-- Forwarded message --
From: "Ingo Schwarze" <schwa...@usta.de>
Date: Nov 13, 2015 7:32 PM
Subject: Re: pledge() enhancement
To: "Luke Small" <lukensm...@gmail.com>
Cc: <b...@openbsd.org>
Hi Luke,
Luke Small wrote on Fri, Nov 13, 2015 at
I want to be able to use systrace for privilege escalation for kompare for
sysmerge diffs and kate. Why isn't systrace able to do this?
-Luke
>I can't quite figure out what you're trying to do, but running big GUI
>programs and libraries with root privileges (whether that's from systrace
or >doas or sudo or su or whatever) is usually not a good idea.
Thinking about it now, I guess if you add root write privileges to writing
files, you
I am not on the web with my 5.8 virtualbox guest and it never blanks
unless it is set to 1 minute and when it is locked, it is interrupted. Is
it a bug, or is it possibly a virus? My windows host goes into the
screensaver and stays just fine.
that doesn't suid but can open a privileged socket under systrace
-c 1000:1000 ./server
On Dec 2, 2015 19:44, "Vadim Zhukov" <persg...@gmail.com> wrote:
> 03 дек. 2015 г. 4:27 полÑзоваÑÐµÐ»Ñ "Luke Small"
<lukensm...@gmail.com>
> напиÑал:
>
that on a specific file, whether the results may be skewed by
inconsistent squid or similar program caching often downloaded files on
mirrors.
On Dec 27, 2015 18:17, "Luke Small" <lukensm...@gmail.com> wrote:
> Even though I don't have an internet connection for my laptop I
>
I am realistically thinking more along the lines of less than once a
release cycle. More like whenever it comes upon a user that their mirror of
choice chooses to no longer be a mirror. I had that happen to me. It would
be convenient to have a program that can easily compare mirror latencies
and
t; wrote:
> All of the functionality you are requesting is already provided.
>
> look at finish_up() in src/distrib/miniroot/install.sub.
>
> There is no reason at all to modify pkg_add. Just setup /etc/pkg.conf.
>
>
> On 2016 Jan 04 (Mon) at 04:02:07 -0600 (-0600), Luke Small wr
What I meant is, if a program sends a handful of pings to each mirror,
would it think it is being spammed and shutdown any further connections. I
didn't mean to say that I want to connect the pkg_ping program to a of
anchor. I tried an initial localhost pinging, pkg_ping program in
virtualbox
> On 2015-12-20 17.25.14 -0600, Luke Small wrote:
> >It would be very easy to write a C
> >program to parse and edit fstab to make all the partitions softdep.
>
> Can we see your patch?
to fix
the problem, when it can merely be an install option.
-Luke
On Sun, Dec 20, 2015 at 3:33 PM, <li...@wrant.com> wrote:
> On Sun, 20 Dec 2015 14:03:18 -0600 Luke Small <lukensm...@gmail.com>
> wrote:
>
> > I don't know the best way, but I like how there are &qu
Ha Ha. I got Theo to call me a whiny prick! I'm getting the t-shirt.
>You play absolutely no part in the decisions that got OpenBSD to where it
is.
At least somebody is listening, even if they are ignoring everything.
What point is there to having an automated machine, when you have to do
I can't type underscore on this device.
Assuming i could do it: If I were to make a sloppy perl-based pkg-add
program that used c and the installer code to (re)set the PKG-PATH
environment variable using the "http" settings that are available for
installing the modules from mirrors, if I made
I wanna make a c program that checks for a PKG_PATH that exists and
connects to a workable link for pkg_add(). If you ever upgraded using
http mirrors on the install disk, it offers list# which links directly
to numbered mirrors. It would likely ease the initial startup for
whomever uses it while
I suspect that if you did, it wouldn't check whether there was an
astronaut ready to control the on-board computer and would sit there
continuously trying to rev the rocket engines with no jet fuel. That
is the way pkg-add acts right now. I felt pretty ridiculous wondering
why pkg-add wasn't
of messages delivered by
pkg-add itself to rm folder contents at the end of a run.
