Re: https for pkg_add?

On Thu, Jan 05, 2017 at 06:50:38PM -0800, jungle boogie wrote: > Hi All, > > With all the recent changes to supporting https on the various mirrors, does > that mean https may also be used with the PKG_PATH variable? Yes. -- Antoine

https for pkg_add?

Hi All, With all the recent changes to supporting https on the various mirrors, does that mean https may also be used with the PKG_PATH variable? Thanks, jb

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

>You could possibly make a separate "event" or "wait" pledge to register new >events or NOTE_EXIT calls, but I suspect that that would complicate things, >making the large presumption that that could be desired. Why would we do that? We've not seen any source code which requires what you

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

You could possibly make a separate "event" or "wait" pledge to register new events or NOTE_EXIT calls, but I suspect that that would complicate things, making the large presumption that that could be desired. On Thu, Jan 5, 2017, 15:42 Theo de Raadt wrote: > > I imagine

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

> I should also clarify a bit. wait() only works for processes you've created > with fork(), which requires "proc". There's good reason to allow you to watch > for a child's exit much later, but without the ability to fork again. that's right. during development of pledge, we found many

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

> I imagine that the mitigation that is sought by pledge is to minimize > aberrent code reuse in whatever way a hacker can make code run again in a > way that it isn't supposed to. And maybe the programmer can choose what can > be problematic and what isn't if it runs again with their choice of

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

Registering a EVFILT_PROC, NOTE_EXIT kevent requires proc On Thu, Jan 5, 2017, 15:25 Ted Unangst wrote: > Theo de Raadt wrote: > > > Luke Small wrote: > > > > What if I want to prevent a process from forking while I want to > create new > > > > EVFILT_PROC events? Say, to

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

Theo de Raadt wrote: > > Luke Small wrote: > > > What if I want to prevent a process from forking while I want to create > > > new > > > EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe > > > and load it into a kqueue. Is there a reason why waitpid() isn't beholden > > >

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

I imagine that the mitigation that is sought by pledge is to minimize aberrent code reuse in whatever way a hacker can make code run again in a way that it isn't supposed to. And maybe the programmer can choose what can be problematic and what isn't if it runs again with their choice of the calls.

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

> Luke Small wrote: > > What if I want to prevent a process from forking while I want to create new > > EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe > > and load it into a kqueue. Is there a reason why waitpid() isn't beholden > > to this, or is there a reason that

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

Luke Small wrote: > What if I want to prevent a process from forking while I want to create new > EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe > and load it into a kqueue. Is there a reason why waitpid() isn't beholden > to this, or is there a reason that EVFILT_PROC

Re: Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

> What if I want to prevent a process from forking while I want to create new > EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe > and load it into a kqueue. Is there a reason why waitpid() isn't beholden > to this, or is there a reason that EVFILT_PROC is? Your usage case

Why can I waitpid() but can't EVFILT_PROC under pledge("proc")

What if I want to prevent a process from forking while I want to create new EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe and load it into a kqueue. Is there a reason why waitpid() isn't beholden to this, or is there a reason that EVFILT_PROC is?

Re: relayd[66834]: relayd: socketpair: Too many open files

On Thu, Jan 5, 2017 at 10:07 AM, Peter Faiman wrote: > Hmm. The default number of files is 128 for daemons, but it's strange > you'd hit that JUST starting up. > > Can you try starting relayd with -v -d to see if it logs anything of > interest? > # /usr/sbin/relayd -vvv

Re: relayd[66834]: relayd: socketpair: Too many open files

On Thu, Jan 5, 2017 at 10:19 AM, Peter Faiman wrote: > Ah yes I see those lines now, thank you. > > Kevin, what version of OpenBSD are you using? You mentioned this is a new > project so I assume 6.0? > >From my dmesg: OpenBSD 6.0-stable (GENERIC.MP )

Re: maybe move texinfo from base in the ports?

