OpenBSD 7.5 released: Apr 5

e source files. - THANKS --- Ports tree and package building by Jeremie Courreges-Anglas, Visa Hankala, Stuart Henderson, Peter Hessler, George Koehler, Ku

Re: can't find PID

PID 6504 was my shell. I've logged off now. What are you expecting here?? ofthecentury wrote: > Yes, I'm tcdupming pflog and ALL my dropped packets > reference some PID 6504 that is not found among > the processes that are running. I was actually not fishing > for PIDs, I just saw the PID

Re: Pre-built images for embeded machines

Chris Narkiewicz wrote: > On Sat, Mar 02, 2024 at 12:51:05PM -0700, Theo de Raadt wrote: > > It might be easy, but it is wrong. > > Besides extra burden on the build infrastructure, are there other > issues? Curiosity calling, as I'm not using any arm64 devices > person

Re: mount not working as expected? and what are my default bioctl rounds?

beecdadd...@danwin1210.de wrote: > But manual says this > "If it is a DUID, it will be automatically mapped to the appropriate entry > in /dev" > I assumed the opposite would be true, if I did mount sd3i, and that mount > would check it's DUID and check in fstab for it it does not do that? No

Re: Pre-built images for embeded machines

Odd Martin Baanrud wrote: > Are there any plans for providing pre-built images to be used on embeded > machines, like FreeBSD and NetBSD do? > It would be nice to run OpenBSD directly from a SD card on the Raspberry Pi > e.g. I'm not interested in building additional images which will be used

Re: New (for me,) dmesg warning during system bootup.

Ignore it. Artifact of other work. Temporary. Brian Conway wrote: > On Sun, Feb 25, 2024, at 4:27 PM, Avon Robertson wrote: > > I have noticed several posts related to endbr64 in the last week, so I > > thought this might be of interest to someone. > > > > Performed a 'sysupgrade -s' earlier

Re: Automatic OS updates

obs...@loopw.com wrote: > Most of the patches don’t require a reboot. This idea sounds horrible for > uptime. Sorry. I’m not rebooting something because a font was patched… syspatch outputs a message that the system needs a reboot. This could be parsed.

Re: sysupgrade fails firmware fetch

Kirill A. Korinsky wrote: > On Sat, 17 Feb 2024 22:27:52 +0100, > Sonic wrote: > > > > Seems it's looking for a 7.5 directory (-current apparently just moved > > to 7.5-beta) instead of the snapshot directory. > > > > And using snapshot directory fails because wrong signature: > > ~ $ doas

Re: CARP and VRRP compliance

Stuart Henderson wrote: > On 2024-02-13, Samuel Jayden wrote: > > From the information provided in the link, it appears that CARP and VRRP > > protocols aren't inherently interoperable. > > They are different protocols - they *had* to be different because VRRP > was subject to patents. And if

Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node

Stuart Henderson wrote: > You need to use one of the "2." pool addresses, e.g. > > global: > > 2.pool.ntp.org > > regional: > > 2.africa.pool.ntp.org > 2.asia.pool.ntp.org > 2.europe.pool.ntp.org > 2.north-america.pool.ntp.org > 2.oceania.pool.ntp.org > 2.south-america.pool.ntp.org > >

Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node

Willy Manga wrote: > On 14/02/2024 09:31, Theo de Raadt wrote: > > Willy Manga wrote: > > > >> Is it possible the default ntpd.conf file use something like > >> > >> "servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org

Re: KeyTrap DNS vulnerability

Otto Moerbeek wrote: > On Wed, Feb 14, 2024 at 04:55:20AM +0100, b...@fea.st wrote: > > > “A single packet can exhaust the processing > > capacity of a vulnerable DNS server, effectively > > disabling the machine, by exploiting a > > 20-plus-year-old design flaw in the DNSSEC > >

Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node

Willy Manga wrote: > Is it possible the default ntpd.conf file use something like > > "servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org > looking for IPv6 nodes? Not going to happen.