On 12/25/15, Luke Small <lukensm...@gmail.com> wrote:
> I suspect that if you did, it wouldn't check whether there was an
> astronaut ready to control the on-board computer and would sit there
> continuousl
Come to think about it, it might to be good to do tiny standalone
program called pkg_ping and then I could make it in C like I'd prefer.
I'd hope to make a port maybe, but then it would functionally defeat
the intent.
On 12/26/15, Luke Small <lukensm...@gmail.com> wrote:
> I ju
I just figure that adding a little complexity that doesn't adversely
affect security, to ease initial entry into the system for new users
could be good. pkg_add initialization and mirror selection can be
automated in a way to not discourage someone from picking up a fresh
install and running with
If installer GUIs are bad, maybe features like full-disk encryption could
be accomplished via lynx-like text -based HTML and/or JavaScript that could
write to cookies that the installer could parse into commands?
-Luke
I guess I didn't really answer your question. It wouldn't rely upon
the ramdisk. It is meant to run after install. So it would presumably
have all the firmware. I was thinking about running it similarly to
the install output though. I setup a local mirror once and it crapped
out after a while and
You could do that if you want to have noobs connect to one of the mirrors
into perpituty that brings down the server like a ddos every release!
> I think the best that can be done relatively easily would be to have
>pkg_add fetch ftplist.cgi and pick the first result as a default if
neither
Even though I don't have an internet connection for my laptop I
started the C program that pipes an execl call from ftp, to sed, (like
the suggestions
offered earlier in the thread, and back to the parent and it will use
kqueue to test the pipe buffer capacities to a local buffer (I love
You are a normal user and have full disk encryption. You must have read the
man page on how to do that? Found the installer option did you. I have read
several books on openbsd and all the man pages I could find and didn't find
out how to do it anywhere else other that how to webpages.
On Dec 21,
they
want to run a two nic gateway, let them read the man-pages.
-Luke
On Sun, Dec 20, 2015 at 7:45 PM, Dmitrij D. Czarkoff <czark...@gmail.com>
wrote:
> Luke Small said:
> > There are other features that inexperienced users could benefit from,
> like
> > selecting
I suspect that there could be a number of minor implementation tweaks that
could be addressed that would be convenient to avoid presumably to
streamline the install process for folks that would prefer to avoid an
incessant procession of questions.
There are other features that inexperienced users
the user and doesn't
self-destruct any time it needs to fsck: By Default.
On 12/21/15, li...@wrant.com <li...@wrant.com> wrote:
>> Luke Small <lukensm...@gmail.com>
>> >[...] It would be very easy to write a C
>> >program to parse and edit fstab to mak
00, li...@wrant.com wrote:
>
>> On Sun, 20 Dec 2015 10:51:20 + Tati Chevron <chev...@swabsit.com>
>> wrote:
>>
>> On Sat, Dec 19, 2015 at 05:34:59PM -0600, Luke Small
>>> <lukensm...@gmail.com> wrote:
>>> >
>>> >If installer
Pledge does something odd, that I don't understand by reading the man page.
It trips the system-call: SYS_PROFIL (44) when it ends its run in
codeblocks IDE when profiling is enabled. Can I enable a pledge setting
that enables this to complete? Is there a security reason that pledge is
disabling
Would it make it slower, more buggy or make the kernel not fit in the root
partition?
On Thu, Jun 16, 2016 at 9:07 AM Mike Burns <mike+open...@mike-burns.com>
wrote:
> On 2016-06-16 13.42.44 +0000, Luke Small wrote:
> > Is it possible and not unadvisable to make /src with the
break your system, you get to keep all the pieces.
>
> Short version: "if you had to ask, then the answer was no".
>
>
> 2016-06-16 15:42 GMT+02:00 Luke Small <lukensm...@gmail.com>:
>
>>
>
>
> --
> May the most significant bit of your life be positive.
