Re: extracting new login.conf from /usr/src/etc in -current
Is it really so difficult to run mklogin.conf? - todd
Re: A question to lib/libc/gen/daemon.c
In message [EMAIL PROTECTED] so spake Alexander Farber (alexander.farber): In the file /usr/src/lib/libc/gen/daemon.c if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); if (fd 2) (void)close (fd); } is same as: if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { (void)dup2(fd, 0); (void)dup2(fd, 1); (void)dup2(fd, 2); if (fd 2) (void)close (fd); } right? Right. What is this last check (fd 2) needed for? Isn't fd always 2, because the first 3 are already taken by the STDxxx streams at the program start? Nope. There is no guarantee that fds 0-2 are open when a program starts. In that case, fd will fall in the range 0-2 and without the check we can close one of the descriptors 0-2. Bonus trivia: There's also no guarantee that argc 0 when a program starts. Lots of programs make bad assumptions... - todd
Re: isc_log_open 'named.run' failed
In message [EMAIL PROTECTED] so spake Todd C. Miller (Todd.Miller): If you know the exact pathnames named is trying to use you may be able to just create them in the right place, owned by user named. If all you need to write is the dump file you should be able to add something like: dump-file /subdir/named.dump.db where subdir is some subdir of /var/named that is writable by user named. - todd
cheap mini-pci ral(4) cards
The MSI MP54G4 (aka MSI MS-6833) seems to be readily available in the US now. I just picked one up from www.thenerds.net but a cheaper price can be found at newegg.com. It seems to work fine in my Sony SRX77. The trick is to search for both the model name (MP54G4) and the part number (MS-6833) since some stores list the card one way and some the other. - todd
Re: ccdconfig not giving me all available space?
In message [EMAIL PROTECTED] so spake Erik Sabowski (sabowski): i thought that leaving 63 sectors free at the start of each disk would be enough room, but apparently not. when i bumped it up to an offset of 3120 sectors, it worked perfectly. You need to leave at least 8192 bytes free. This corresponds to the BBSIZE #define in ufs/ffs/fs.h. In general, it is simplest to just leave the first cylinder free. - todd
Re: UKC and VGA configuration
Go into your bios config menu and look for an option to expand or stretch the display to match the given resolution. The problem is that flat panels are fixed frequency and so to do VGA text mode you either have to tell the BIOS to scale things or you end up with a smaller display using the native resolution. I'm guessing that the Linux you tried uses a bitmapped console driver of some sort instead of normal VGA text mode. - todd
FYI: new mailing list anti-spam measures
The mailing list server is now using several blacklists from the SORBS project (http://www.sorbs.net) to prevent spam. So far it is using the SORBS zombie, spam, web form and dialup blacklists. This does mean that people sending mail from a dynamic IP address (cable modem, dynamic DSL or dialup) will need to relay messages through their ISP's mail server. This will probably have the biggest impact on cable modem users running their own SMTP servers. - todd
Re: FYI: new mailing list anti-spam measures
After talking to some folks who would be negatively impacted by this I've decided to drop the dial-ups blacklist and hope that greylisting catches the bulk of the spam (which for most compromised windows hosts is the case). - todd
Re: sudo/env_keep/pkg_add
In message [EMAIL PROTECTED] so spake Stuart Henderson (stu): Does anyone feel it would be useful to add PKG_PATH to the default env_keep for sudo? Otherwise there are going to be an awful lot of pkg_add is broken posts... Since that is OpenBSD-specific I don't think it makes sense to hard-code it into sudo. However, we can certainly add it to the default sudoers file. - todd
Re: looking for confirmed working dvd record on amd64
I've had good luck with the Sony NEC Optiarc Model 7170A-0B. It's cheap too ($30 from newegg). - todd
Re: list of all files in the filesystem
In message [EMAIL PROTECTED] so spake Tom Bombadil (grlists): I guess this is a stupid question... But is there any way to get a list of all files in the filesystem without using 'find'? For a big drive with millions of small files, running find is just too slow. If all you want is a list of all files on the filesystem you could use ncheck, assuming this is a local filesystem. Since ncheck reads the filesystem metadata itself it is pretty fast. - todd
Re: DocBook and OBSD man pages
In message [EMAIL PROTECTED] so spake Gustavo Rios (rios.gustavo): i wonder if there is a docbook template for those that would like to write OpenBSD manpages. I know about there is a template in /usr/share/somewhere but it's not docbook. The OpenBSD man pages are writtern in mdoc(7), not docbook. - todd
Re: Bind 9 - nsc or similar tool?
