Re: Cron logs in /var/cron/log instead of /var/log/cron?
> > That's the kind of comment that leads me to take bug reports less > > seriously in the future... diagnostic logs which would have solved > > the problem, will have been lost INTENTIONALLY. And then we get > > asked for help? Crazy. > > > > Thank you for that information; The impression I got about softdep was > that it guarantees file system integrity so fsck is not needed. "file system integrity" refers to the directory-tree heirarchy. Not the contents of files. When softdep is in use, blocks go to the disk slower. Therefore if you crash, you have less context. Doing this with important log files is entirely backwards.
Re: Cron logs in /var/cron/log instead of /var/log/cron?
On Sun, 02 Oct 2016 22:45:00 -0600 "Theo de Raadt"wrote: > > Why is it in /var/cron/log and not /var/log/cron by default? To me > > it makes more sense to have it all in /var/log/, but given it has > > been the default for several years, is there a reason (other than > > historic) that the default is like that? > > That dates back to more than 20 years actually. > > Back in the CSRG days, a lot of new daemon imports got their own /var > directories for reasons we can only guess at. So it appears this is merely historic then. > > > Is there any harm or issue with setting the log location > > of cron logs to /var/log/cron instead, or is it best to leave it > > in /var/cron/log? > > You can do whatever you want. > > Before we talk about changing this, we must know what the downsides > are. Indeed; I was wondering whether there are any issues/downsides with changing this. I have changed this for the last 5 years without any adverse effects on my end, but I only have done this on about 8 different machines, with different purposes. > > > I am interested to know as I keep /var/log in a separate UFS > > partition mounted with rw,softdep,noatime,nodev,noexec,nosuid to > > store all the syslog logs, and /var/cron/log is the odd one out > > here. > > With softdep??? That is completely insane. So clearly you don't > actually care to have the contents of logs after a crash -- since > softdep is quite likely to lose data buffers during circumstances like > memory pressure, etc etc. > > That's the kind of comment that leads me to take bug reports less > seriously in the future... diagnostic logs which would have solved > the problem, will have been lost INTENTIONALLY. And then we get > asked for help? Crazy. > Thank you for that information; The impression I got about softdep was that it guarantees file system integrity so fsck is not needed. I have softdep enabled on all the partitions as per this: https://www.openbsd.org/faq/faq14.html#SoftUpdates I guess it is time for me to evaluate my setup again.
Re: Cron logs in /var/cron/log instead of /var/log/cron?
> Why is it in /var/cron/log and not /var/log/cron by default? To me it > makes more sense to have it all in /var/log/, but given it has been the > default for several years, is there a reason (other than historic) that > the default is like that? That dates back to more than 20 years actually. Back in the CSRG days, a lot of new daemon imports got their own /var directories for reasons we can only guess at. > Is there any harm or issue with setting the log location > of cron logs to /var/log/cron instead, or is it best to leave it > in /var/cron/log? You can do whatever you want. Before we talk about changing this, we must know what the downsides are. > I am interested to know as I keep /var/log in a separate UFS partition > mounted with rw,softdep,noatime,nodev,noexec,nosuid to store all the > syslog logs, and /var/cron/log is the odd one out here. With softdep??? That is completely insane. So clearly you don't actually care to have the contents of logs after a crash -- since softdep is quite likely to lose data buffers during circumstances like memory pressure, etc etc. That's the kind of comment that leads me to take bug reports less seriously in the future... diagnostic logs which would have solved the problem, will have been lost INTENTIONALLY. And then we get asked for help? Crazy.
Cron logs in /var/cron/log instead of /var/log/cron?
I have noticed for the last 5 years of OpenBSD usage that the cron log location is /var/cron/log, instead of /var/log/cron: # $OpenBSD: syslog.conf,v 1.19 2015/11/26 15:25:14 deraadt Exp $ # *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log ... Why is it in /var/cron/log and not /var/log/cron by default? To me it makes more sense to have it all in /var/log/, but given it has been the default for several years, is there a reason (other than historic) that the default is like that? Is there any harm or issue with setting the log location of cron logs to /var/log/cron instead, or is it best to leave it in /var/cron/log? I am interested to know as I keep /var/log in a separate UFS partition mounted with rw,softdep,noatime,nodev,noexec,nosuid to store all the syslog logs, and /var/cron/log is the odd one out here.
Fix paxtest output on OpenBSD 6.0?
Fix paxtest output on OpenBSD 6.0? Hallo :) Also I included a few other OS. Mirror for the post is here: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a RHEL 7.2 / T450. When I used 'paxtest-0.9.15' on OpenBSD, had to ADD two lines: $ grep -n 'randarg1: randbody.o randarg1.o' Makefile.OpenBSD 157:randarg1: randbody.o randarg1.o $ grep -n 'randarg2: randbody.o randarg2.o' Makefile.OpenBSD 159:randarg2: randbody.o randarg2.o $ or else compile would fail, thx for the hint from Pinter Oliver! On FreeBSD/HBSD I had to use paxtest-0.9.14-freebsd.tar compiled on FBSD9 from https://github.com/HardenedBSD/tools/blob/master/tests/paxtest-freebsd/paxtest-0.9.14-freebsd.tgz If anyone has outputs for NetBSD and DragonFlyBSD, please post. Always used blackhat mode. ## SUM (copy it to a simple editor, ex.: gedit, then from there to LibreOffice Calc): ### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mappingKilled debian-8.6.0-amd64-CD-1.txt Executable anonymous mappingKilled Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mappingKilled Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable anonymous mapping Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping Killed install60.txt Executable anonymous mappingKilled linuxmint-18-cinnamon-64bit.txt Executable anonymous mappingKilled openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mappingKilled SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable anonymous mapping Killed ubuntu-16.04.1-desktop-amd64.txtExecutable anonymous mappingKilled ubuntu-16.04.1-server-amd64.txt Executable anonymous mappingKilled ### CentOS-7-x86_64-Everything-1511.txt Executable bss Killed debian-8.6.0-amd64-CD-1.txt Executable bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss Killed install60.txt Executable bss Killed linuxmint-18-cinnamon-64bit.txt Executable bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable bss Killed ubuntu-16.04.1-desktop-amd64.txtExecutable bss Killed ubuntu-16.04.1-server-amd64.txt Executable bss Killed ### CentOS-7-x86_64-Everything-1511.txt Executable data Killed debian-8.6.0-amd64-CD-1.txt Executable data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable data Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable data Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable data Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable data Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable data Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable data Killed install60.txt Executable data Killed linuxmint-18-cinnamon-64bit.txt Executable data Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable data Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable data Killed ubuntu-16.04.1-desktop-amd64.txtExecutable data Killed ubuntu-16.04.1-server-amd64.txt Executable data Killed ### CentOS-7-x86_64-Everything-1511.txt Executable heap Killed debian-8.6.0-amd64-CD-1.txt Executable heap Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable heap Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable heap Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable heap Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable heap Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable heap Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable heap Killed install60.txt Executable heap Killed linuxmint-18-cinnamon-64bit.txt Executable heap Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable heap Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable heap Killed ubuntu-16.04.1-desktop-amd64.txtExecutable heap Killed
Re: signify: write to stdout: Broken pipe
Hi, with some help from Alex Greif offlist helping me reproducing the issue, I decided to reinstall the system using a different mirror and different approaches. After lot of trying I found that I am running into the issue as soon as I install either quodlibet or keepassx on my system. Removing those packages and restarting X fixes the error messages. So, the combination of jwm, messagebus (with the dbus-session configured in my xinitrc) and either quodlibet or keepassx shows the problem for me. I have reproduced this now at least 3 times. I don't know what to make of this but I would put this issue into the packages area. So it probably makes more sense to move this to ports@. Since I am oviously not a developer I have no idea how to properly debug this. My trial and error method doesn't get me anywhere closer to the real issue. Maybe the issue will disappear with later package builds and updates. Sorry I cannot be of better help. Lars
Re: OpenBSD 6.0 bsd.rd doesn't boot on soekris net4801 [solved, but ...]