Re: Improve support of Go

Stuart Henderson wrote: > On 2024/02/13 07:36, Theo de Raadt wrote: > > Stuart Henderson wrote: > > > > > On 2024-02-13, Kirill A Korinsky wrote: > > > > Good day, > > > > > > > > I'm updating go's syscall table to modern OpenBSD

Re: Improve support of Go

Stuart Henderson wrote: > On 2024-02-13, Kirill A Korinsky wrote: > > Good day, > > > > I'm updating go's syscall table to modern OpenBSD (7.4). > > Save your time. Post-7.4 you cannot call syscall() any more. The result seems to have nothing to do with syscalls. It is the same as the build

Re: SSH Controlmaster holding devices

This has nothing to do with ssh. Unix works this way. You have not thought through that the cwd means. It is a fd, on a vnode, as an inode on a filesystem. Of course it will prevent an unmount.

Re: M.2 Libre NIC

Rohan Ganapavarapu <24rganapavar...@athenian.org> wrote: > Do any of you guys know of a NIC card with OpenBSD support, fits in a M.2 > slot, and has libre firmware? > > I found the AR9462, which has libre firmware and is M.2, but the current > ath9k driver does not support it. libre firmware

Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir

You removed the relevant part of the ktrace, so noone can help.

Re: time keeping fallback mechanics during reboot on octeon

Did anyone try this idea: Theo de Raadt wrote: > Horrible hack that might work: > > Put a big #ifndef BOOT_QUIET inside ffs_sbupdate() to stop it from > doing the writeout. > > That option serves other purposes inside the BOOT kernels, but maybe > we can find anoth

Re: time keeping fallback mechanics during reboot on octeon

Horrible hack that might work: Put a big #ifndef BOOT_QUIET inside ffs_sbupdate() to stop it from doing the writeout. That option serves other purposes inside the BOOT kernels, but maybe we can find another way of abstracting it better.

Re: time keeping fallback mechanics during reboot on octeon

Blocking the timeupdate in ffs_sbupdate() will be difficult. It is probably easier to have the BOOT kernel learn the time (from the true root filesystem), so that ffs_sbupdate() writes back the same value. That means either an ugly way to reach inittodr() or the userland code in the bootblock

Re: time keeping fallback mechanics during reboot on octeon

I think the BOOT kernel has done inittodr() with the stale value in the bootblock file. Stale, because this is never written back. Later it mounts a filesystem onto /mnt, which is the real root. That gets unmounted. It writes the stale time to that filesystem.

Re: time keeping fallback mechanics during reboot on octeon

I suspect this is due to how powerpc64 and octeon boot. Their bootblocks are a special kernel called BOOT which mounts the ffs filesystem diretly. I suspect during the transition to loading GENERIC.MP something wrong happens with the on-disk time information, which misleads the next kernel.

Re: as cannot do endbr64 instructions (too old)

Ah, only disasm support was added to binutils.

Re: as cannot do endbr64 instructions (too old)

That's curious. We never invoke as directly these days. It feels like an upstream llvm bug, and I say that because noone else has embraced BTI/IBT as much as we have, everyone else is still considering it a thing for specific applications or the future. Lorenz (xha) wrote: > hi misc@, > >

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

Ax0n wrote: > And yes, quite a lot of stuff referencing libc.so.97.1 in /usr/local - 223 > files in bin, 361 in lib, 0 in sbin. Then your machine is not -current, not by a long shot. We moved to libc.so.98.0 on Dec 12. At least two rounds of new packages have shown up since then. I do

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

Stuart Henderson wrote: > On 2023-12-27, Ax0n wrote: > > I had been running #1471 since December 5th without issue, and this week > > upgraded to the latest snapshot (#1567) after which some apps such as > > Firefox won't run. They display "msyscall a8000 error" followed by a > > core dump.

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

b...@fea.st wrote: > On Thu, Dec 28, 2023, at 00:41, Ax0n wrote: > > I had been running #1471 since December 5th without issue, and this week > > upgraded to the latest snapshot (#1567) after which some apps such as > > Firefox won't run. They display "msyscall a8000 error" followed by a > >

Re: ls in color

Karel Lucas wrote: > In openBSD V7.4 I would like to see the output of ls in color, and > therefore would like to know how to configure that. The output of "man > ls" provides no information about this. Can anyone give me a tip? Black and white are also colours.