In message [EMAIL PROTECTED] so spake Jack J. Woehr (jax): Is there anything on OBSD like nsc on Linux which generates Bind 9 config files? The default named.conf that ships with OpenBSD (aka named-simple.conf) is a good starting point. You can then just plug in your zones. - todd
Re: Dell HW?
In message [EMAIL PROTECTED] so spake chefren (chefren): Hm, I cannot get the audio working on the SC400's, I believe something is wrong with the mixer. Tried 3.6 and all kind of patches. Dell seems to hook up the ac97 stuff differently than most others. On the Dells I've seen the line-out was actually wired to the headphone jack. Anyway, try un-muting all input and try all the jacks--one is bound to work... - todd
Re: Getting Yesterday's Date (Repost due to error)
In message [EMAIL PROTECTED] so spake Timothy A. Napthali (timothya): How can I do this in OpenBSD? I've mucked about with date -r $(expr $(date +%d) - 86400) but I can't get it to work properly. In sh or ksh you could do: date -r $(( `date +%s` - 86400 )) +%Y%m%d - todd
Re: perl crashes
Same on current. My guess is perl has a bug that is being exposed by the mmap malloc with address randomization. - todd
Re: Compiling Sendmail
Edit devtools/OS/OpenBSD and remove -DNETISO from confENVDEF - todd
Re: perl crashes
As I suspected this was caused by the change to random addresses returned by malloc. In this specific case, PL_oldbufptr is NULL and, depending on the addresses of the other buf pointers, the while() loop that trims spaces can go off into la la land. The fix is to simply check that the buf ptr is non-NULL before dereferencing it. - todd Index: toke.c === RCS file: /home/cvs/openbsd/src/gnu/usr.bin/perl/toke.c,v retrieving revision 1.9 diff -u -r1.9 toke.c --- toke.c 15 Jan 2005 21:30:22 - 1.9 +++ toke.c 6 Jun 2005 23:15:03 - @@ -7755,8 +7755,9 @@ if (!yychar || (yychar == ';' !PL_rsfp)) where = at EOF; -else if (PL_bufptr PL_oldoldbufptr PL_bufptr - PL_oldoldbufptr 200 - PL_oldoldbufptr != PL_oldbufptr PL_oldbufptr != PL_bufptr) { +else if (PL_oldoldbufptr PL_bufptr PL_oldoldbufptr + PL_bufptr - PL_oldoldbufptr 200 PL_oldoldbufptr != PL_oldbufptr + PL_oldbufptr != PL_bufptr) { /* Only for NetWare: The code below is removed for NetWare because it abends/crashes on NetWare @@ -7771,8 +7772,8 @@ context = PL_oldoldbufptr; contlen = PL_bufptr - PL_oldoldbufptr; } -else if (PL_bufptr PL_oldbufptr PL_bufptr - PL_oldbufptr 200 - PL_oldbufptr != PL_bufptr) { +else if (PL_oldbufptr PL_bufptr PL_oldbufptr + PL_bufptr - PL_oldbufptr 200 PL_oldbufptr != PL_bufptr) { /* Only for NetWare: The code below is removed for NetWare because it abends/crashes on NetWare
Re: How do I restart sendmail?