Am 02.10.2016 um 21:24 schrieb Paul Suh: >> On Oct 2, 2016, at 3:06 PM, Peer Janssenwrote: >> >> Now I reinstalled on another CF-Disk (4GB Transcend) with another method >> (miniboot.fs), this went through and first-rebooted just fine. >> >> But now halting the machine produces a panic: > I suspect that part of the problem with your 4801 is just old age. I'm phasing > out the four units that I own, since they're all becoming unreliable with > inexplicable and unrepeatable crashes, freezes, and panics. Some of the > problem can be traced to bad power supplies, but overall a big part is just > plain old age. Any 4801 must be at least ten to twelve years old (date of > manufacture, not date of sale). I think by now enough of the capacitors have > gone bad or are on the way to going bad that they're dying. :-( > > Also, for my use they don't have enough CPU power to run IPSec tunnels at full > WAN speed so I need new hardware anyway. > > Hope this helps. This surely is interesting background information. Only, the installed system also showed a panic when I put that same CF-Disk in an alix board (the one I talked in my message with this "[misc] tfdpd doesn't deliver pxeboot file" title). It booted just fine, but also panicked on halt. So there might be more to it. Of course, these systems probably are rarely halted anyway. But still, who knows what else is hiding behind such a panic. Peer -- Peer Janssen - p...@pjk.de
Re: OpenBSD 6.0 bsd.rd doesn't boot on soekris net4801 [solved, but ...]
> On Oct 2, 2016, at 3:06 PM, Peer Janssenwrote: > > Now I reinstalled on another CF-Disk (4GB Transcend) with another method > (miniboot.fs), this went through and first-rebooted just fine. > > But now halting the machine produces a panic: Peer, I suspect that part of the problem with your 4801 is just old age. I'm phasing out the four units that I own, since they're all becoming unreliable with inexplicable and unrepeatable crashes, freezes, and panics. Some of the problem can be traced to bad power supplies, but overall a big part is just plain old age. Any 4801 must be at least ten to twelve years old (date of manufacture, not date of sale). I think by now enough of the capacitors have gone bad or are on the way to going bad that they're dying. :-( Also, for my use they don't have enough CPU power to run IPSec tunnels at full WAN speed so I need new hardware anyway. Hope this helps. --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: OpenBSD 6.0 bsd.rd doesn't boot on soekris net4801
On 10/02/16 11:53, Peer Janssen wrote: > Goal: Upgrade a working soekris net4801 from OpenBSD 4.6 to 6.0. good. > First I copied the complete 256 MB SiliconDrive CF-Disk to a newer > SanDisk 8 GB Ultra one and rebootet, which worked smoothly and fine. well, probably don't want to use that 256MB CF now, but ... > I took the bsd.rd from an OpenBSD 6.0 i386 machine: > > # ls -l /bsd.rd > -rw-r--r-- 1 root wheel 7173390 Sep 20 19:17 /bsd.rd > # md5 /bsd.rd > MD5 (/bsd.rd) = 191559b8c5907ca34c144462366b021a > # dmesg > OpenBSD 6.0 (GENERIC) #1917: Tue Jul 26 12:48:33 MDT 2016 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC note: this is NOT bsd.rd > cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" > 586-class) 499 MHz > cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW > > [snip] > > put it in / of a working soekris net4801 with OpenBSD 4.6 in order to > jump-upgrade the system, but it doesn't boot the 6.0 bsd.rd install image: bzzzt. you put the newer (install) KERNEL in with the very old boot loader (/boot). One of the things that changed was the serial console support. Since you are changing your media and doing a wipe and reload, just use the miniroot60.fs to overwrite the beginning of your 8G CF, and boot that. (or netboot, or any of the other ways to bring up such a system) Nick.
Re: OpenBSD 6.0 bsd.rd doesn't boot on soekris net4801 [solved, but ...]
