Re: spam from chrooted CMSes
On 10 April 2009 c. 05:42:21 Uwe Dippel wrote: I'm running postfix as MTA on a machine with several CMS, on a chrooted Apache. Recently, there is a huge number of spam being sent from there, alas. When I scan the postfix-logs, all those come from 'root', meaning they don't come through port 25. I run OpenBSD with mini-sendmail, and now I wonder how I could find out from which CMS they are sent. Is there any chance to find out from which CMS they are sent? Do your clients have ability to connect to external hosts? If yes then you should not even bother logging PHP mail() calls or such. If outgoing connections are closed then you should have different system users (i.e., different UIDs) for each client; otherwise it'll be easy possible for hacker to spoof sender: nothing stops him from modifying other client's scripts or just implementing SMTP server entire in PHP. And only if both requirements passed then you can improve your antispam scurity either by 1) modifying mini_sendmail, or 2) writing a simple Perl wrapper that parses input data (bundled and/or in-ports Perl modules should make it very easy) and then passes data to real mini_sendmail. IMHO, it's much easier to make mini_sendmail log mail, or add a specific header to each letter that may help you in debugging. In the latter case you may even put some limits for mail based on your header knowledge in your real MTA, which mini_sendmail will forward letters to. You do not need big programming skills to do that, just some basic C knowledge. If you do not know C at all, ask some your friend to do this work for beer (or mineral water, if he doesn't like alcohol ;) ). -- Best wishes, Vadim Zhukov A: Because it messes up the way people read text. Q: Why is a top-posting such a bad thing?
Re: spam from chrooted CMSes
Matthew Weigel unique at idempot.net writes: Huh? I'm talking about the CMS itself authenticating to the SMTP server, and giving each application a single set of credentials. chroot is the name, and isolation is the game. This should be set in the CMS's config files, much like database credentials. Again, I didn't write or install them. Then I configure that board's software to connect to my SMTP server to send mail, and it has to authenticate as board at idempot.net to send any mail. Now, if my server starts sending out spam, I can check the logs and see if the spam is coming from the user board at idempot.net to verify that the particular board software I'm using is the compromised software or not. And here we come to something! This makes sense, compared to me looking through users' code: A hook that allows the insertion of a filter either in php before calling mini_sendmail, or in mini_sendmail itself. postfix is the wrong answer, because the default sender from chrooted mini_sendmail would be 'root', and postfix needs to accept mail from root. So that filter would do something like deny all allow cms_legal allow cms_department allow cms_conference In case anybody had some snippets, I'd be grateful to receive those. Thanks, Uwe
Re: spam from chrooted CMSes
Vadim Zhukov wrote: Do your clients have ability to connect to external hosts? If yes then you should not even bother logging PHP mail() calls or such. If outgoing connections are closed then you should have different system users (i.e., different UIDs) for each client; otherwise it'll be easy possible for hacker to spoof sender: nothing stops him from modifying other client's scripts or just implementing SMTP server entire in PHP. Exactly. That's what I, that's what everyone has who hosts web sites of users. If someone can hack into it, she can write some basic SMTP easily. But when you have 200+ users, and 10+ run some php code, and your postfix spews spam to world and sundry, a filter 'From:' - before reaching