Re: termtypes.master glitch in building -current

This is not new. >From time to time, manual crossover build steps occur. We don't build them into the tree, because that turn into future burden. Eric Grosse wrote: > When I've built -current on several machines recently, the procedure dies at > ===> share/termtypes > /usr/bin/tic -C -x

Re: CPU0 at 100% on Thinkpad 480 with OpenBSD 7.4

Mike Larkin wrote: > On Mon, Nov 27, 2023 at 01:05:56PM -0500, Laurent Cimon wrote: > > Hi, > > > > > > The CPU0 on my Thinkpad 480 is always running at around 100%. It's on > > OpenBSD 7.4. > > > > It seems to be doing this in the kernel. > > > > > > Here is the CPU's line from top(1). > > > >  

Re: Reptar aka CVE-2023-23583

You can find that information on Intel's webpages. Michael Hekeler wrote: > Am 15.11.23 13:41 schrieb Christian Weisgerber: > > not jacinda ardern: > > > > > I saw something about a new intel microcode coming out (subject line) for > > > a goofy new bug somebody found. Do you guys package

Re: Upgrading from 7.3 to 7.4 with sysupgrade

Florian Obser wrote: > On 2023-11-17 16:06 +01, Odd Martin Baanrud wrote: > > Hello Jan, > > > > Thanks for the tip. > > The upgrade went smoothly. > > I ran “sysupgrade -n”, deleted the game set and the X sets and rebooted. > > > > Perhaps sysupgrade should be enhanced, so one could either

Re: Upgrading from 7.3 to 7.4 with sysupgrade

Odd Martin Baanrud wrote: > Perhaps sysupgrade should be enhanced, so one could either choose which sets > should be upgraded, or even beter, the tool could figure out which sets are > installed, and upgrade just those. That will never happen.

Re: What happened to art4.html

crying won't bring them back cat wrote: > > for now > > It has been over a year > > On November 3, 2023 3:07:14 PM GMT, Christian Weisgerber > wrote: > >cat: > > > >> I tried to find OpenBSD's official branding art (not the release poster > >> art or anything) and I couldn't find it.

Re: Jumbo frame, just a little late..

Daniele B. wrote: > Actually i'm not sure about the real benefits of it, and for a soho > environment like mine but after 17 years I decided to take jumbo > frame seriously.. and MTU values of my network equipment to 9018. > I watched with happiness also to my old Mac having jumbo frame hard >

Re: USB serial local getty terminal re-prompts for login on any input

ktrace -di of the process will show what is going on Crystal Kolipe wrote: > On Thu, Oct 26, 2023 at 12:20:08PM -0400, Morgan Aldridge wrote: > > Yes, your assumption was correct, every keypress acts as if I had pressed > > enter. Thanks for confirming! > > Getty re-displays the login prompt

Re: Donations

Joel Carnat wrote: > > Le 26 oct. 2023 à 16:38, Ingo Schwarze a écrit : > > > > The advice is extremely simple: > > > > If you can, donate directly to the OpenBSD project because that means > > 1. the donation can be used for any purpose, including all purposes > >that can be funded by

Re: What could cause high CPU load averages (no actual CPU usage)?

Mike Fischer wrote: > > Am 25.10.2023 um 17:29 schrieb Theo de Raadt : > > > > Mike Fischer wrote: > > > >> True. But like I said, this was noticed because of the sudden increase on > >> the same (OpenBSD) machine without any obvious reason. &g

Re: What could cause high CPU load averages (no actual CPU usage)?

Mike Fischer wrote: > True. But like I said, this was noticed because of the sudden increase on the > same (OpenBSD) machine without any obvious reason. The reason is obvious. You installed a completely different system. There is no SLA on keeping the load average code's calculation the

Re: What could cause high CPU load averages (no actual CPU usage)?