Now I reinstalled on another CF-Disk (4GB Transcend) with another method (miniboot.fs), this went through and first-rebooted just fine. But now halting the machine produces a panic: # halt -q -p syncing disks... panic: init died (signal 11, exit 0) Stopped at Debugger+0x7: leave TIDPIDUID PRFLAGS PFLAGS CPU COMMAND *1 1 0 0x802 0x20000 init Debugger(d09ee194,f35e5e08,d09c5b88,f35e5e08,cf7c0004) at Debugger+0x7 panic(d09c5b88,b,0,0,2) at panic+0x71 exit1(d5774000,b,1,0,d576b210,0,6cfd49fd,d5772000) at exit1+0x548 sigexit(d5774000,b,0,0,0) at sigexit+0x76 trapsignal(d5774000,b,1,1,17b50e00) at trapsignal+0xe2 trap() at trap+0x71f --- trap (number 23636) --- 0xcf7c0004: http://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> trace Debugger(d09ee194,f35e5e08,d09c5b88,f35e5e08,cf7c0004) at Debugger+0x7 panic(d09c5b88,b,0,0,2) at panic+0x71 exit1(d5774000,b,1,0,d576b210,0,6cfd49fd,d5772000) at exit1+0x548 sigexit(d5774000,b,0,0,0) at sigexit+0x76 trapsignal(d5774000,b,1,1,17b50e00) at trapsignal+0xe2 trap() at trap+0x71f --- trap (number 23636) --- 0xcf7c0004: ddb> ps TID PPID PGRPUID S FLAGS WAIT COMMAND 55507 85598 55507 0 2 0x3halt 85598 1 85598 0 30x10008b pause ksh 92661 1 92661 0 30x100098 poll cron 57250 1 57250 99 30x100090 poll sndiod 63400 1 63400110 30x100090 poll sndiod 65906 81999 81999 95 30x100092 kqreadsmtpd 72831 81999 81999103 30x100092 kqreadsmtpd 10633 81999 81999 95 30x100092 kqreadsmtpd 97068 81999 81999 95 30x100092 kqreadsmtpd 81499 81999 81999 95 30x100092 kqreadsmtpd 57906 81999 81999 95 30x100092 kqreadsmtpd 81999 1 81999 0 30x100080 kqreadsmtpd 7482 89821 89821 74 30x100090 bpf pflogd 89821 1 89821 0 30x80 netio pflogd 93705 43872 43872 73 30x100090 kqreadsyslogd 43872 1 43872 0 30x100080 netio syslogd 9456 1 9456 77 30x100090 poll dhclient 86556 1 86556 0 30x80 poll dhclient 88578 0 0 0 2 0x14200zerothread 85136 0 0 0 3 0x14200 aiodoned aiodoned 9148 0 0 0 3 0x14200 syncerupdate 37019 0 0 0 3 0x14200 cleaner cleaner 79443 0 0 0 3 0x14200 reaperreaper 69499 0 0 0 3 0x14200 pgdaemon pagedaemon 42714 0 0 0 3 0x14200 bored crynlk 51880 0 0 0 3 0x14200 bored crypto 69072 0 0 0 3 0x14200 pftm pfpurge 79050 0 0 0 3 0x14200 usbtskusbtask 15996 0 0 0 3 0x14200 usbatsk usbatsk 42597 0 0 0 2 0x14200softnet 40363 0 0 0 3 0x14200 bored systqmp 89410 0 0 0 3 0x14200 bored systq 29073 0 0 0 3 0x40014200idle0 69980 0 0 0 3 0x14200 kmalloc kmthread *1 0 1 0 7 0x2802init 0 -1 0 0 3 0x10200 scheduler swapper ddb> show uvm Current UVM status: pagesize=4096 (0x1000), pagemask=0xfff, pageshift=12 61273 VM pages: 2530 active, 0 inactive, 0 wired, 55999 free (5913 zero) min 10% (25) anon, 10% (25) vnode, 5% (12) vtext pages 0 anon, 0 vnode, 0 vtext freemin=2042, free-target=2722, inactive-target=0, wired-max=20424 faults=73549, traps=74028, intrs=146205, ctxswitch=22830 fpuswitch=76 softint=61989, syscalls=134503, kmapent=16 fault counts: noram=0, noanon=0, noamap=0, pgwait=0, pgrele=0 ok relocks(total)=3723(3723), anget(retries)=35383(0), amapcopy=35109 neighbor anon/obj pg=2026/33638, gets(lock/unlock)=14623/3732 cases: anon=28842, anoncow=6541, obj=13191, prcopy=1423, przero=23543 daemon and swap counts: woke=0, revs=0, scans=0, obscans=0, anscans=0 busy=0, freed=0, reactivate=0, deactivate=0 pageouts=0, pending=0, nswget=0 nswapdev=1, nanon=0, nanonneeded=0 nfreeanon=0 swpages=65535, swpginuse=0, swpgonly=0 paging=0 kernel pointers: objs(kern)=0xd0b89580 ddb> show bcstats Current Buffer Cache status: numbufs 30 busymapped 1, delwri 0 kvaslots 765 avail kva slots 764 bufpages 114, dirtypages 0 pendingreads 0, pendingwrites 0 ddb> mount No such command ddb> show panic init died (signal 11, exit 0) ddb> I could not reproduce this after a reboot (taking 2:17, of which 52 s are
Re: OpenBSD 6.0 bsd.rd doesn't boot on soekris net4801
On 2016-10-02 16:54, Peer Janssen wrote: Goal: Upgrade a working soekris net4801 from OpenBSD 4.6 to 6.0. First I copied the complete 256 MB SiliconDrive CF-Disk to a newer SanDisk 8 GB Ultra one and rebootet, which worked smoothly and fine. [...] Is a system like the soekris net4801 not supported any more? Or is there something I can do to install the new version on it? I upgraded the same machine to 6.0 today, and didn't see any problem. So I suspect your hardware (either the CF-Disk or the board itself) is defective. Hope that helps. Cheers, -- Étienne
Re: Unexpected behavior in su/doas
On 2016-10-02 18:14, Chris Bennett wrote: On Sun, Oct 02, 2016 at 01:03:28AM -0700, Philip Guenther wrote: On Sun, Oct 2, 2016 at 12:35 AM, Otto Moerbeekwrote: > On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > >> On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: >> > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to >> > remain the same. >> > >> > De-escalation using these "sudo" or "doas" like tools on a tty is >> > somewhat unsafe - it has always been unsafe - because tty's have >> > capabilities. >> > >> > If you wish to be safer, do these operations without retaining access >> > to a tty. >> > >> > Escalation on the other hand (user -> root) is different, because then >> > it is clear you want to do more / everything. But de-escalation is a >> > joke. >> > >> > This is just one mechanism on tty, there are others. On other >> > descriptors there are other abilities. >> > >> >> Would you mind explaining this a little bit. I don't really mean the >> sudo/doas part. >> >> How to do operations without retaining access to a tty? >> >> What other descriptors? > > Well, a lot of things are possible using descriptors. Descriptors can > refer to files, devices, sockets to name a few. So if you have an open > descriptor to any of them... ...and it's not just actual file descriptors that provide privileged access: even if a process closes all fds for its controlling tty, it remains the process's controlling tty and can still be reopened via /dev/tty. Similarly, simply being in the same session gives a process additional rights that it wouldn't have otherwise, such as being able to use tcsetpgrp() and see your login name via getlogin()... So fork, as used in daemon does mitigate this, as long as used correctly? Or does the same/other problems continue? Chris Bennett Doing "su" or "chroot" (symmetric with respect to this risk) is sometimes very convenient, as it can be done without external configuration as would be needed for ssh. Would it be possible to cut the risk (file descriptors) while still outputting to the same terminal, ssh without ssh?