postfix, because 'root' does not send from chrooted Apache, can conveniently block all mails with illegal senders' addresses. And only if both requirements passed then you can improve your antispam scurity either by 1) modifying mini_sendmail, or 2) writing a simple Perl wrapper that parses input data (bundled and/or in-ports Perl modules should make it very easy) and then passes data to real mini_sendmail. IMHO, it's much easier to make mini_sendmail log mail, or add a specific header to each letter that may help you in debugging. In the latter case you may even put some limits for mail based on your header knowledge in your real MTA, which mini_sendmail will forward letters to. You do not need big programming skills to do that, just some basic C knowledge. If you do not know C at all, ask some your friend to do this work for beer (or mineral water, if he doesn't like alcohol ;) ). I don't mind paying a drink, I even don't mind gobbling up something myself. But maybe something likewise existed, and then I could simply save my time. I guess I'm not the only one who runs official CMSes on a server, that need to send mail, and want to block everyone else's website hosted there as well, from sending mail. Thanks, Uwe
Re: ssh tunnel tun device forwarding without root
Lars Noodin wrote: Lars NoodC)n wrote: What way is there to use sudo on both the local and the remote machine instead? ... Ok. (so that this goes in the archives) One work-around is to change the group for the relevant tun device on the remote machine. Then give the group rw privileges to the device. e.g. $ ls -l /dev/tun? crw--- 1 root wheel40, 0 Apr 11 14:50 /dev/tun0 crw-rw 1 root dialer 40, 1 Apr 11 20:23 /dev/tun1 I've been wondering about this too. Although I have not tested this yet, I assume it will work. Thanks for sharing! :) /Alexander
Re: ssh tunnel tun device forwarding without root
Alexander Hall wrote: Lars NoodC)n wrote: $ ls -l /dev/tun? crw--- 1 root wheel40, 0 Apr 11 14:50 /dev/tun0 crw-rw 1 root dialer 40, 1 Apr 11 20:23 /dev/tun1 I've been wondering about this too. Although I have not tested this yet... It works to eliminate the need for logging in as root on the remote host. However local root is still needed, but sudo can manage that. The only mischief I could think of trying would be to rename the device, but that is prevented: $ mv /dev/tun1 /dev/tun6 mv: rename /dev/tun1 to /dev/tun6: Permission denied Regards, -Lars
Re: How to find my USB?
The USB DISK PRO is working but i have another USB (is sd5 FAT32), an i have this problem: when i write mount -t msdos /dev/sd5i /mnt/usb2 or mount /dev/sd5i /mnt/usb2 it says mount_ffs: /dev/sd5h on /mnt/usb2: No such file or directory (i haven't mounted anything). Is sd5 too. Somebody could help me? Thank you very much again. I am already using PKG_CACHE, and it works. PD: I have sent this to the misc list.
Re: How to find my USB?
disklabel sd5 disklabel: /dev/rsd5: No such file or directory ls -aF /mnt ./../ cd0/ usb2/ # sysctl hw.disknames hw.disknames=wd0,cd0,sd0,sd1,sd2,sd3,sd4,sd5,sd6 dmesg: sd5 at scsibus2 targ 1 lun 0: , TDK Trans-it, PMAP SCSI0 0/direct removable sd5: 4006MB, 15 cyl, 255 head, 63 sec, 512 bytes/sec, 243200 sec total sd6 at scsibus2 targ 1 lun 1: , TDK Trans-it, PMAP SCSI0 0/direct removable sd6: 1MB, 1 cyl, 1 head, 2880 sec, 512 bytes/sec, 2880 sec total # disklabel sd0 disklabel: ioctl DIOCGDINFO: Input/output error # disklabel sd1 disklabel: ioctl DIOCGDINFO: Input/output error # disklabel sd2 disklabel: ioctl DIOCGDINFO: Input/output error # disklabel sd3 disklabel: ioctl DIOCGDINFO: Input/output error # disklabel sd4 disklabel: ioctl DIOCGDINFO: Input/output error # disklabel sd5 disklabel: /dev/rsd5: No such file or directory # disklabel sd6 disklabel: /dev/rsd6: No such file or directory Thank you very much.