I made a small 500 line program I call pkg_ping that calls uname -rm, ftp,
sed, on openbsd.org/ftp.html. then it changes all the parsed http and ftp
mirrors into http and ftp downloads and changes them to non redundant http
mirrors (it has to to easily call ftp on it). It takes them and downloads
It seems to complicate things. Is there a security reason to use those
functions?
I wanted to use kqueue. Name another script or programming language that
offers it from the base install. NONE!
Why should I write it in another language. I already did it in C. Is there
another way other than kqueue that you can wait for the ftp call to quit,
while being able to kill it if it
the program overwrites ONLY the installpath variable(s) in /etc/pkg.conf.
The rest of the variables will remain.
PKG_PATH environment variable takes precedence over any installpath
initializations.
I'm running 5.8. I don't know how to pledge it. I will make sure to, past
the 5.9 release. I'm
even more sloppy. The only problem is that the program is potentially
subject to a man-in-the-middle attack from a non secured webpage. Manually
setting the package mirror has the same problem too though.
On Jan 30, 2016 06:50, <li...@wrant.com> wrote:
> Fri, 29 Jan 2016 16:35:12 -0600
even a big enough transfer to get TCP out of slow start.
SHA256 is over 600 KB.
-Luke
On Wed, Jan 20, 2016 at 1:14 AM, Luke Small <thinkitdoitd...@gmail.com>
wrote:
> not knowing better...
>
> I always wanted to know the fastest mirrors for me, and at times it
> cha
man pf.conf
set limit
here you go! Enjoy!
-Luke
On Tue, Jan 19, 2016 at 2:57 AM, Erling Westenvik <
erling.westen...@gmail.com> wrote:
> On Tue, Jan 19, 2016 at 01:26:15AM -0600, Luke Small wrote:
> > I made a small 500 line program I call pkg_ping that calls uname -rm,
> > ftp, sed, on
Go to:
*I have a mirror testing program for you.*
in the tech mailing list. It copied there.
-Luke
On Tue, Jan 19, 2016 at 11:18 PM, Luke Small <thinkitdoitd...@gmail.com>
wrote:
> here you go! Enjoy!
>
> -Luke
>
> On Tue, Jan 19, 2016 at 2:57 AM, Erling Westen
wrote:
> On Tue, Jan 19, 2016 at 01:26:15AM -0600, Luke Small wrote:
> > I made a small 500 line program I call pkg_ping that calls uname -rm,
> > ftp, sed, on openbsd.org/ftp.html.
>
> A "program"? In what language? Is your code available somewhere?
>
>
I often use virtualbox to run openbsd-amd64 and lately I haven't been able
to "ntpd -s" and make it update the clock, which may have been after
several days. It often adversely affects my use of google products, as they
update their keys often and if the clock is wrong, it says there is a
security
t; On Sat, May 7, 2016 at 9:06 AM, Luke Small <lukensm...@gmail.com> wrote:
> > I often use virtualbox to run openbsd-amd64 and lately I haven't been
> able
> > to "ntpd -s" and make it update the clock, which may have been after
> > several days.
>
>
:56 PM, Luke Small <lukensm...@gmail.com> wrote:
> It is because I am saving the state in virtualbox, which is like putting
> it in hibernate, except instead of refreshing the time, the time remains
> the same as when it last ran, which can be some time ago.
>
> -Luke
>
>
I used to be able to run ntpd -s in 5.8
Now I can't. Apparently sometimes security causes incompatibilities.
I ran sendbug with my complaint.
-Luke
On Sat, May 7, 2016 at 7:06 PM, Philip Guenther <guent...@gmail.com> wrote:
> On Sat, May 7, 2016 at 4:27 PM, Luke Small <lukensm.
I'm trying to do some operations in which I fork and the child closes and
simplifies socketpair listings and sends the simpler list of malloced file
descriptors to a function and sends ioctl data after it opens a socket. The
parent sends a short greeting to the child to show that it is ready. The
, 05:58 Peter J. Philipp <p...@centroid.eu> wrote:
> On Sun, Jul 31, 2016 at 09:05:52AM +0000, Luke Small wrote:
> > I'm trying to do some operations in which I fork and the child closes and
> > simplifies socketpair listings and sends the simpler list of malloced
&
I'm thinking about getting some intel or sparc system with AES hardware.