Re: Unexpected behavior in su/doas
On Sun, Oct 02, 2016 at 01:03:28AM -0700, Philip Guenther wrote: > On Sun, Oct 2, 2016 at 12:35 AM, Otto Moerbeekwrote: > > On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > > > >> On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: > >> > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to > >> > remain the same. > >> > > >> > De-escalation using these "sudo" or "doas" like tools on a tty is > >> > somewhat unsafe - it has always been unsafe - because tty's have > >> > capabilities. > >> > > >> > If you wish to be safer, do these operations without retaining access > >> > to a tty. > >> > > >> > Escalation on the other hand (user -> root) is different, because then > >> > it is clear you want to do more / everything. But de-escalation is a > >> > joke. > >> > > >> > This is just one mechanism on tty, there are others. On other > >> > descriptors there are other abilities. > >> > > >> > >> Would you mind explaining this a little bit. I don't really mean the > >> sudo/doas part. > >> > >> How to do operations without retaining access to a tty? > >> > >> What other descriptors? > > > > Well, a lot of things are possible using descriptors. Descriptors can > > refer to files, devices, sockets to name a few. So if you have an open > > descriptor to any of them... > > ...and it's not just actual file descriptors that provide privileged > access: even if a process closes all fds for its controlling tty, it > remains the process's controlling tty and can still be reopened via > /dev/tty. Similarly, simply being in the same session gives a process > additional rights that it wouldn't have otherwise, such as being able > to use tcsetpgrp() and see your login name via getlogin()... > So fork, as used in daemon does mitigate this, as long as used correctly? Or does the same/other problems continue? Chris Bennett
OpenBSD 6.0 bsd.rd doesn't boot on soekris net4801
Goal: Upgrade a working soekris net4801 from OpenBSD 4.6 to 6.0. First I copied the complete 256 MB SiliconDrive CF-Disk to a newer SanDisk 8 GB Ultra one and rebootet, which worked smoothly and fine. I took the bsd.rd from an OpenBSD 6.0 i386 machine: # ls -l /bsd.rd -rw-r--r-- 1 root wheel 7173390 Sep 20 19:17 /bsd.rd # md5 /bsd.rd MD5 (/bsd.rd) = 191559b8c5907ca34c144462366b021a # dmesg OpenBSD 6.0 (GENERIC) #1917: Tue Jul 26 12:48:33 MDT 2016 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW [snip] put it in / of a working soekris net4801 with OpenBSD 4.6 in order to jump-upgrade the system, but it doesn't boot the 6.0 bsd.rd install image: $ cu -l /dev/ttyS0 -s 19200 Connected. 1 Using drive 0, partition 3. Loading... probing: pc0 com0 com1 pci mem[639K 255M a20=on] disk: hd0+ >> OpenBSD/i386 BOOT 3.02 switching console to com0 >> OpenBSD/i386 BOOT 3.02 boot> stty com0 19200 com0: 19200 baud boot> set tty com0 switching console to com0 >> OpenBSD/i386 BOOT 3.02 boot> boot bsd.rd booting hd0a:bsd.rd: 3211188+1318224+2061312+0+442368 [72+298576+282894]=0x744144 entry point at 0x2000d4 cu: Got hangup signal Disconnected. ==> So here is where it brakes. Immediate reconnect: $ cu -l /dev/ttyS0 -s 19200 Connected. [snip: more empty lines] ==> it goes into a reboot like this: comBIOS ver. 1.28 20050529 Copyright (C) 2000-2005 Soekris Engineering. net4801 0256 Mbyte MemoryCPU Geode 266 Mhz Pri Mas SDCFHS-008G LBA Xlt 974-255-63 7831 Mbyte Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1Base2 Int --- 0:00:0 1078 0001 0600 0107 0280 00 00 00 0:06:0 100B 0020 0200 0107 0290 00 3F 00 E101 A000 10 0:07:0 100B 0020 0200 0107 0290 00 3F 00 E201 A0001000 10 0:08:0 100B 0020 0200 0107 0290 00 3F 00 E301 A0002000 10 0:10:0 104C AC23 06040002 0107 0210 08 3F 01 0:18:2 100B 0502 01018001 0005 0280 00 00 00 0:19:0 0E11 A0F8 0C031008 0117 0280 08 38 00 A0003000 11 1:00:0 100B 0020 0200 0107 0290 00 3F 00 D001 A400 05 1:01:0 100B 0020 0200 0107 0290 00 3F 00 D101 A4001000 11 1:02:0 100B 0020 0200 0107 0290 00 3F 00 D201 A4002000 05 1:03:0 100B 0020 0200 0107 0290 00 3F 00 D301 A4003000 11 1 Seconds to automatic boot. Press Ctrl-P for entering Monitor. comBIOS Monitor. Press ? for help. [snip] ==> For comparison and giving machine details, booting into the working OpenBSD 4.6: > boot Using drive 0, partition 3. Loading... probing: pc0 com0 com1 pci mem[639K 255M a20=on] disk: hd0+ >> OpenBSD/i386 BOOT 3.02 switching console to com0 >> OpenBSD/i386 BOOT 3.02 boot> booting hd0a:/bsd: 6563548+1052072 [52+345584+327881]=0x7e7ce8 entry point at 0x200120 [ using 673892 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2009 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX real mem = 268005376 (255MB) avail mem = 250331136 (238MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0: (uniprocessor) cpu0: TSC disabled pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00 sis0 at pci0 dev 6 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c6:20:c4 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c6:20:c5 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 10, address 00:00:24:c6:20:c6 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 ppb0 at pci0 dev 10 function 0 "TI PCI2250 PCI-PCI" rev 0x02 pci1 at ppb0 bus 1 sis3 at pci1 dev 0 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 5, address 00:00:24:c4:fa:30 nsphyter3 at sis3 phy 0: DP83815 10/100 PHY, rev. 1 sis4 at pci1 dev 1 function 0 "NS DP83815 10/100" rev 0x00, DP83816A: irq 11, address 00:00:24:c4:fa:31 nsphyter4 at sis4 phy 0: DP83815 10/100 PHY, rev. 1 sis5 at pci1 dev 2 function 0 "NS
HP MediaSmart 470 only recognizes 2 drives