Re: ssh tunnel tun device forwarding without root
On Sun, 12 Apr 2009 15:29:57 +0300 Lars Noodin larsnoo...@openoffice.org wrote: Alexander Hall wrote: Lars NoodC)n wrote: $ ls -l /dev/tun? crw--- 1 root wheel40, 0 Apr 11 14:50 /dev/tun0 crw-rw 1 root dialer 40, 1 Apr 11 20:23 /dev/tun1 I've been wondering about this too. Although I have not tested this yet... It works to eliminate the need for logging in as root on the remote host. However local root is still needed, but sudo can manage that. The only mischief I could think of trying would be to rename the device, but that is prevented: $ mv /dev/tun1 /dev/tun6 mv: rename /dev/tun1 to /dev/tun6: Permission denied Regards, -Lars Since you don't have write access to the /dev directory, the attempted move fails. The thing to realize is a device file is really nothing more than a pointer to a handling routine in the kernel. If you manage to change what routine said pointer actually points to in the kernel (i.e. Major and Minor number as displayed by ls), then there's a serious problem because you're now executing the wrong code in the kernel. crw--w 1 jcr tty 5, 8 Apr 12 05:58:17 2009 ttyp8 crw--w 1 jcr tty 5, 9 Apr 12 06:11:30 2009 ttyp9 crw--w 1 jcr tty 5, 10 Apr 12 06:14:51 2009 ttypa crw--w 1 jcr tty 5, 11 Apr 12 06:14:51 2009 ttypb crw--w 1 jcr tty 5, 12 Apr 12 06:14:51 2009 ttypc crw--- 1 jcr jcr69, 1 Mar 29 22:20:59 2009 wskbd crw--- 1 jcr jcr67, 0 Mar 29 22:20:59 2009 wskbd0 crw--- 1 jcr jcr69, 0 Mar 29 22:20:59 2009 wsmouse crw--- 1 jcr jcr68, 0 Mar 29 22:20:59 2009 wsmouse0 The above shows some pseudo terminals (xterms) I have open, and the last two (ttypb and ttypc) were opened for this test. I've got read and write permissions to both of them. $ mknod -m 0600 ttypb c 5 12 ksh: mknod: ttypb: Operation not permitted $ I tried to use mknod(8) (the same command used by MAKEDEV) to force the the ttypb device file point to the same routine in the kernel where the ttypc device file is pointing. Of course, it didn't work (as expected), but that's the kind of scary stuff you need to watch out for when you go mucking around with device files and permissions. As long as you remember a device file is a pointer to executable code in kernel space, you'll appropriately fearful and cautious about messing with them. -- J.C. Roberts
Re: European orders - Thank you Theo and your team, some of us appreciate you!
Slightly late in responding to this, but hey: Michael Grigoni wrote: William Chivers wrote: Thank you Theo and your team of developers for OpenBSD. Some people responding to the European Orders thread seem to have lost sight of what OpenBSD is and who develops it. I am a bit of a newbie here (although I have been using computers in my career since 1972)... I also add my thanks to the discussion. I do have a fundamental question to pose however. It seems that opensource culture for large projects is driven by featurism and the need to make massive changes incorporated into frequent releases. I come from a background of very long-term stability requirements for APIs and ABIs, performance figures on hardware over long life-cycles and stringent documentation. I do embedded work and expect to maintain a system for decades without massive overhaul. First, let me add my thanks to Theo and the guys for the continued existence of OpenBSD. You and your work *are* appreciated. Second, you mentioned embedded work, which is my main work area. Yes, embedded stuff needs to be stable long-term - but the Internet isn't: threats change, and OpenBSD evolves. A classic solution to that (which I've used) is to simply accept that the legacy embedded stuff should not be directly connected to the Internet, and to use a current (or at least regularly maintained) OpenBSD machine as a gateway. Or, to put it another way: use the right tools for the job. Steve -- http://www.fivetrees.com
Re: How to find my USB?
Juan Jimenez Galdos wrote: The USB DISK PRO is working but i have another USB (is sd5 FAT32), an i have this problem: when i write mount -t msdos /dev/sd5i /mnt/usb2 or mount /dev/sd5i /mnt/usb2 it says mount_ffs: /dev/sd5h on /mnt/usb2: No such file or directory (i haven't mounted anything). Is sd5 too. Somebody could help me? Thank you very much again. I am already using PKG_CACHE, and it works. PD: I have sent this to the misc list. http://openbsd.org/faq/faq14.html#foreignfs What's the output of disklabel sd5? What's the output of ls -aF /mnt? BR, Stijn
I can't use gnome with a normal user
I have created a normal user and when i log on with gdm (gnome), instead of starting gnome, i only have a terminal and all the screen gray. I can't maximize or minimize, and i can't open another tab in the terminal. Somebody could help me? What can i do? Thank you very much.