What would be the cleanest way to access the Open Cryptographic Framework
to access the hardware. I'm writing in C. I'd like to do 256 bit aes-ctr or
preferably aes-gcm and use ultrasparc T2 and above, slightly older Xeons or
I'm thinking about getting some intel or sparc system with AES hardware.
What would be the cleanest way to access the Open Cryptographic Framework
to access the hardware. I'm writing in C. I'd like to do 256 bit aes-ctr or
preferably aes-gcm and use ultrasparc T2 and above, i7 or older Xeons. I'm
if I have:
"pass out quick on lo0 from self port 6379 to \ any user luke
block out quick on lo0 from self port 6379 to any
pass quick on lo0 from any to any"
a local connection to port 6379 will go to the last rule... isn't this a
useful feature to allow one of the first two rules to take
ut quick on lo0 inet proto udp from 127.0.0.1 port = 6380
to any label "Rule 1h"
[ Evaluations: 0 Packets: 0 Bytes: 0States: 0 ]
[ Inserted: uid 0 pid 89214 State Creations: 0 ]
@28 block drop out quick on lo0 inet proto udp from 10.0.2.15 port = 638
It doesn't. The "pass in quick on lo0 proto {tcp,udp}from any port 6379 to
self port 6379 user luke" works.
On Mon, Jan 16, 2017, 23:48 Sebastien Marie <sema...@online.fr> wrote:
> On Mon, Jan 16, 2017 at 11:04:48PM +, Luke Small wrote:
> > I'm trying to have pf
I'm trying to have pf limit sending TCP packets over lo0 from a specific
user. I made some rules, but they seem to be ignored when I check on pfctl
-vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0
proto { tcp, udp } from self port 6379 to any port 6379 user luke" and
"block
wouldn't it be more secure to have a write, read, and execute capable paths
lists in pledge()
wrote:
> What is the use case ?
>
> 2016-09-03 4:15 GMT+02:00 Luke Small <lukensm...@gmail.com>:
> > wouldn't it be more secure to have a write, read, and execute capable
> paths
> > lists in pledge()
> >
>
>
>
> --
>
> Cordialement, Coues Ludovic
> +336 148 743 42
, 04:41 ludovic coues <cou...@gmail.com> wrote:
> 2016-09-03 11:04 GMT+02:00 Luke Small <lukensm...@gmail.com>:
> >
> >
> > Sorry I was in the middle of something, but pledge can be a broad brush,
> > unless you are dealing with one file, whether it is execut
Can I change usbhidctrl to change how it is mapped. the middle scroll moves
the mouse up. the left-right movement on the mouse works, but the up and
down seems to right click. I don't know what the rest does.
You could possibly make a separate "event" or "wait" pledge to register new
events or NOTE_EXIT calls, but I suspect that that would complicate things,
making the large presumption that that could be desired.
On Thu, Jan 5, 2017, 15:42 Theo de Raadt wrote:
> > I imagine
Registering a EVFILT_PROC, NOTE_EXIT kevent requires proc
On Thu, Jan 5, 2017, 15:25 Ted Unangst <t...@tedunangst.com> wrote:
> Theo de Raadt wrote:
> > > Luke Small wrote:
> > > > What if I want to prevent a process from forking while I want to
> create ne
What if I want to prevent a process from forking while I want to create new
EVFILT_PROC events? Say, to accept the pid of a sibling fork from a pipe
and load it into a kqueue. Is there a reason why waitpid() isn't beholden
to this, or is there a reason that EVFILT_PROC is?
ose it may be difficult to turn back now after pledging so much in a
certain way.
On Thu, Jan 5, 2017, 14:41 Ted Unangst <t...@tedunangst.com> wrote:
Luke Small wrote:
> What if I want to prevent a process from forking while I want to create
new
> EVFILT_PROC events? Say, to accept the pid
I thought I read that there is an arm7 based mobile device, but I can't
find anything about it.