In message [EMAIL PROTECTED] so spake Timothy Horie (tak): I changed some options in the .mc file and rebuilt the /etc/mail/sendmail.cf file. How do I restart sendmail? This is what I do (as root): kill -HUP `sed q /var/run/sendmail.pid` Sending SIGHUP to sendmail causes it to re-exec itself. - todd
Re: problem with www.openbsd.org/spamd/SBL.cidr.gz
In message [EMAIL PROTECTED] so spake Tristan Delsol (tdelsol): OK. Do I need to change the URL in the spamd.conf or will you use another sou rce pretty soon? Bob is back from camping so this is fixed now ;-) - todd
Re: sudo vulnerability
In message [EMAIL PROTECTED] so spake Steffen Kluge (kluge): Is it recommendable to fetch and install 1.6.8p9 straight away? No, you should grab the OpenBSD patch, as announced on the security-announce list. ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/003_sudo.patch - todd
Re: sudo vulnerability
No, you should grab the OpenBSD patch, as announced on the security-announce list. ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/003_sudo.patch ftp.openbsd.org is having problems at the moment but the patch is available from the main usa ftp mirror: ftp://ftp.usa.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch ftp://ftp.usa.openbsd.org/pub/OpenBSD/patches/3.7/common/003_sudo.patch - todd
Re: spamd greylisting and server pools
In message [EMAIL PROTECTED] so spake Heinrich Rebehn (rebehn): Would it be possible to change this behaviour so that the whitelisting is done as soon as the same sender/receiver pair is seen again, ignoring the ip address? This could speed up things a bit. This would allow in mail from the various virii/worms that forge the From: and To: lines. I suppose it depends on how likely a certain sender/receiver pair is to show up from such a thing. - todd
Re: can't find /etc/crontab ?
In message [EMAIL PROTECTED] so spake Neta (netasys): Hello All, I have fresh install machine openbsd 3.7, i couldn't locate any /etc/crontab ? is this crontab disable by default? how i can enable it? /etc/crontab is not used by default, it predates the availability of per-user crontab files. As such it is not included by default, though you can create it if you really must. I don't suggest this as you lose the syntax checking of crontab (1). - todd
Re: perl -MCPAN checksum mismatch on anything
In message [EMAIL PROTECTED] so spake WR (gen2): Checksum mismatch for distribution file. Please investigate. I'd recommend removing /root/.cpan/sources/authors/id/R/RE/REATMON/Net-Jabber-2.0.tar.gz. Its MD5 checksum is incorrect. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. The problem is that lynx is helpful and will automatically uncompress files for you. If you don't tell CPAN to use lynx it should work fine. - todd
Re: Is it possible to run named not in chroot?
In message [EMAIL PROTECTED] so spake Rene Rivera (grafik.list): Because my configuration files, named.conf and all the zone files, must be at /export/config/named/... And there's no way, other than removing the chroot AFAIK, to get named to read the configuration from where I have the files. And you'll ask why don't I just put the files in /var/named/etc? Because those files are version control managed, backup managed, and RAID managed. Or more precisely my entire /export is highly controlled to have fault tolerance, backups, complete file histories, and access controls. You will be better off writing a simple script that syncs things from your revision controlled directory into /var/named (perhaps using rsync) and then starts/reloads named. Alternately, you could just have named chroot to your /export dir. - todd
Re: OpenBSD-specific Perl problem
In message [EMAIL PROTECTED] so spake Dan Brosemer (odin): I've been trying to make a forking daemon in Perl with little success. The whole daemon terminates as soon as the first child terminates. This exact same code performs as I'd expect (ie perfectly) on other platforms (even including win32/ActivePerl) and so I'm wondering what it is about my OpenBSD-3.7/i386 machine that is causing the parent to eat itself. I've included the code below in case anyone can spot anything. I would really appreciate any insight that can be offered. I bet accept() is getting EINTR. Try checking for that and restarting the loop in that case. - todd
Re: OpenBSD-specific Perl problem
I bet accept() is getting EINTR. Try checking for that and restarting the loop in that case. Here's the relevant bits from perlipc(1) Restartable system calls On systems that supported it, older versions of Perl used the SA_RESTART flag when installing %SIG han- dlers. This meant that restartable system calls would continue rather than returning when a signal arrived. In order to deliver deferred signals promptly, Perl 5.7.3 and later do not use SA_RESTART. Consequently, restartable system calls can fail (with $! set to EINTR) in places where they previously would have succeeded. Note that the default :perlio layer will retry read, write and close as described above and that interrupted wait and waitpid calls will always be retried.