Claudio Jeker wrote: > On Wed, Oct 25, 2023 at 11:57:54AM +0200, Mike Fischer wrote: > > I have been observing occasional bouts of high load averages on several > > servers I administer and I am trying to find the cause. (I monitor these > > machines so that I can implement corrective measures

Re: Fwd: install74.iso

In the next few snapshots, an ISO file will start to show up. I won't be testing it. You will. Privately let me know how it goes and I'll make more tweaks to it. There may be problems with bootblocks, etc. At this time I don't know what it will take to get it right. Robert Palm wrote: >

Re: AAAA entry for openbsd.org

Martin Schröder wrote: > Am Mo., 23. Okt. 2023 um 17:14 Uhr schrieb Theo de Raadt > : > > Martin Schröder wrote: > > > > > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > > > : > > > > So many, many words demanding that I configure

Re: AAAA entry for openbsd.org

Martin Schröder wrote: > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > : > > So many, many words demanding that I configure my networks for ipv6. > > "is there any reason openbsd.org still has no entry at the end of 2023?" > > So the reason

Re: AAAA entry for openbsd.org

So many, many words demanding that I configure my networks for ipv6. Armin Jenewein wrote: > No idea what you perceive here as a "rant", my apologies if that seemed > like one to you, that's not my intention. > > FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no > entry,

Re: Crash on TOSHIBA PORTEGE Z30-A laptop

Mike Larkin wrote: > On Sat, Oct 21, 2023 at 01:27:21PM +0400, wes...@technicien.io wrote: > > Hi Philip, > > > > Thank you very much for your answer. > > > > I tried to disable all options (+devices) possible. Same issue. > > And what's about disable acpi in the kernel using the bsd.re-config?

Re: malloc leak detection

Hiltjo Posthuma wrote: > On Thu, Oct 19, 2023 at 08:27:37PM +0200, Otto Moerbeek wrote: > > Hello, > > > > I made a small tutorial with some usage notes for the new malloc leak > > detection which is available in OpenBSD 7.4: > > > > https://www.drijf.net/malloc/ > > > > While I have you

Re: ldd error with setuid/setgid binaries

Yoshihiro Kawamata wrote: > From: "Theo de Raadt" > Subject: Re: ldd error with setuid/setgid binaries > Date: Wed, 18 Oct 2023 06:35:51 -0600 > > > You don't explain why you need to do this. You just completely skipped > > that. > > You don't justify

Re: ldd error with setuid/setgid binaries

Stuart Henderson wrote: > On 2023/10/18 06:35, Theo de Raadt wrote: > > ldd around suid programs has a fine history of security holes. > > > > One idea is for you to just not not do that. > > > > You don't explain why you need to do this. You just completely

Re: ldd error with setuid/setgid binaries

ldd around suid programs has a fine history of security holes. One idea is for you to just not not do that. You don't explain why you need to do this. You just completely skipped that. You don't justify why you need it to work. Does that make me care?? No, it really doesn't make me care.

OpenBSD 7.4 released -- Oct 16, 2023

- OpenBSD 7.4 RELEASED - October 16, 2023. We are pleased to announce the official release of OpenBSD 7.4. This is our 55th release. We remain proud of OpenBSD's record of

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

Nan ZoE wrote: > Sure, thank you for your patient response. > > I will continue to refine my work and attempt to develop some > countermeasures against ROP mitigation. If there's good news, I will > contact OpenBSD again! By the way, the first idea I provided, which is > "Zeroing registers

Re: OpenBSD 7.4

Don't be ridiculous, there is no point to be so obtuse. The date is already visible in many files in our tree, and you know it. Oct 16. Peter N. M. Hansteen wrote: > On Thu, Oct 12, 2023 at 07:54:04PM +0200, Karel Lucas wrote: > > Is it already known when openBSD 7.4 will be released? I would

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

> We would like to collaborate with OpenBSD in researching how to reduce the > number of gadgets and increase the difficulty of using gadgets. I've think I've vaguely explained how that works. All the mitigations efforst went like this: 1) come up with an idea 2) write a complete working

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

Nan ZoE wrote: > Hello, Thank you for your response. > > I'm sorry, I just looked at the introduction of pinsyscall. If OpenBSD only > uses > pinsyscall, calling syscall is a challenge in exploitation. However, I'm not > sure if > this is a required protection mechanism for all programs.