On Thu, 05 Jan 2017 21:18:45 +0300, =?UTF-8?B?0JDQvdC00YDQtdC5INCR0L7Qu9C60L7Qv dGB0LrQuNC5?= wrote: > https://github.com/openbsd/src/tree/master/usr.bin/keynote > remove this obsolete directory, please... How is it obsolete? The keynote binary is still built from there, it's just that the

Re: maybe move texinfo from base in the ports?

https://github.com/openbsd/src/tree/master/usr.bin/keynote remove this obsolete directory, please... 2016-11-18 21:09 GMT+03:00 Ingo Schwarze : > Andrey Bolkonsky wrote on Thu, Nov 17, 2016 at 07:47:48PM +0300: > > > IMHO, texinfo isn't need in most cases, is GPL software and

Re: relayd[66834]: relayd: socketpair: Too many open files

Ah yes I see those lines now, thank you. Kevin, what version of OpenBSD are you using? You mentioned this is a new project so I assume 6.0? Peter On Jan 5, 2017, at 10:08, Theo de Raadt wrote: >> Hmm. The default number of files is 128 for daemons, but it's strange you'd

Re: relayd[66834]: relayd: socketpair: Too many open files

> Hmm. The default number of files is 128 for daemons, but it's strange you'd > hit that JUST starting up. > > Can you try starting relayd with -v -d to see if it logs anything of > interest? > > Can you binary search ulimits until you find the lowest it will start with? > > Reading the source

Re: relayd[66834]: relayd: socketpair: Too many open files

Hmm. The default number of files is 128 for daemons, but it's strange you'd hit that JUST starting up. Can you try starting relayd with -v -d to see if it logs anything of interest? Can you binary search ulimits until you find the lowest it will start with? Reading the source it looks like

Re: relayd[66834]: relayd: socketpair: Too many open files

Nope. I was hoping for another solution, especially given that: 1. the only thing runnings on this machine are pf and relayd 2. there's zero traffic going to it at present 3. there's only one site being load balanced it seems like it shouldn't be necessary. I'm open to it, if that's

Re: relayd[66834]: relayd: socketpair: Too many open files

Have you modified your open file limits in /etc/login.conf? Especially in the daemon section? Peter > On Jan 5, 2017, at 08:50, Kevin wrote: > >> On Tue, Jan 3, 2017 at 1:16 PM, Kevin wrote: >> >> Hey gang, >> >> So I'm putting a new firewall in place and

Re: relayd[66834]: relayd: socketpair: Too many open files

On Tue, Jan 3, 2017 at 1:16 PM, Kevin wrote: > Hey gang, > > So I'm putting a new firewall in place and have run into issues with > getting relayd to start using: > > # /etc/rc.d/relayd start > > When I try starting it like that inevitably I get: > > relayd(failed) > >

Re: usermod: Invalid password: `*'

This works in -current. I've verified that it works with rev 1.112 of user.c but OpenBSD 6.0 has user.c rev 1.111. - todd

Re: isakmpd set up

On 2017-01-02, Peter Fraser wrote: > I want the fixed IP address so I don't have to drive there to fix problems. PS: I haven't used it recently, but I've found ports/sysutils/autossh useful in the past for these.

Re: isakmpd set up

On 2017-01-02, Peter Fraser wrote: > A charity that I support has been having trouble with its internet provider > (Rogers). > The problem I have is that Roger is the only supplier that is available that > will > give a fixed IP address. > > I want the fixed IP address so I

Re: nslookup and dig output when using rebound

On 2017-01-04, Ted Unangst wrote: > Glenn Faustino wrote: >> Hi, >> >> The output of nslookup and dig when using rebound are like these: > > this finally annoyed me enough the other day i made a patch. Oh please don't This is important information. > > Index:

Re: The right way to delete elements from ohash

Yes, it's the simplest and probably the fastest way (and I care about simplicity more than speed anyway), so I like it more than the other option. It seems there's no third one, except from replacing ohash or forking it (f.e. to not downsize unless explicitly requested). I think I'll stay with the