I have an openbsd vm on a windows 7 host, windows 7 asus, iPhone, and
Android phone. Only the iPhone 7+ seems to be able to connect to openbsd.org
correctly without getting a https validation error. they are all going
through the same wifi router.
I am running firefox on everything. Safari also
It might be a fun idea to share what a really locked down desktop system
pf.conf would look like like if you are running a chain of DNS services (or
something that would be good to tightly control) like local ntpd, unbound,
and dnscrypt_proxy where you have local traffic locked down as well so
org <owner-m...@openbsd.org> on behalf of Bob
> Beck
> > <b...@obtuse.com>
> > Sent: April 2, 2017 10:16:21 PM
> > To: Luke Small
> > Cc: openbsd-misc
> > Subject: Re: Why isn't OpenBSD in Google Summer of Code 2017?...
> >
> > We tried it fo
Is there a way to encrypt memory and keep the key on the CPU like a
transparent partition so that if the ram cards are physically accessed, hey
can't be read? Is it reasonable?
are.intel.com/en-us/blogs/2016/02/26/memory-encryption-an-intel-sgx-underpinning-technology
>
> The Intel SGX Memory Encryption Engine:
>
>
> You just have to ask yourself, Intel, who has the keys to the Intel ME...
> Paranoia^2
> There is no perfect security, especially when on
p especially if it
> was a group effort/friendly competition.
>
>
> From: owner-m...@openbsd.org <owner-m...@openbsd.org> on behalf of Bob
> Beck <b...@obtuse.com>
> Sent: April 2, 2017 10:16:21 PM
> To: Luke Small
> Cc: openbsd
Bring on the Flaming Theo!
On Wed, Apr 5, 2017 at 3:55 PM Flipchan <flipc...@riseup.net> wrote:
> Ping Theo, couldnt someone create a needs improvments list n put it on
> like OpenBSD.org?
>
> Luke Small <lukensm...@gmail.com> skrev: (2 april 2017 16:54:39 CEST)
>
nful
> and much more effective to rewrite from scratch. So what's the point of
> having that previous iteration?
>
> On 5 Apr 2017 at 13:10, Luke Small wrote:
>
> > I imagine there are some projects that need some love that are on the
> back
> > burner at the moment that
It looks like you will be limited to 4096 timers and to valid file
descriptors that don't exceed INT_MAX. My guess is that if you need more,
you could run another kqueue for more timers or different kevents on
identical file descriptors.
Otherwise, the man page says:
kevent() returns the number
I suspect that you will sooner run out of file descriptors. but I assume
that if it runs into a problem, kevent() will return -1 and it may be
unrecoverable. I suspect that it would first occur because the kernel is
being overutilized. The information that is being created, I suspect, is
being
Would it be a good idea to make a pledge like call that limits a process
from connecting to ports and/or hosts? Maybe it could be done in way that
the kernel is made aware of the limitations like in a pledge call and while
the process is alive, the kernel spawns pf rules based upon the socket
Pledge will presumably have per process (including fork()ed process) **path
limitations on rpath rpath and wpath calls, why not limitations on inet and
unix?
On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <icepic...@gmail.com> wrote:
> 2017-04-26 13:19 GMT+02:00 Luke Small <lukensm.
I'm not saying to alter pledge necessarily, maybe make new system call
like pledge. There aren't any per-process pf rules that are applied.
When a socket connects to a remote or local server and pf makes a
state, it has the originating randomized port. Pf rules can be made
that target those
AM Reyk Floeter <r...@openbsd.org> wrote:
>
> > Am 26.04.2017 um 13:38 schrieb Luke Small <lukensm...@gmail.com>:
> >
> > Pledge will presumably have per process (including fork()ed process)
> **path
> > limitations on rpath rpath and wpath calls, why not
a
different user through pf (and when I get a more serious machine, possibly
through a unique interface). Most importantly, I need it for session cache
for multiple processes.