Re: I can't use gnome with a normal user
Ok, i have found the problem, i had to start gnome-session.
matching ipv6 esp traffic
Hi, I'm trying to secure my wlan access point with ipsec. Apparently I cannot match ipv6 esp traffic. This is on 4.4 I build a simplified setup with qemu, ipsec-gw and ipsec-client: - ipsec-gw [r...@ipsec-gw:~]# cat /etc/ipsec.conf ike passive esp from 10.12.32.235 to 10.12.32.236 ike passive esp from 2001:db8::1 to 2001:db8::2 [r...@ipsec-gw:~]# cat /etc/pf.conf pass log on enc0 block in log on em0 pass out log on em0 # allow link-local multicast for neighbor solicitation / neighbor advertisement pass in on em0 proto icmp6 to FF02::/16 pass in on em0 proto tcp from any to em0 port ssh pass in log on em0 proto udp from any to em0 port isakmp pass in log on em0 proto esp from any to em0 [r...@ipsec-gw:~]# ipsecctl -s all FLOWS: flow esp in from 10.12.32.236 to 10.12.32.235 peer 10.12.32.236 srcid 10.12.32.235/32 dstid 10.12.32.236/32 type use flow esp out from 10.12.32.235 to 10.12.32.236 peer 10.12.32.236 srcid 10.12.32.235/32 dstid 10.12.32.236/32 type require flow esp in from 2001:db8::2 to 2001:db8::1 peer 2001:db8::2 srcid 2001:db8::1/128 dstid 2001:db8::2/128 type use flow esp out from 2001:db8::1 to 2001:db8::2 peer 2001:db8::2 srcid 2001:db8::1/128 dstid 2001:db8::2/128 type require SAD: esp tunnel from 2001:db8::1 to 2001:db8::2 spi 0x20d8f195 auth hmac-sha2-256 enc aes esp tunnel from 10.12.32.235 to 10.12.32.236 spi 0x6335527f auth hmac-sha2-256 enc aes esp tunnel from 10.12.32.236 to 10.12.32.235 spi 0xa90135ff auth hmac-sha2-256 enc aes esp tunnel from 2001:db8::2 to 2001:db8::1 spi 0xd9956a4e auth hmac-sha2-256 enc aes - ipsec-client [r...@ipsec-client:~]# cat /etc/pf.conf pass all [r...@ipsec-client:~]# cat /etc/ipsec.conf ike esp from 10.12.32.236 to 10.12.32.235 ike esp from 2001:db8::2 to 2001:db8::1 [r...@ipsec-client:~]# ipsecctl -s all FLOWS: flow esp in from 10.12.32.235 to 10.12.32.236 peer 10.12.32.235 srcid 10.12.32.236/32 dstid 10.12.32.235/32 type use flow esp out from 10.12.32.236 to 10.12.32.235 peer 10.12.32.235 srcid 10.12.32.236/32 dstid 10.12.32.235/32 type require flow esp in from 2001:db8::1 to 2001:db8::2 peer 2001:db8::1 srcid 2001:db8::2/128 dstid 2001:db8::1/128 type use flow esp out from 2001:db8::2 to 2001:db8::1 peer 2001:db8::1 srcid 2001:db8::2/128 dstid 2001:db8::1/128 type require SAD: esp tunnel from 2001:db8::1 to 2001:db8::2 spi 0x20d8f195 auth hmac-sha2-256 enc aes esp tunnel from 10.12.32.235 to 10.12.32.236 spi 0x6335527f auth hmac-sha2-256 enc aes esp tunnel from 10.12.32.236 to 10.12.32.235 spi 0xa90135ff auth hmac-sha2-256 enc aes esp tunnel from 2001:db8::2 to 2001:db8::1 spi 0xd9956a4e auth hmac-sha2-256 enc aes --- loaded rules: [r...