the way code is written, even commented. If you don't believe me, take a look at IPsec implementation in the other BSDs from KAME and the one in OpenBSD. ;) If you are really bold, also see the same under linux. www.freeswan.org which was abandoned. The code is so direct, clear and straight forward. Security can be obtained only thro' simplicity, less code and good review process. OpenBSD's C coding process ensures all three. And more. It is not possible for ssh to be so secure but for these practices. If you look at secure code from other projects, you will find that the code is so poorly indented, carelessly written and all sorts of tricks resorted to. This makes review ineffective and audit close to impossible. It is not just the programming language. It is also how it is used and who uses it that matters. In Tamil, my mother tongue there is a beautiful simile. "Flower garland in the hand of a monkey." You need really smart people to do a good job. Even the best of tools will be misused by incompetent people the same way a flower garland is spoilt by a monkey. > > When looking at some of the different "reasons for security problems" such > as: > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ > > I can't help wonder, why so much software are being developed using C. > > To conclude my study I appreciate any help on the following questions: > > 1. If security is a major concern, or perhaps The Main Concern, why not use > Ada? I specifically mention Ada since one of the most security demanding > industries are building aircrafts and they use Ada. > I dunno about ada. > 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, > like the OpenBSD security team has done, and still do, why not shift from C > to something, just as fast and powerfull as C, but more secure? Again like > Ada. (to completely avoid the possibilities of those errors). There is simply no alternative to C. Period. > 3. Are there any real benefits in using C++ over C regarding security? Are > C++ really "better" from a security perspective? C++ is a disease. A horrible programming language. > 4. Has anyone from the OpenBSD team written any guidelines in "secure > programming"? (I haven't been able to locate anything except some interviews > and stuff). Check out the papers on http://www.openbsd.org/papers/ You can take a look at one of them on OpenBSD culture. -Girish
Using the C programming language
Hi. I address this issue on this list, because a lot of people here are very skillfull C programmers. When looking at some of the different "reasons for security problems" such as: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ I can't help wonder, why so much software are being developed using C. To conclude my study I appreciate any help on the following questions: 1. If security is a major concern, or perhaps The Main Concern, why not use Ada? I specifically mention Ada since one of the most security demanding industries are building aircrafts and they use Ada. 2. Rather than auditing a lot of code, correcting a lot of coding mistakes, like the OpenBSD security team has done, and still do, why not shift from C to something, just as fast and powerfull as C, but more secure? Again like Ada. (to completely avoid the possibilities of those errors). 3. Are there any real benefits in using C++ over C regarding security? Are C++ really "better" from a security perspective? 4. Has anyone from the OpenBSD team written any guidelines in "secure programming"? (I haven't been able to locate anything except some interviews and stuff). Thanks. Brad.
Re: help to install OpenBSD/amd64 on a acer aspire 1500
Le vendredi 21 dC)cembre 2007 C 13:20 +, Stuart Henderson a C)crit : > On 2007/12/21 14:08, Mathieu Stumpf wrote: > > OpenBSD/amd64 won't boot on my acer aspire 1500. > > Does i386 boot? If so, send a dmesg. > Ok, i386 boot, at least the install CD boot. Once installed OpenBSD freeze while booting. Here are the two last line it display : biomask ef75 netmask ef75 ttymask fff7 mtrr : Pentium Pro MTRR support Maybe there is a problem with my memory. Would it be dangerous to disable mtrr[1]? I wouldn't like to burn the only computer I own. ;P Here is the full dmseg, when booting from the install CD. sd0 is an usb key I used to record dmesg output. OpenBSD 4.2-current (RAMDISK_CD) #583: Tue Dec 18 19:00:57 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: AMD Athlon(tm) 64 Processor 3200+ ("AuthenticAMD" 686-class, 1024KB L2 cache) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2 real mem = 535326720 (510MB) avail mem = 511590400 (487MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/11/04, BIOS32 rev. 0 @ 0xfd470, SMBIOS rev. 2.3 @ 0xd8010 (42 entries) bios0: vendor Phoenix version "V1.06" date 02/11/2004 bios0: Acer Aspire 1500 apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc30/160 (8 entries) pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xf000 0xcf000/0x1000 0xd/0x1800 0xd8000/0x4000! 0xdc000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x01 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M10 NP" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) "Broadcom BCM4306" rev 0x03 at pci0 dev 10 function 0 not configured cbb0 at pci0 dev 11 function 0 "Ricoh 5C476 CardBus" rev 0xaa: irq 10 cbb1 at pci0 dev 11 function 1 "Ricoh 5C476 CardBus" rev 0xaa: irq 10 "Ricoh 5C552 Firewire" rev 0x02 at pci0 dev 11 function 2 not configured bge0 at pci0 dev 12 function 0 "Broadcom BCM5788" rev 0x03, BCM5705 A3 (0x3003): irq 9, address 00:0a:e4:4e:f6:94 brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2 uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 9 uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 10 uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 11 ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "VIA EHCI root hub" rev 2.00/1.00 addr 1 pcib0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00 pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 "VIA VT8233 AC97" rev 0x50 at pci0 dev 17 function 5 not configured "VIA VT82C686 Modem" rev 0x80 at pci0 dev 17 function 6 not configured pchb1 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb2 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb3 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00 pchb4 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x40 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x40 pcmcia1 at cardslot1 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "VIA UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 "VIA UHCI root hub" rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fff5 netmask fff5 ttymask fff7 rd0: fixed, 3800 blocks umass0 at uhub0 port 5 configuration 1 interface 0 "vendor 0x0930 USB Flash Memory" rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: <, USB Flash Memory, 5.00> SCSI0 0/direct removable sd0: 3935MB, 501 cyl, 255 head, 63 sec, 512 byte