On Sat, Apr 29, 2017 at 10:02 AM Luke Small <lukensm...@gmail.com> wrote:
> I have a program that I believe needs ine
Is it worthwhile to set up a hook for pf to load rules that have URLs after
the network services that can resolve them come into effect?
ready done, but
you could have a computer check into a target machine that often changes
the ip address or system while the firewall is locked down to only send
messages to that remote machine and if it is compromised, can't send it
anywhere else.
On Wed, May 3, 2017 at 3:16 PM Luke Small <lukensm
Four words Peter..."dynamic IP address". I'm sure that there are folks that
ssh into machines that are on a dynamic IP address that don't have a modem
on a power backup, or even possibly on an ISP that may down, possibly when
they are out of town. I don't know if it is possible or already done,
pf rule execution says it listens as root, but it connects as the _unbound
user, when configured to run as _unbound. Why doesn't it listen, bind, etc.
as root, drop privileges and pledge away privilege escalation? Is it to
avoid more #ifdef hell? Or can you not listen to a privileged port if you
if I need to identify all
> the user accounts (to recreate them on a new system or something), I
> exclude uids under 1000 as a starting point.
>
>
> On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at>
> wrote:
>
>> and...@msu.edu (STeve Andre'),
Is EV_DISPATCH somehow like EV_ONESHOT or EVDISABLE ? What is a use case?
If you have an open socket file descriptor with a EVEFILT_READ, does it
close the socket upon getting some data?
I don't run current.
Is paths[] going to have permissions defined for each path?
Like:
char *paths[], int *mode, where mode is the same as in dbopen(3). Maybe so
you don't have to clean up previous pledge calls, any pledge calls with a
NULL paths argument doesn't have anything specified for mode. for
simplicity,
As I recall, there is a build configuration of 80 users for some kernel
components. What happens if the system exceeds that number?
Is there a way to determine all users on a system that the users command
doesn't seem to show? like _x11 and _ntpd
I read "hacking blind." Can you restart a daemon with another forked
process that's only job is to monitor a pipe or a waitpid()-like operation
and if the parent dies, it exec's to restart it, or even execs "rcctl
restart ntpd"
If the mitigations are successful at limiting execution to let's say,
Maybe more things should be randomized like the stack canaries. Is that a
new idea?
On Fri, Oct 13, 2017 at 11:34 PM Theo de Raadt wrote:
> > I read "hacking blind." Can you restart a daemon with another forked
> > process that's only job is to monitor a pipe or a
I am not versed in operating systems as well as you, but I would think that
stack and buffer canaries would differ from each execution.
If that's true, then why has Theo been speaking of the brop problems, when
they begin with an incremental canary discovery that becomes all but
impossible to guess when it becomes a random 4 byte datum each time rather
than a datum that remains the same each restart?
Braille should already be
/Blind_return_oriented_programming seems to
state so. I dont fully trust wikipedia.
On Sat, Oct 14, 2017 at 3:06 AM Philip Guenther <guent...@gmail.com> wrote:
> On Sat, Oct 14, 2017 at 12:49 AM, Luke Small <lukensm...@gmail.com> wrote:
>
>> If that's true, then why has Theo been speaking of th
Using the -m flag it still gets warnings from pulseaudio and redis that I
didn't use the -m flag
Can SSH and possibly other programs more easily able to report successful
connections so pf can make stricter bruteforce connection rejecting even
better?
Cool!
On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri <
andreas.kah...@icm.uu.se> wrote:
> On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote:
> >
> > You might want to parse /var/log/authlog and the logrotated
> authlog.[0-9].gz
> > for successful and unsuccessful
It doesn't natively support OpenBSD.
Could you have a promise for unveil reductions only?
Ok. Thanks.
On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote:
> Luke Small wrote:
> > Could you have a promise for unveil reductions only?
>
> That won't actually help much, and people will fall into some
> pretty significant traps.
>
> Sorry it would require a really long explanation.
>
1 - 100 of 172 matches
Mail list logo