Iâve been running OpenBSD on an old HP MediaSmart 470 box. I just installed 5.9 yesterday. The BIOS reports 3 installed drives: IDE Channel 2 Master : ST31500541AS CC34 (OpenBSD disklabel) IDE Channel 2 Slave : WDC WD20EFRX-68EUZN0 82.00A82 (new, unformatted) IDE Channel 3 Master : ST3500630AS 3.CHN (OpenBSD disklabel) IDE Channel 3 Slave : None These are all SATA drives that report LBA, ATA. (The Serial ATA controller mode is set to â4P(IDE)+4S(IDE)â in the BIOS.) The boot sequence shows: disk: hd0+ hd1+* hd2 hd3* System works fine with the 2 drives it recognizes. The Channel 2 and Channel 3 âMasterâ drives. The âSlaveâ drive is not recognized. Also, not sure I understand the âdisk:â line above. The missing âSlaveâ drives are nothing new. I had the same problem with prior versions of OpenBSD. Iâd never spent much time on the problem since the two drives still gave me a perfectly functional system. Iâve now spent some time on it and I canât find a way to get more than 2 drives recognized. Am I missing something basic? Or do the vintage (c. 2008) hardware and drivers prevent this? dmesg below: OpenBSD 5.9 (GENERIC) #1761: Fri Feb 26 01:15:04 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2097086464 (1999MB) avail mem = 2029428736 (1935MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.2 @ 0xf (29 entries) bios0: vendor Phoenix Technologies, LTD version "R02" date 07/13/2007 bios0: HP MediaSmart Server acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP BOOT SSDT MCFG APIC acpi0: wakeup devices USB0(S5) USB1(S5) USB2(S5) USB3(S5) MAC0(S5) AMR0(S4) HDA0(S5) PS2M(S5) PS2K(S4) PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Sempron(tm) Processor 3400+, 6840.53 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,EAPICSP,A MCR8 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!), PSS acpitz0 at acpi0: critical temperature is 100 degC acpibtn0 at acpi0: PWRB cpu0: PowerNow! K8 6840 MHz: speeds: 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "SiS 761 PCI" rev 0x02 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 "SiS 86C202 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "SiS 6330 VGA" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 "SiS 966 ISA" rev 0x59 ohci0 at pci0 dev 3 function 0 "SiS 5597/5598 USB" rev 0x0f: apic 1 int 20, version 1.0, legacy support ohci1 at pci0 dev 3 function 1 "SiS 5597/5598 USB" rev 0x0f: apic 1 int 21, version 1.0, legacy support ehci0 at pci0 dev 3 function 3 "SiS 7002 USB" rev 0x00: apic 1 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "SiS EHCI root hub" rev 2.00/1.00 addr 1 se0 at pci0 dev 4 function 0 "SiS 191" rev 0x01: apic 1 int 19, address 00:0a:e4:87:96:73 atphy0 at se0 phy 0: F1 10/100/1000 PHY, rev. 6 pciide0 at pci0 dev 5 function 0 "SiS 1183 SATA" rev 0x02: DMA pciide0: using apic 1 int 17 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 1430799MB, 2930277168 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 wd1 at pciide0 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 476940MB, 976773168 sectors wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 pchb1 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00 pchb2 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00 pchb3 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00 kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev DH-F2 ppb1 at pci0 dev 31 function 0 "SiS PCI-PCI" rev 0x00: apic 1 int 16 pci2 at ppb1 bus 2 pciide1 at pci2 dev 0 function 0 "Marvell 88SE6121 SATA" rev 0xb2: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 1 int 16 for native-PCI interrupt pciide1: channel 0 ignored (not responding; disabled or no drives?) pciide1: channel 1 ignored (not responding; disabled or no drives?) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot)
Fix paxtest output on OpenBSD 6.0?
Hallo :) Also I included a few other OS. Mirror for the post: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a RHEL 7.2 / T450. When I used 'paxtest-0.9.15' on OpenBSD, had to ADD two lines: $ grep -n 'randarg1: randbody.o randarg1.o' Makefile.OpenBSD 157:randarg1: randbody.o randarg1.o $ grep -n 'randarg2: randbody.o randarg2.o' Makefile.OpenBSD 159:randarg2: randbody.o randarg2.o $ or else compile would fail, thx for the hint from Pinter Oliver! On FreeBSD/HBSD I had to use paxtest-0.9.14-freebsd.tar compiled on FBSD9 from https://github.com/HardenedBSD/tools/blob/master/tests/paxtest-freebsd/paxtest-0.9.14-freebsd.tgz If anyone has outputs for NetBSD and DragonFlyBSD, please post. Always used blackhat mode. ## SUM (copy it to a simple editor, ex.: gedit, then from there to LibreOffice Calc): ### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mappingKilled debian-8.6.0-amd64-CD-1.txt Executable anonymous mappingKilled Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mappingKilled Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable anonymous mapping Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping Killed install60.txt Executable anonymous mappingKilled linuxmint-18-cinnamon-64bit.txt Executable anonymous mappingKilled openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mappingKilled SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable anonymous mapping Killed ubuntu-16.04.1-desktop-amd64.txtExecutable anonymous mappingKilled ubuntu-16.04.1-server-amd64.txt Executable anonymous mappingKilled ### CentOS-7-x86_64-Everything-1511.txt Executable bss Killed debian-8.6.0-amd64-CD-1.txt Executable bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss Killed install60.txt Executable bss Killed linuxmint-18-cinnamon-64bit.txt Executable bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable bss Killed ubuntu-16.04.1-desktop-amd64.txtExecutable bss Killed ubuntu-16.04.1-server-amd64.txt Executable bss Killed ### CentOS-7-x86_64-Everything-1511.txt Executable data Killed debian-8.6.0-amd64-CD-1.txt Executable data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable data Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable data Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable data Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable data Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable data Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable data Killed install60.txt Executable data Killed linuxmint-18-cinnamon-64bit.txt Executable data Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable data Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable data Killed ubuntu-16.04.1-desktop-amd64.txtExecutable data Killed ubuntu-16.04.1-server-amd64.txt Executable data Killed ### CentOS-7-x86_64-Everything-1511.txt Executable heap Killed debian-8.6.0-amd64-CD-1.txt Executable heap Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable heap Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable heap Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable heap Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable heap Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable heap Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable heap Killed install60.txt Executable heap Killed linuxmint-18-cinnamon-64bit.txt Executable heap Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable heap Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable heap Killed ubuntu-16.04.1-desktop-amd64.txtExecutable heap Killed ubuntu-16.04.1-server-amd64.txt Executable heap Killed