@ipsec-gw:~/pf]# pfctl -vv -s rules | egrep -v 'Evaluations|Inserted' @0 pass log on enc0 all flags S/SA keep state @1 block drop in log on em0 all @2 pass out log on em0 all flags S/SA keep state @3 pass in on em0 inet6 proto tcp from any to fe80::5652:ff:fe3d:e648 port = ssh flags S/SA keep state @4 pass in on em0 inet6 proto tcp from any to 2001:db8::1 port = ssh flags S/SA keep state @5 pass in on em0 inet6 proto ipv6-icmp from any to ff02::/16 keep state @6 pass in on em0 inet proto tcp from any to 10.12.32.235 port = ssh flags S/SA keep state @7 pass in log on em0 inet6 proto udp from any to fe80::5652:ff:fe3d:e648 port = isakmp keep state @8 pass in log on em0 inet6 proto udp from any to 2001:db8::1 port = isakmp keep state @9 pass in log on em0 inet6 proto esp from any to fe80::5652:ff:fe3d:e648 keep state @10 pass in log on em0 inet6 proto esp from any to 2001:db8::1 keep state @11 pass in log on em0 inet proto udp from any to 10.12.32.235 port = isakmp keep state @12 pass in log on em0 inet proto esp from any to 10.12.32.235 keep state === pinging ipv4 (this is working): [r...@ipsec-client:~]# ping -c 1 ipsec-gw PING ipsec-gw (10.12.32.235): 56 data bytes 64 bytes from 10.12.32.235: icmp_seq=0 ttl=255 time=0.950 ms --- ipsec-gw ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.950/0.950/0.950/0.000 ms [r...@ipsec-gw:~]# tcpdump -nlp -i em0 not port ssh tcpdump: listening on em0, link-type EN10MB 16:33:44.585647 esp 10.12.32.236 10.12.32.235 spi 0xA90135FF seq 11 len 132 16:33:44.585955 esp 10.12.32.235 10.12.32.236 spi 0x6335527F seq 11 len 132 [r...@ipsec-gw:~]# tcpdump -nlp -i enc0 not port ssh tcpdump: listening on enc0, link-type ENC 16:33:44.585838 (authentic,confidential): SPI 0xa90135ff: 10.12.32.236 10.12.32.235: icmp: echo request (encap) 16:33:44.585919 (authentic,confidential): SPI 0x6335527f: 10.12.32.235 10.12.32.236: icmp: echo reply (encap) [r...@ipsec-gw:~]# tcpdump -nle -i pflog0 tcpdump: listening on pflog0, link-type PFLOG 16:33:44.585715 rule 12/(match) pass in on em0: esp 10.12.32.236 10.12.32.235 spi
I can't download torrents with ktorrent with a normal user
The thing is: When I am using root i haven't any problems, but if i use a normal user the torrents don't start, and the torrents can't connect with the tracker or the peers. if the configuration of pf is the same in root and with a normal user, why this is happening? I don't understand. Somebody could help me? Thank you very much.
Re: I can't download torrents with ktorrent with a normal user
On 12 April 2009 c. 19:54:18 Juan Jimenez Galdos wrote: The thing is: When I am using root i haven't any problems, but if i use a normal user the torrents don't start, and the torrents can't connect with the tracker or the peers. if the configuration of pf is the same in root and with a normal user, why this is happening? I don't understand. Somebody could help me? Thank you very much. Please, please, please: - dmesg (it's mentioned many times in documentation and on the site that dmesg IS required) - ktorrent packet version - /etc/pf.conf - KTorrent network configuration (particularily local ports specified) - Torrent sites tested - And finally: are you logging in as root, or starting root KTorrent via sudo? -- Best wishes, Vadim Zhukov A: Because it messes up the way people read text. Q: Why is a top-posting such a bad thing?
Re: How to find my USB?
Hi Juan,
OpenBSD does not have a dynamic /dev filesystem, thus only 5 sd(4)
device nodes are created by default.
To create additonal device nodes yourself, it's very simple:
# cd /dev
# ./MAKEDEV sd{5,6}
Hope that helps..
-Brynet
Re: How to find my USB?
Thank you very much! It works.