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

Nan ZoE wrote: > Additionally, it's reasonable to assess the correctness of the ROP payloads > we generate for a program by injecting vulnerabilities. Firstly, the > original gadget set in the program remains intact and usable. Secondly, > this method of injecting vulnerabilities is equivalent

Re: vmd and /dev/sd*

Manuel Giraud wrote: > > Manuel Giraud writes: > > > >> Hi, > >> > >> I can't find the information on this list (or elsewhere). Is it > >> possible to have a vm that access a disk through its device? The > >> following does not seem to work: > >> > >> # vmctl start -cL -m 1G -b /bsd.rd -d

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

Nan ZoE wrote: > In comparison, a more straightforward example is the "as" program. The ROP > payload > > for > this program is relatively simple, and it can also achieve the ROP target > of calling

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

> Please note that after injecting the vulnerabilities, the programs execute > the '*main*' function from the vulnerable program, not the entry function > from the original program. However, the Gadgets from the original program > are still usable. This approach allows us to evaluate the ROP

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

Nan ZoE wrote: > Thank you for your response. It seems there might be some misunderstanding > about what > I'm researching. Allow me to explain the experiments I'm conducting in more > detailed. I'm looking at the Subject. It uses the word "Exploitation". That word has a very specific

Re: debugging "invalid argument" errors when loading elf files

I think the problem here is you are using a linker script. You are creating a new class of binary, with different layouts and issues, and since you are doing it on your own, you'll never know what you are missing until later. The linker script stuff is fragile, poorly undocumented stuff which

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

execve system call entrypoint for a memory image which is not readable. >From innovations.html: ld.so and crt0 register the location of the execve(2) stub with the kernel using pinsyscall(2), after which the kernel only accepts an execve call from that specific location. Theo de Raadt,

Re: openFPGAloader successfully built, but can't flash with ftdi error

Gregory Edigarov wrote: > On Fri, 6 Oct 2023 10:06:15 - (UTC) > Stuart Henderson wrote: > > > On 2023-10-06, S V wrote: > > >> The software that you're using may need the USB device to be > > >> attached to ugen rather than uftdi. The simplest way to do this is > > >> probably to type

Re: Understanding -current as 7.4 is released

Rudolf Leitgeb wrote: > On Fri, 2023-10-06 at 11:06 -0600, Theo de Raadt wrote: > > > Other operating systems do not have a vast number of people using  > > daily snapshots in the way our users do, so it is only our users who > > have this experience. > > Your exp

Re: Understanding -current as 7.4 is released

Marc Espie wrote: > Specifically, OpenBSD decides whether it's running "bleeding edge" current > (snapshot) or a release/stable based on what the kernel says. OpenBSD does not decide. It has labels to delineate transitions in the process. Maybe we should go versionless? Noone would have a

Re: Understanding -current as 7.4 is released

Marc Espie wrote: > On Thu, Oct 05, 2023 at 12:45:56PM -0400, Ronald Dahlgren wrote: > > Hello friends, > > > > I’ve been running -current for several months now. Recently I started using > > “-D snap” when updating packages with pkg_add. > > > > I ask the list to help me understand what, if

Re: X11 crashing

Maria Morisot wrote: > I installed the patch for X11 (October 3rd), then rebooted, > now X is crashing every time I log in on xenodm, > sometimes I get a blue screen with debug messages, > other times I get a square on my screen with a black background, > and it is otherwise completely frozen,

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

You have missed other stuff which matters. Try again. Nan ZoE wrote: > Because, as far as I understand, these ROP mitigation mechanisms seem to > have been updated only in the three versions of OpenBSD, namely 6.3 to 6.5 > . Of course, I have also studied some

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

There is no comprehensive & final solution for RET polymorphism due to variable-sized instruction architecture, and the only solution is to move to fixed-sized architectures where all RETs can be protected and ROP-free therefore becomes possible. The best we can do is reduce it. The ability to

Re: undocumented command switches -OR- fix documentation fully

of effort.. in OpenBSD in 2025. Is it too late and too thin of > an edge to walk on? > > awk-local(1) when? > > On 9/20/23, Theo de Raadt wrote: > > Old man yells at cloud. > > Yes.