Re: getopt(3) in echo(1)
On September 30, 2016 5:16:57 PM GMT+02:00, Otto Moerbeekwrote: >On Fri, Sep 30, 2016 at 04:47:33PM +0200, Paul de Weerd wrote: > >> On Fri, Sep 30, 2016 at 04:40:16PM +0200, Jan Stary wrote: >> | echo.c says >> | >> |/* This utility may NOT do getopt(3) option parsing. */ >> | >> | Why is that, for echo(1) specifically? >> | Other binaries in /bin seem to use getopt(3) freely. >> >> Because echo should echo all arguments, including those that would >> otherwise be parsed by getopt(3), except for '-n'. > >To be more specific: -- > >See also http://pubs.opengroup.org/onlinepubs/9699919799/ Direct link to the pretty useless "definition", leaving lots of room for various implementations, all fulfilling the specs. http://pubs.opengroup.org/onlinepubs/9699919799/utilities/echo.html /Alexander > > -Otto
Re: signify: write to stdout: Broken pipe
Hi Alex, On Sun, 2 Oct 2016 15:47:36 +0200 Alex Greifwrote: > I experienced the same. what I did: > - install todays snapshot > - sysmerge > - pkg_add -nu ---> reported the problems > - pkg_add -u sudo ---> reported problems but installed correctly > anyway > - reboot > - pkg_add -nu ---> reported no problems > - pkg_add -u ---> reported no problems > > noc clue what the problem was, but it is gone now. thank you for your suggestion, but I Don't have sudo installed on my system. I am just using 'doas' with the default config file from /etc/example/. $ pkg_info | grep sudo $ Thanks Lars
Re: signify: write to stdout: Broken pipe
I experienced the same. what I did: - install todays snapshot - sysmerge - pkg_add -nu ---> reported the problems - pkg_add -u sudo ---> reported problems but installed correctly anyway - reboot - pkg_add -nu ---> reported no problems - pkg_add -u ---> reported no problems noc clue what the problem was, but it is gone now. Alex. On Sun, Oct 02, 2016 at 02:53:34PM +0200, lvdd wrote: > Hi misc, > > On Sat, 01 Oct 2016 14:50:35 -0400 > "Joe Gidi"wrote: > > > And, as is so often the case, I figured out the problem right after > > sending > > that email. My old 'sudo' package was apparently not entirely > > functional after > > updating the base system. 'doas pkg_add -u' got me an > > up-to-date 'sudo' which > > is once again working properly. > > > > Sheepish apologies for the noise... > > > > sorry for hijacking this but I am seeing the same problem and > 'sudo' is not involved in my case. > > I did a new installation of the -snapshot yesterday and after much > trial and error I can reliably reproduce the issue with > enabling/disabling dbus-session in my .xinitrc. > > I am running jwm and as soon as I enable the dbus session as described > in the dbus pkg-readme I am seeing the errors reported. JWM > configuration doesn't seem to be involved here (tried the stock > configuration and my own). > Starting CWM with the same .xinitrc (dbus enabled or disabled) doesn't > show the errors. Removing my .xinitrc entirely and starting the default > FVWM doesn't show the issue either. As far as I understand dbus is > started with the default FVWM session. The problem does also not appear > on the tty. > > BTW: Even with those error messages new software is installed fine using > pkg_add -vi > > The combination of jwm with dbus has worked for almot 2 years now. I am > somewhat puzzled and don't understand what jwm, dbus, pkg_add and > signify have to do with each other. > > Some input is highly appreciated > > Thanks > Lars > > .xinitrc: > -- > # ignore this darn LVDD port on the motherboard > xrandr --output DP1 --off > > > if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" > ]; then > eval `dbus-launch --sh-syntax --exit-with-session` > fi > > jwm > #cwm > > > $ doas rcctl ls started > cron > messagebus > ntpd > pflogd > smtpd > sndiod > sshd > syslogd > > > > dmesg: > > OpenBSD 6.0-current (GENERIC.MP) #2511: Fri Sep 30 20:12:15 MDT 2016 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8440098816 (8049MB) > avail mem = 8179810304 (7800MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec2f0 (67 entries) > bios0: vendor American Megatrends Inc. version "0806" date 12/14/2015 > bios0: ASUS All Series > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT LPIT SSDT SSDT MCFG HPET SSDT SSDT > BGRT acpi0: wakeup devices UAR1(S4) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4) > RP03(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) GLAN(S4) EHC1(S4) > EHC2(S4) XHC_(S4) HDEF(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 > bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: > apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, > 3691.95 MHz cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0,
Re: OpenBSD 6.0 does not detect my USB ethernet interface
I'm also a newbie, but I think there is no drivers for your device on OpenBSD. Maybe you can solve the problem with PPPoE: http://man.openbsd.org/OpenBSD-current/man4/pppoe.4 Have a good day! Raffaele On Sun, 2 Oct 2016 08:15:31 + (UTC) Farhad Benyaminwrote: > Hello, I installed OpenBSD 6.0 (GENERIC kernel) on a AMD64 machine. The system > can't detect my USB ethernet interface, altough LED of USB on modem is light > up. I also had this problem on NetBSD 7.0.1, during installation it can't > detect this interface, but I don't try to solve it. > > I am grateful for the help to solve this problem. I am newbie. > > == > > MODEM : Micronet ADSL2+ Modem Router, Model No. SP3361 > > ### on OpenBSD ### > > *** ifconfig *** > > lo0: flags=8049 mtu 32768 > index 2 priority 0 llprio 3 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > inet 127.0.0.1 netmask 0xff00 > enc0: flags=0<> > index 1 priority 0 llprio 3 > groups: enc > status: active > pflog0: flags=141 mtu 33144 > index 3 priority 0 llprio 3 > groups: pflog > > *** dmesg | grep usb *** > > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1 > usb1 at ehci1: USB revision 2.0 > uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1 > usb2 at ohci0: USB revision 1.0 > uhub2 at usb2 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > usb3 at ohci1: USB revision 1.0 > uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > usb4 at ohci2: USB revision 1.0 > uhub4 at usb4 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > usb5 at ohci3: USB revision 1.0 > uhub5 at usb5 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > usb6 at ohci4: USB revision 1.0 > uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > > *** dmesg | grep rndis *** > > urndis0 at uhub2 port 2 configuration 1 interface 0 "vendor 0x12a7 product > 0x3160" rev 1.10/0.01 addr 2 > urndis0: using Vendor: interface alternate setting 0 failed > > ### on Debian 8 ### > > *** ifconfig *** > > eth1 Link encap:Ethernet HWaddr (removed by me) > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:20 errors:0 dropped:0 overruns:0 frame:0 > TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:1420 (1.3 KiB) TX bytes:1420 (1.3 KiB) > > *** dmesg | grep usb *** > (output is customized) > > [ 1.962069] usb 3-2: new full-speed USB device number 2 using ohci-pci > [ 2.188927] usb 3-2: New USB device found, idVendor=12a7, idProduct=3160 > [ 2.188969] usb 3-2: New USB device strings: Mfr=0, Product=0, > SerialNumber=0 > [ 7.228928] usbcore: registered new interface driver cdc_ether > [ 12.349310] rndis_host 3-2:1.0 eth0: register 'rndis_host' at > usb-:00:12.0-2, RNDIS device, (MAC Addr, removed by me) > [ 12.349414] usbcore: registered new interface driver rndis_host > [ 12.379849] usbcore: registered new interface driver rndis_wlan > > *** dmesg | grep rndis *** > > [ 12.349310] rndis_host 3-2:1.0 eth0: register 'rndis_host' at > usb-:00:12.0-2, RNDIS device, (MAC Addr, removed by me) > [ 12.349414] usbcore: registered new interface driver rndis_host > [ 12.379849] usbcore: registered new interface driver rndis_wlan > -- thrph.i...@gmail.com
Re: signify: write to stdout: Broken pipe
Hi misc, On Sat, 01 Oct 2016 14:50:35 -0400 "Joe Gidi"wrote: > And, as is so often the case, I figured out the problem right after > sending > that email. My old 'sudo' package was apparently not entirely > functional after > updating the base system. 'doas pkg_add -u' got me an > up-to-date 'sudo' which > is once again working properly. > > Sheepish apologies for the noise... > sorry for hijacking this but I am seeing the same problem and 'sudo' is not involved in my case. I did a new installation of the -snapshot yesterday and after much trial and error I can reliably reproduce the issue with enabling/disabling dbus-session in my .xinitrc. I am running jwm and as soon as I enable the dbus session as described in the dbus pkg-readme I am seeing the errors reported. JWM configuration doesn't seem to be involved here (tried the stock configuration and my own). Starting CWM with the same .xinitrc (dbus enabled or disabled) doesn't show the errors. Removing my .xinitrc entirely and starting the default FVWM doesn't show the issue either. As far as I understand dbus is started with the default FVWM session. The problem does also not appear on the tty. BTW: Even with those error messages new software is installed fine using pkg_add -vi The combination of jwm with dbus has worked for almot 2 years now. I am somewhat puzzled and don't understand what jwm, dbus, pkg_add and signify have to do with each other. Some input is highly appreciated Thanks Lars .xinitrc: -- # ignore this darn LVDD port on the motherboard xrandr --output DP1 --off if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" ]; then eval `dbus-launch --sh-syntax --exit-with-session` fi jwm #cwm $ doas rcctl ls started cron messagebus ntpd pflogd smtpd sndiod sshd syslogd dmesg: OpenBSD 6.0-current (GENERIC.MP) #2511: Fri Sep 30 20:12:15 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8440098816 (8049MB) avail mem = 8179810304 (7800MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec2f0 (67 entries) bios0: vendor American Megatrends Inc. version "0806" date 12/14/2015 bios0: ASUS All Series acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT LPIT SSDT SSDT MCFG HPET SSDT SSDT BGRT acpi0: wakeup devices UAR1(S4) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4) RP03(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) HDEF(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.95 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
OpenBSD 6.0 does not detect my USB ethernet interface
Hello, I installed OpenBSD 6.0 (GENERIC kernel) on a AMD64 machine. The system can't detect my USB ethernet interface, altough LED of USB on modem is light up. I also had this problem on NetBSD 7.0.1, during installation it can't detect this interface, but I don't try to solve it. I am grateful for the help to solve this problem. I am newbie. == MODEM : Micronet ADSL2+ Modem Router, Model No. SP3361 ### on OpenBSD ### *** ifconfig *** lo0: flags=8049mtu 32768 index 2 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff00 enc0: flags=0<> index 1 priority 0 llprio 3 groups: enc status: active pflog0: flags=141 mtu 33144 index 3 priority 0 llprio 3 groups: pflog *** dmesg | grep usb *** usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1 usb2 at ohci0: USB revision 1.0 uhub2 at usb2 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb4 at ohci2: USB revision 1.0 uhub4 at usb4 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb5 at ohci3: USB revision 1.0 uhub5 at usb5 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb6 at ohci4: USB revision 1.0 uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1 *** dmesg | grep rndis *** urndis0 at uhub2 port 2 configuration 1 interface 0 "vendor 0x12a7 product 0x3160" rev 1.10/0.01 addr 2 urndis0: using Vendor: interface alternate setting 0 failed ### on Debian 8 ### *** ifconfig *** eth1 Link encap:Ethernet HWaddr (removed by me) UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1420 (1.3 KiB) TX bytes:1420 (1.3 KiB) *** dmesg | grep usb *** (output is customized) [ 1.962069] usb 3-2: new full-speed USB device number 2 using ohci-pci [ 2.188927] usb 3-2: New USB device found, idVendor=12a7, idProduct=3160 [ 2.188969] usb 3-2: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 7.228928] usbcore: registered new interface driver cdc_ether [ 12.349310] rndis_host 3-2:1.0 eth0: register 'rndis_host' at usb-:00:12.0-2, RNDIS device, (MAC Addr, removed by me) [ 12.349414] usbcore: registered new interface driver rndis_host [ 12.379849] usbcore: registered new interface driver rndis_wlan *** dmesg | grep rndis *** [ 12.349310] rndis_host 3-2:1.0 eth0: register 'rndis_host' at usb-:00:12.0-2, RNDIS device, (MAC Addr, removed by me) [ 12.349414] usbcore: registered new interface driver rndis_host [ 12.379849] usbcore: registered new interface driver rndis_wlan
Re: Looking for DMVPN implementation