Serial connection settings on Sun Ultra 1
Hello I'm trying to get Sun Fire V100 working using old ultra 1 machine (obsd4.4/sparc64) as terminal. I'm using tip(1). The problem is connection dies easily with Lost Carrier. [EOT]. Now, I'm bit new to using serial connections so I've only tried tweaking /etc/ttys by changing type from sun to vt100, and comments from local to rtscts to softcar. from dmesg: zs0 at sbus0 slot 15 offset 0x110 vector 28 ipl 12 softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 /etc/ttys: # zs(4)-based ttya/usr/libexec/getty std.9600 vt100 on softcar Any information would help. Thanks! Aapo Lehtinen
Re: I can't download torrents with ktorrent with a normal user
Don't worry, it was the configuration of pf, not the account :). Now it works, thank you very much.
I need to mount in a normal account
Hi. I need two things: I need to use the command mkdir, the command mount and umount, but ONLY THOSE. Somebody could say me what could i write in sudoers? I have searched and i have tried several things but it's a little difficult configure two comands. Thank you very much.
Graphics card, buying advice.
Hello! I'm currently in the process of building a system (i386/amd64) for a research project where we'll primarily use OpenBSD for development. I'd like to run Xorg on this machine, preferably with accelerated 2D and 3D graphics. I've been reading around a bit and noticed that OpenBSD just recently (late 2008?) got support for DRI/DRM. From the article I read over at undeadly, it seemed like only Intel and ATI/AMD chips have DRI/DRM support. I failed to find an up-to-date list over which chips have been gettiing support after this article went live. Does such a list exist somewhere? I was thinking of buying a card based on the ATI R500 chip (X1600XT). Would this be a wise choice? Finding these semi-old cards in retail stores seems to be hard, so I'd probably have more luck on Ebay. Do any of the newer Radeon HD cards have DRI/DRM support?
more information about PF BUG
Hi list, it's about: http://www.openbsd.org/errata45.html#002_pf I'm trying to reproduce this bug, but i would like to get more information about how the kernel panic is produced. so, anyone has more information? http://www.securitytracker.com/alerts/2009/Apr/1022032.html I review the patchs, and I configurate some rules to test the bug, create the icmp packets, but it does not work. -- -- Fernando Quintero http://nonroot.blogspot.com/ *Just a nonroot User*
Re: more information about PF BUG
It is a one line-addition to ping.c. Then you use newly compiled ping like this: ping -D public IP This scenario works for NAT and attacker sitting on the local network. Tested on OpenBSD 4.3 acting as a NAT-box. //maxim On 12 apr 2009, at 22.05, Fernando Quintero wrote: Hi list, it's about: http://www.openbsd.org/errata45.html#002_pf I'm trying to reproduce this bug, but i would like to get more information about how the kernel panic is produced. so, anyone has more information? http://www.securitytracker.com/alerts/2009/Apr/1022032.html I review the patchs, and I configurate some rules to test the bug, create the icmp packets, but it does not work. -- -- Fernando Quintero http://nonroot.blogspot.com/ *Just a nonroot User*
correction to gre(4) man page
SEE ALSO section, entry for Web Cache Coordination Protocol V1.0, link is broken. A suitable replacement is: http://www.ietf.org/proceedings/99jul/I-D/draft-ietf-wrec-web-pro-00.txt /Pete
Request for DVI monitors in the UK
Around two weeks ago Owain (oga@) mailed out a request for some monitors in the UK, so that he could hack better on X. A pair of monitors capable of 1600x1200 resolution with vga and dvi inputs needed for debugging multi-head X11 setups in London, England. Monitors would preferably have the ability to display incoming clock rates (sync frequency, etc). Contact o...@openbsd.org. He has received no offers that I know of. If nothing is offered to him soon, I will buy these for him out of project money... I think it is very important that our X developers have the hardware they need. So that's a last call..