Re: undocumented command switches -OR- fix documentation fully

Old man yells at cloud.

Re: GPIO on Octeon

Alex Frolkin wrote: > Hi all, > > I see that the Octeon kernel provides an octgpio0 device, but there's no > gpio0 at octgpio0 device (and I've tried to compile a kernel that has > it, but it fails to configure), and the gpioctl binary is missing. > > Is GPIO support on this platform just

Re: File transfer using ftp from bsd.rd booted system

The interactive mode of the ftp client is not compiled into the install media. But, the non-interactive mode is there, so you can use -o to download files. However, you seem to want to push files out. That support is also compiled out. These things are missing because if they remained, the

Re: suspend/resume issue on T440p w/ Libreboot

There is a change to acpi.c (1.421) regarding wakeup GPEs which may help, however this is work was done after 7.3

Re: Change userland core dump location

There isn't a way. And I will argue there shouldn't be a way to do that. I don't see a need to invent such a scheme for one user, when half a century of Unix has no way to do this. Sorry. Johannes Thyssen Tishman wrote: > Hi everyone, > > is there a way to configure a location to store

Re: ld depends on libpthread 27.1, 27.0 is installed

Yesterday, there was a snapshot that was missing the new library. Just upgrade again, and it should be fixed.

Re: volatility or something like that in the future ?

whistlez wrote: > My mindset was to contribute what I know to improve the > project. What did you contribute? You typed words, which is not a contribution. You asked for others to do things you want. But we don't want the feature you want, because we consider it an anti-feature. We do not

Re: volatility or something like that in the future ?

whistlez wrote: > > > > I saw no hatred in the post you replied to. > > > > OpenBSD developers are Makers, not Takers. They code for OpenBSD for > > themselves, not for the user community. > > > > The point is you should spend some time trying to contribute before you > > start asking

Re: Feedback on redesigned OpenBSD.org

When did it become an assumption that we would adopt any of these changes?

Re: Recognition Of Linux LVMs

Greg Thomas wrote: > > storage (and I wonder, parenthetically, why FreeBSD and NetBSD are > > willing to support ZFS, but OpenBSD is not). Why continue to wonder? Why not just sit down and figure out that they surrendered their ideals? I make vegeterian meals all the time, with a big slab of

Re: Installing openBSD

rgersen 于 2023年8月1日周二 上午12:21写道： > > On Mon, Jul 31, 2023 at 09:37:13AM -0600, Theo de Raadt wrote: > > Omar Polo wrote: > > > > > On 2023/07/31 17:19:59 +0200, Karel Lucas wrote: > > > > > > > > Hi, > > > > > > >

Re: Installing openBSD

Omar Polo wrote: > On 2023/07/31 17:19:59 +0200, Karel Lucas wrote: > > > > Hi, > > > > But fdisk also has an option to edit the existing partition table. > > only if you want to do stuff manually, which from the thread I assume > you don't need. > > > This > > allows me to delete only the

Re: Installing openBSD

Karel Lucas wrote: > Multi-boot is not an option here. The intention is to replace the entire > PfSense installation with openBSD. Eventually this computer becomes a > firewall with PF, so the current installation is unnecessary. But my > question remains whether I need the (U)EFI partition

Re: RISCV mailing list

develo...@robert-palm.de wrote: > Zitat von Theo de Raadt : > > > develo...@robert-palm.de wrote: > > > >> I suggest a mailing list for the RISCV arch. > >> > >> Ok? > > > > > > It will be as popular and useful as the other

Re: RISCV mailing list

develo...@robert-palm.de wrote: > I suggest a mailing list for the RISCV arch. > > Ok? It will be as popular and useful as the other per-architecture lists, meaning -- it is the wrong approach.

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

Stuart Henderson wrote: > On 2023-07-25, Kevin wrote: > > Regarding the Zenbleed vulnerability itself, none of our AMD hosts are > > known to be vulnerable at this time as they are all running Milan and > > later CPUs. > > rather than going with "none are known to be vulnerable" they should >

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

Kevin wrote: > Would this be worth putting a ticket into Vultr to get them to make > appropriate > updates on their side? You are the customer.