On Sat, Oct 01, 2016 at 10:44:02PM +, Jens Sauer wrote: > Hi OpenBSD community, > > i'm looking for an OpenSource implementation of DMVPN (Dynamic Multipoint > Virtual private network). > > Currently i just found the draft (from 2013) : > https://tools.ietf.org/html/draft-detienne-dmvpn-00 > > Comming from Cisco and would be pleased to see it under OpenBSD. > http://www.cisco.com/c/dam/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/DMVPN_Overview.pdf > > Hope i could get an advice in how to implement (use) it under OpenDSD. OpenBSD does not have support for mGRE and NHRP. If you're not having hundreds of sites you want to connect you could set up tunnels (gif or gre), protect it with ipsec and run a routing protocol over that. It scales best if you automate it (I use ansible for this). Remi
Re: Unexpected behavior in su/doas
> > This is just one mechanism on tty, there are others. On other > > descriptors there are other abilities. > > > > Would you mind explaining this a little bit. I don't really mean the > sudo/doas part. > > How to do operations without retaining access to a tty? > > What other descriptors? Example: If you have file descriptor to directory outside chroot and you are root user you can escape chroot. https://filippo.io/escaping-a-chroot-jail-slash-1/
Re: Unexpected behavior in su/doas
On Sun, Oct 2, 2016 at 12:35 AM, Otto Moerbeekwrote: > On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > >> On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: >> > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to >> > remain the same. >> > >> > De-escalation using these "sudo" or "doas" like tools on a tty is >> > somewhat unsafe - it has always been unsafe - because tty's have >> > capabilities. >> > >> > If you wish to be safer, do these operations without retaining access >> > to a tty. >> > >> > Escalation on the other hand (user -> root) is different, because then >> > it is clear you want to do more / everything. But de-escalation is a >> > joke. >> > >> > This is just one mechanism on tty, there are others. On other >> > descriptors there are other abilities. >> > >> >> Would you mind explaining this a little bit. I don't really mean the >> sudo/doas part. >> >> How to do operations without retaining access to a tty? >> >> What other descriptors? > > Well, a lot of things are possible using descriptors. Descriptors can > refer to files, devices, sockets to name a few. So if you have an open > descriptor to any of them... ...and it's not just actual file descriptors that provide privileged access: even if a process closes all fds for its controlling tty, it remains the process's controlling tty and can still be reopened via /dev/tty. Similarly, simply being in the same session gives a process additional rights that it wouldn't have otherwise, such as being able to use tcsetpgrp() and see your login name via getlogin()... Philip Guenther
Re: Unexpected behavior in su/doas
On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: > > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to > > remain the same. > > > > De-escalation using these "sudo" or "doas" like tools on a tty is > > somewhat unsafe - it has always been unsafe - because tty's have > > capabilities. > > > > If you wish to be safer, do these operations without retaining access > > to a tty. > > > > Escalation on the other hand (user -> root) is different, because then > > it is clear you want to do more / everything. But de-escalation is a > > joke. > > > > This is just one mechanism on tty, there are others. On other > > descriptors there are other abilities. > > > > Would you mind explaining this a little bit. I don't really mean the > sudo/doas part. > > How to do operations without retaining access to a tty? > > What other descriptors? Well, a lot of things are possible using descriptors. Descriptors can refer to files, devices, sockets to name a few. So if you have an open descriptor to any of them... > > And, I would especially appreciate any areas in src that could more > fully give me an understanding of this. Studying code has to be > essential to get this. e.g. login(1), cron(8), daemon(3) and setsid(2) and friends. -Otto
Re: Unexpected behavior in su/doas
On Sun, Oct 02, 2016 at 07:10:12AM +0200, Sebastien Marie wrote: > On Sat, Oct 01, 2016 at 05:15:31PM -0500, Chris Bennett wrote: > > On Sat, Oct 01, 2016 at 03:54:40PM -0600, Theo de Raadt wrote: > > > Use of su, doas, or sudo -- means you EXPLICITLY want the tty to > > > remain the same. > > > > > > De-escalation using these "sudo" or "doas" like tools on a tty is > > > somewhat unsafe - it has always been unsafe - because tty's have > > > capabilities. > > > > > > If you wish to be safer, do these operations without retaining access > > > to a tty. > > > > > > Escalation on the other hand (user -> root) is different, because then > > > it is clear you want to do more / everything. But de-escalation is a > > > joke. > > > > > > This is just one mechanism on tty, there are others. On other > > > descriptors there are other abilities. > > > > > > > Would you mind explaining this a little bit. I don't really mean the > > sudo/doas part. > > > > How to do operations without retaining access to a tty? > > What other descriptors? > > > > And, I would especially appreciate any areas in src that could more > > fully give me an understanding of this. Studying code has to be > > essential to get this. > > > > there is a recent thread on oss-security about the specific problem of > sharing tty: > http://openwall.com/lists/oss-security/2016/09/25/1 > > or a more ancien stuff (same problem): > http://www.openwall.com/lists/oss-security/2011/12/20/2 > > when using doas/sudo you share a tty. > > # tty > /dev/ttypa > # doas -u user -s > $ tty > /dev/ttypa > > so at a moment, user has access to the tty device that root will use > later. > > for example, user is able to push chars in tty buffer, logout, and let > the root process eats the controlled input. > > alternative way (and more secure in this context) is to use ssh(1). But > note it needs additionnal configuration. ssh(1) will allocate a new > pty(4) device for the user. > > # tty > /dev/ttypa > # ssh user@localhost > Last login: ... > OpenBSD 6.0-current ... > ... > > $ tty > /dev/ttypb > > Regards. > -- > Sebastien Marie Alternatively, you can run a command as a specific use without tty using batch(1) or at(1). # echo su otto -c "id; tty" | batch The command will be executed without controlling tty. OUtput will be reported by mail. -Otto