Re: OpenBSD 4.1 - NAT + ttl=0 trouble
I didn't give you rules to try, I was pointing out that you had a problem because you had conflicting scrub rules. Since you didn't include pf.conf I can't make any suggestions exactly what is conflicting, but if you look through it you'll find some other scrub rules which you need to remove or re-order. On 2007/12/22 00:49, gentoo1 wrote: > Stuart Henderson wrote: > > > > On 2007/12/21 14:13, gentoo1 wrote: > >> I put this in my pf.conf but ttl is still zero.: > >> > >> scrub out on $ext_if min-ttl 10 > >> > >> scrub in on $ext_if all fragment reassemble min-ttl 15 max-mss 1400 > > > > You've got some other scrub rules: > > > >> scrub in all fragment reassemble > >> scrub in on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > >> scrub out on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > >> scrub in on fxp0 all no-df fragment reassemble > >> scrub on fxp0 all reassemble tcp fragment reassemble > > > > It looks like first matching scrub rule wins, so you need to > > remove/re-order some of the others. > > > > > > > > Thank you Stuart for your kind reply! > Ok. I try your rules but ttl is still zero. First i set this rules in my > pf.conf , then i flush all tables and start pf again. > > mars:~# pfctl -sr > scrub in all fragment reassemble > scrub in all fragment reassemble > scrub in on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > scrub out on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > scrub in on fxp0 all no-df fragment reassemble > scrub on fxp0 all reassemble tcp fragment reassemble > .. > > mars:~# ping openbsd.org > PING openbsd.org (199.185.137.3): 56 data bytes > 64 bytes from 199.185.137.3: icmp_seq=0 ttl=0 time=207.995 ms > 64 bytes from 199.185.137.3: icmp_seq=1 ttl=0 time=208.266 ms > > :( > > So any other ideas? > Thanks
Re: anyone with lenovo x61s with built-in umts/3g device?
On Sat, Oct 13, 2007 at 10:19:38PM +0200, Felix Kronlage wrote: > i'm looking for someone who has a lenovo x61(s)/t61 with the > built-in UMTS/HSDPA modem. If anyone has one of these, please > write to me off-list. just for the record, the UMTS/HSDPA modem present in x61s is just another variation of the Sierra Wireless MC8755, so it was just a matter of adding the device id to let umsm(4) attach. I'm pretty certain that the t61 has the same built-in module, in case anyone has one, I'd be happy to have that verified. felix
Re: OpenBSD 4.1 - NAT + ttl=0 trouble
Stuart Henderson wrote: > > On 2007/12/21 14:13, gentoo1 wrote: >> I put this in my pf.conf but ttl is still zero.: >> >> scrub out on $ext_if min-ttl 10 >> >> scrub in on $ext_if all fragment reassemble min-ttl 15 max-mss 1400 > > You've got some other scrub rules: > >> scrub in all fragment reassemble >> scrub in on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble >> scrub out on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble >> scrub in on fxp0 all no-df fragment reassemble >> scrub on fxp0 all reassemble tcp fragment reassemble > > It looks like first matching scrub rule wins, so you need to > remove/re-order some of the others. > > > Thank you Stuart for your kind reply! Ok. I try your rules but ttl is still zero. First i set this rules in my pf.conf , then i flush all tables and start pf again. mars:~# pfctl -sr scrub in all fragment reassemble scrub in all fragment reassemble scrub in on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble scrub out on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble scrub in on fxp0 all no-df fragment reassemble scrub on fxp0 all reassemble tcp fragment reassemble .. mars:~# ping openbsd.org PING openbsd.org (199.185.137.3): 56 data bytes 64 bytes from 199.185.137.3: icmp_seq=0 ttl=0 time=207.995 ms 64 bytes from 199.185.137.3: icmp_seq=1 ttl=0 time=208.266 ms :( So any other ideas? Thanks -- View this message in context: http://www.nabble.com/OpenBSD-4.1NAT-%2B-ttl%3D0-trouble-tp14463336p14467410.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Error updating 4.2 - permission denied
>>> === >>> >>> I have cleared the /usr/src directory and reloaded the tree from the CD, >>> and gone through the >>> whole process again, but get the same error. >>> >> >> This is the second time I've heard of this problem... >> >> Could you tell us what the permissions are >> on /usr/src/gnu/usr.bin/binutils/gdb/observer.sh? >> >> The permissions should be 755, whereas I'm guessing that you're missing the >> execute bit(s). If this is the case correcting the file permissions should >> allow you to run make build. >> >The permissions on /observer.sh were rw for owner (root) only. This was >also the case with all of the .sh files in that directory and others. > >I removed the /usr/src directory and all contents, and reloaded the >source files again from the CD and checked the permissions. >All of the .sh files now had the proper 755 permissions. > >When I then updated from [EMAIL PROTECTED] and when I >checked the permissions again, they had reverted back to rw only. > >All these were performed logged in as root. > >What would you recommend? "Try another anoncvs server just in the event that something is corrupted" would seem more than reasonable. There are around 20 servers listed at anoncvs.html.