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

Snapshots got that diff about 8 hours earlier. > For what it’s worth, my Vultr VPS machine is running snapshots and updated > without issue. > > Hope this helps as a clue! > > On Tue, Jul 25, 2023 at 10:45 AM Theo de Raadt wrote: > > > It seems some of the smaller

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

It seems some of the smaller hypervisor companies didn't get the memo, and they are blocking the msr write to to set the chicken bit. They block it by raising an exception. They should IGNORE that bit if they allow setting it. I also have a strong suspicion some of them do not have the firmware

Re: amd microcode

Jonathan Gray wrote: > On Mon, Jul 24, 2023 at 03:17:26PM -0700, Courtney wrote: > > $ pkg_info | grep amd > > amd-firmware-20230719 microcode update binaries for AMD CPUs > > It by no means covers all zen 2 models. ^^^ AMD's firmwar updates for the fix are incomplete. Some models won't

Re: patch-008 missing in CVS repo

ckeader wrote: > Brian Conway writes: > [...] > > >> I see similar results when I try pulling from a couple anoncvs mirrors. > > >> Perhaps a bug or oops in the CVS update process? > > > > > > Keep waiting while more of Canada wakes up and it will likely get > > > resolved. > > > In the

Re: Syspatch https://cdn.openbsd.org/pub/OpenBSD

We only manufacture errata for the last two releases. 7.1 is 3 releases ago. You are on your own, or you upgrade to the last two releases. Duncan Patton a Campbell wrote: > > I'm just looking at > http://www.openbsd.org/errata71.html > (see attached PNG) > > and it's missing the last 8

Re: Self-hosting OpenBSD server, any documentation?

Jonathan Drews wrote: > > > > On Sat, Jul 8, 2023, at 01:42, Jonas Borchelt wrote: > > The book "Absolute OpenBSD" is an excellent choice to expand your knowledge > > of the OpenBSD operating system. It was written by Michael W. Lucas and is > > regarded as a comprehensive resource for

Re: ntpd and ppm

J Doe wrote: > On 2023-07-04 17:27, Martin Schröder wrote: > > > Am Di., 4. Juli 2023 um 23:20 Uhr schrieb J Doe : > >> I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq > >> mentions the same unit - "ppm" - it doesn't explain what that means. > >> > >> What does "ppm" stand for

Re: ntpd and ppm

J Doe wrote: > Hi, > > I noticed when: ntpd logs time adjustments in: /var/log/daemon it uses a > unit of "ppm": > > Jun 22 23:22:20 server ntpd[45813]: adjusting clock frequency by > -1.127600 to 0.056400ppm > > I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq >

Re: Immutable Page Protections

Justin Handville wrote: > > pledge does not drop access to system calls. It blocks the *action* > > of it, inside the kernel. You are muddling things together far too much. > > That's a matter of semantics. The point is that pledge reduces attack surface > by > reducing what a program is

Re: Immutable Page Protections

Justin Handville wrote: > Theo de Raadt wrote: > > > > It's a cheap defense in depth protection that simplifies my use > > > case. > > > But I don't see a real security benefit of what you are trying to do. > > There may not be. At this point, it's m

Re: Immutable Page Protections

Justin Handville wrote: > Dave Voutila wrote: > > > Have you considered a libexec approach instead? If the goal is to keep a > > child process having only the executable pages it needs for operations, > > why not split up the program design instead of mucking with ELF stuff? > > That surely

Re: Immutable Page Protections

Justin Handville wrote: > I'm assuming that misc@ is probably the best place for this e-mail, > although it gets a bit in the tech@ weeds. I upgraded to 7.3 not so > long ago, and I noticed that a daemon I had written was no longer > working properly. For reasons that are probably too much to

Re: (fwd) [FD] OpenBSD kernel relinking is not transactional and a local exploit exists

ot cycles. > > Sites with a strong security posture are advised that this is a > critical vulnerability and likely deliberate back door into the > system. Additionally, OpenBSD leaks the state of the pseudorandom > number generator to predictable locations on disk and in system

  1   2   3   4   5   6   7   8   9   10   >