Re: I need to mount in a normal account
On 4/12/09, Juan Jimenez Galdos juangmgald...@gmail.com wrote: Hi. I need two things: I need to use the command mkdir, the command mount and umount, but ONLY THOSE. Somebody could say me what could i write in sudoers? I have searched and i have tried several things but it's a little difficult configure two comands. Thank you very much. man 5 sudoers
Re: correction to gre(4) man page
On Sun, Apr 12, 2009 at 10:40:08PM +0200, Pete Vickers wrote: SEE ALSO section, entry for Web Cache Coordination Protocol V1.0, link is broken. A suitable replacement is: http://www.ietf.org/proceedings/99jul/I-D/draft-ietf-wrec-web-pro-00.txt /Pete that link works fine here. jmc
Re: Serial connection settings on Sun Ultra 1
On 4/12/09, Aapo Lehtinen a...@pokat.org wrote: Hello I'm trying to get Sun Fire V100 working using old ultra 1 machine (obsd4.4/sparc64) as terminal. I'm using tip(1). The problem is connection dies easily with Lost Carrier. [EOT]. Now, I'm bit new to using serial connections so I've only tried tweaking /etc/ttys by changing type from sun to vt100, and comments from local to rtscts to softcar. from dmesg: zs0 at sbus0 slot 15 offset 0x110 vector 28 ipl 12 softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 /etc/ttys: # zs(4)-based ttya/usr/libexec/getty std.9600 vt100 on softcar Any information would help. Thanks! Aapo Lehtinen Hi, Have you tried cu(1): cu -l /dev/ttya -s9600 According to the zs man page their are some bugs that might affect serial consoles: http://www.openbsd.org/cgi-bin/man.cgi?query=zsarch=sparc64#BUGS HTH Fred
Re: spam from chrooted CMSes
On 2009-04-12, Uwe Dippel udip...@uniten.edu.my wrote: chroot is the name, and isolation is the game. it's not all that unusual for PHP hosts to disable mail(); most of the main CMS have some way to send mail without it, and these usually do allow smtp-auth. so you could install pear-Mail and tell people to use that or some alternative then, after a grace period, remove your /var/www/bin/sh thus breaking php's (popen-based) mail() function, forcing people to actually make the change.
Re: I need to mount in a normal account
I repeat: I have searched and i have tried several things but it's a little difficult configure two comands. Please lend me some help. Thank you very much.
Re: I need to mount in a normal account
Nobody will help you if you don't describe thoroughly what was the problem. I have seen a lot of messages from you recently, are you doing your homework? (lurking through the docs) On Mon, Apr 13, 2009 at 01:07:49AM +0200, Juan Jimenez Galdos wrote: I repeat: I have searched and i have tried several things but it's a little difficult configure two comands. Please lend me some help. Thank you very much. -- DISCLAIMER: http://goldmark.org/jeff/stupid-disclaimers/ This message will self-destruct in 3 seconds.
Re: I need to mount in a normal account
On 2009-04-12, Abel Camarillo acam...@the00z.org wrote: Nobody will help you if you don't describe thoroughly what was the problem. I have seen a lot of messages from you recently, are you doing your homework? (lurking through the docs) probably not, looking at the examples in the default sudoers file: # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now On Mon, Apr 13, 2009 at 01:07:49AM +0200, Juan Jimenez Galdos wrote: I repeat: I have searched and i have tried several things but it's a little difficult configure two comands. Please lend me some help. Thank you very much.
Re: Serial connection settings on Sun Ultra 1
Aapo Lehtinen wrote: Hello I'm trying to get Sun Fire V100 working using old ultra 1 machine (obsd4.4/sparc64) as terminal. I'm using tip(1). The problem is connection dies easily with Lost Carrier. [EOT]. Now, I'm bit new to using serial connections so I've only tried tweaking /etc/ttys by changing type from sun to vt100, and comments from local to rtscts to softcar. It is unclear what machine you are changing, but changing /etc/ttys is definitely wrong. Restore them to stock before doing ANYTHING else. All you are doing here is breaking things. You do not need to change any files to get a tip(1) session going with a Sun machine. If you are getting a lost carrier response, you need to look at the machine you are getting that from -- i.e., your terminal machine. What command are you using to try to establish the connection? Nick.
