Re: document the actual meaning of ssh's "command" argument

On Thu, Jun 2, 2016 at 2:06 PM, wrote: > On Thu, Jun 02, 2016 at 08:53:49AM +1000, Darren Tucker wrote: > > > i'm inclined to disagree with this diff, for the following reasons: > > > > - other than the concatenation with spaces, it's not a behaviour of > ssh(1) > > but of

Re: Joining bridge(4) changes broadcast?

I spoke too early; I thought frames were broken but actually it was not. What was happening, according to tcpdump(8), was that frames, both broadcast and unicast, are flooded for some reason, and pppoe(4) fails to receive necessary frames in order. OTOH, assigning IP addresses and pinging between

Re: document the actual meaning of ssh's "command" argument

On Thu, Jun 02, 2016 at 08:53:49AM +1000, Darren Tucker wrote: > > i'm inclined to disagree with this diff, for the following reasons: > > - other than the concatenation with spaces, it's not a behaviour of ssh(1) > but of the server at the other end of the connection, which might use sh -c > or

Re: document the actual meaning of ssh's "command" argument

> The problem is that in its current form, the manual page is lying: both > paragraphs that I modified clearly suggest that you may somehow bypass > the login shell set in /etc/passwd on the remote machine if you specify a > "command" argument, which is ridiculous. > > It's absolutely acceptable

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 01, 2016 at 06:53:10PM +0100, Jason McIntyre wrote: > On Wed, Jun 01, 2016 at 10:04:20AM +0300, pizdel...@gmail.com wrote: > > After reading just the ssh(1) man page and the usage abstract, some poor > > soul may think that the "command" argument to ssh may be either a simple > >

Joining bridge(4) changes broadcast?

I'm playing with PPPoE and it (npppd(8) + oe(4)) works fine with patched pair(4) interfaces, that's good. patch pair0 --- pair1 pppoe npppd To try more wierd things, I added one pair(4), to which npppd(8) was listening on, to a bridge(4). This stops pppoe(4) from working.

Packet loss on traffic flowing between VLANs

Hi. I have a pair of openBSD boxes (5.8) setup as a core/firewall. I have ten VLANs tied to a physical NIC (Intel 82599). This is a new setup and it was just recently put in service. Traffic was fine (or at least we didn't notice any issues) until a large job was run which roughly doubled

Re: document the actual meaning of ssh's "command" argument

Theo de Raadt writes: > The facts are this is unix, and there is a minimum height required to > ride. May I suggest to whoever is responsible for theo.c: this belongs in it.

Re: document the actual meaning of ssh's "command" argument

On Thu, Jun 2, 2016 at 3:53 AM, Jason McIntyre wrote: > > [...] > i'm inclined to disagree with this diff, for the following reasons: > - other than the concatenation with spaces, it's not a behaviour of ssh(1) but of the server at the other end of the connection, which

Re: awesome W^X

> Does that mean it's still basically W|X...but these mappings are accessible > at different addresses so the attacker just needs more information ? Look -- why don't you take up that concern with the upstream software developer. What do you want us to do about it?

Re: awesome W^X

David Coppa [dco...@gmail.com] wrote: > On Wed, Jun 1, 2016 at 3:30 AM, Chris Cappuccio wrote: > > Totally awesome! > > > > awesome(38099): mmap W^X violation > > > > It happens once on startup. Grepping for the obvious stuff doesn't show > > me the issue, perhaps it's a

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 1, 2016 at 4:50 PM, Theo de Raadt wrote: > I don't see how that helps anything. Are you saying that this is not relevant? > The facts are this is unix, and there is a minimum height required to > ride. That's ok up to a point, but I'm not yet understanding

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 01, 2016 at 04:41:44PM -0400, Raul Miller wrote: > On Wed, Jun 1, 2016 at 4:23 PM, Theo de Raadt wrote: > > Sadly, no proposal, and no diff. > > Minimal diff, for the thorough student: > how does adding an Xr to sh(1) help someone using ssh(1)? over and

Re: document the actual meaning of ssh's "command" argument

I don't see how that helps anything. The facts are this is unix, and there is a minimum height required to ride. Ruining the manual pages -- by making everything reference everything -- does not make unix easier to use; I really think it makes it more difficult. > On Wed, Jun 1, 2016 at 4:23

Re: bsd.rd got IP from DHCP, but no network, no sets

> I logined, it got IP from DHCP, but no network. > Same as previously. Something is wrong on the network trunk between you and the DHCP/Gateway. How are you connected to that gateway?

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 01, 2016 at 04:12:39PM -0400, Raul Miller wrote: > On Wed, Jun 1, 2016 at 1:53 PM, Jason McIntyre wrote: > > - i don;t think it's within ssh(1)'s remit to describe how to quote > > commands. > > While I agree with most of your points, I emphatically disagree

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 1, 2016 at 4:23 PM, Theo de Raadt wrote: > Sadly, no proposal, and no diff. Minimal diff, for the thorough student: *** /usr/share/man/man1/ssh.1 Sun Aug 16 08:19:29 2015 --- ssh.1 Tue May 31 16:05:23 2016 *** *** 1566,1571 ---

Re: document the actual meaning of ssh's "command" argument

> On Wed, Jun 1, 2016 at 1:53 PM, Jason McIntyre wrote: > > - i don;t think it's within ssh(1)'s remit to describe how to quote > > commands. > > While I agree with most of your points, I emphatically disagree with > this line of thought. Whoa. > More specifically:

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 1, 2016 at 1:53 PM, Jason McIntyre wrote: > - i don;t think it's within ssh(1)'s remit to describe how to quote > commands. While I agree with most of your points, I emphatically disagree with this line of thought. More specifically: quoting of ssh commands

sendsyslog error 57

Running -current (OpenBSD 6.0-beta (GENERIC.MP) #7: Wed Jun 1 10:21:47 EDT 2016) the following gets logged on every boot: sendsyslog: dropped 3 messages, error 57 Chris

Re: document the actual meaning of ssh's "command" argument

On Wed, Jun 01, 2016 at 10:04:20AM +0300, pizdel...@gmail.com wrote: > After reading just the ssh(1) man page and the usage abstract, some poor > soul may think that the "command" argument to ssh may be either a simple > command or executable path that will be directly passed to execvp(). > >

Re: hidden services stopped working

I have several i210s on Supermicro motherboards and now APU2, and I haven't seen these issues. I wonder if your problem is related to a combination of features? Have you tried to isolate what process or kernel feature makes this behaviour occur? Juuso Lapinlampi [w...@partyvan.eu] wrote: > This

Re: moving postgresql files to seperate mount

On Wed, June 1, 2016 3:45 am, Markus Rosjat wrote: > Hi there, > > just need some kind of acknowledgement for my workflow :) > > a naive approach would be: > > - extend the virtual disk > - create a partition /var/postgresql (thats the folder under var right > now) > - move the files to the

Re: bsd.rd got IP from DHCP, but no network, no sets

Upgraded to May 27 snapshot, not helped. I tried this: boot -c disable acpi exit and the /bsd booted successfully! I logined, it got IP from DHCP, but no network. Same as previously. # netstat -n -I dc0 NameMtu Network Address Ipkts IerrOpkts Oerrs Colls dc0

Re: ntpd tries to connect via ipv6

On 31 May 2016, Lyndon Nerenberg wrote: > > On May 31, 2016, at 3:58 PM, Ted Unangst > > wrote: > > > > If we're talking about timeframes long enough for network > > connectivity to come and go, that's long enough for IP addresses to > > come and go as

Re: moving postgresql files to seperate mount

Den 2016-06-01 kl. 09:45, skrev Markus Rosjat: Hi there, just need some kind of acknowledgement for my workflow :) a naive approach would be: - extend the virtual disk - create a partition /var/postgresql (thats the folder under var right now) - move the files to the new partition -

Re: synproxy state timeout

On 24/05/16 14:56, Kapetanakis Giannis wrote: Hi, I have a couple of questions regarding the timeout of PROXY:SRC states in a syn-flood DOS scenario (+spoofing). My need is for quick state deletion of invalid connections on the firewall/router (not on the server). I've noticed that only

Re: minor fix in faq4.html

On Wed, Jun 01, 2016 at 11:50:49AM +0200, Alex Greif wrote: > just found this one. > fixed, thanks > thanks, Alex. > > > Index: faq/faq4.html > === > RCS file: /cvs/www/faq/faq4.html,v > retrieving revision 1.460 > diff -u -p -u

minor fix in faq4.html

just found this one. thanks, Alex. Index: faq/faq4.html === RCS file: /cvs/www/faq/faq4.html,v retrieving revision 1.460 diff -u -p -u -r1.460 faq4.html --- faq/faq4.html 27 Apr 2016 22:53:06 - 1.460 +++

Re: SPF Examples

On 06/01/2016 07:52 AM, Craig Skinner wrote: On 2016-06-01 Wed 09:34 AM |, Indunil Jayasooriya wrote: what does the below record mean? example.com.INTXT"v=spf1 mx a -all" http://www.OpenSPF.Org/SPF_Record_Syntax#a All the A records for domain are tested. If the client IP is

moving postgresql files to seperate mount

Hi there, just need some kind of acknowledgement for my workflow :) a naive approach would be: - extend the virtual disk - create a partition /var/postgresql (thats the folder under var right now) - move the files to the new partition - hope it works :-P So hope someone with experience

document the actual meaning of ssh's "command" argument

After reading just the ssh(1) man page and the usage abstract, some poor soul may think that the "command" argument to ssh may be either a simple command or executable path that will be directly passed to execvp(). Even if he doesn't depend on any extra arguments being either used or ignored, he

Re: awesome W^X

On Wed, Jun 1, 2016 at 3:30 AM, Chris Cappuccio wrote: > Totally awesome! > > awesome(38099): mmap W^X violation > > It happens once on startup. Grepping for the obvious stuff doesn't show > me the issue, perhaps it's a library. There is no obvious ill effect from > the mmap