Re: perl -MCPAN checksum mismatch on anything
In message [EMAIL PROTECTED] so spake WR (gen2): This does not appear to be true -- see my posting from 6/18/05 using only wget (lynx disabled in the mcpan conf), I get the same error Then I have no idea what the problem is. Cpan works for me out of the box and uses Net::FTP (not lynx or wget) by default. Try removing your ~/.cpan directory and see if the problem persists. - todd
Re: ATRUN Job / Cron file
In message [EMAIL PROTECTED] so spake Dave Beckstrom (dbeck): I've been using a cron file (shown below) for some years and it references the atrun command. It appears that the atrun command no longer exists as the man pages no longer reference it. Is there a replacement for the atrun command or is there a means to add it to my system? atrun is no longer needed, cron now runs at jobs like on most other Unix systems (and with much better granularity than atrun did). - todd
Re: sleep patterns...
In message [EMAIL PROTECTED] so spake unixadmin99 (unixadmin99): Accidently emptied half the contents of src.tar.gz into /usr/bin while undergoing an install under the intoxication of sleep. Be glad you didn't do this in /usr (as I have done). Things get downright unhappy when /usr/libexec/ld.so is a directory ;-) - todd
Re: No DMA? What's going on here?
In message [EMAIL PROTECTED] so spake Dave Anderson (dave): If I'm reading it correctly, this bit of the dmesg says that my hard drive is not using DMA -- and so is running very inefficiently: The IDE controller on that machine does not have working PCI-based IDE so you are stuck with PIO ISA IDE. If memory serves the controller claims to support it but it is horribly buggy. If you really want DMA, drop in a cheapo PCI IDE controller and hook the drives up to that. - todd
Re: 005_libz.patch - fails to change directory
In message [EMAIL PROTECTED] so spake Uwe Dippel (udippel): Strange, we had the same thing with the last patch. Looks like the main ftp mirror is not updating. I've left a message but it may not get fixed for a while... - todd
Re: bugtracker is getting spammed
In message [EMAIL PROTECTED] so spake Alexander Hall (alexander): I just noticed a lot of cannot mount cf/sd card with usb adapter and could cause panic reports on the bugtracker. Some misconfigured mailserver possibly? Just notifying since It's been going on for a while. Is anyone on it? Fixed. - todd
Re: Frequency of 3.8 Malloc Options Check
Note that you can also set the malloc options from within a program you are developing. I've found this to be quite useful for adding a belt and suspenders mode during developement (the use after free checks in particular). - todd
Re: exit and eject should have their second letter in upper-case in cdio(1) help output
Actually, the correct thing to do is to make one match with a single letter and the other match with two or more letters. I chose to make eject match e. This resolves the ambiguity. - todd
Re: How Do I Get snprintf(3) to Return -1?
In message [EMAIL PROTECTED] so spake Ray Lai (ray): I'm having trouble making snprintf return -1. I've tried stuff like: len = snprintf(str, 0, %.-Z\n, 9); printf(%d, len); but that just prints `2'. Does snprintf ever return -1? Not on OpenBSD. It can on other OSes when there is an encoding error. You only get those dealing with wide characters and we don't do that yet. From the C99 standard: An encoding error occurs if the character sequence presented to the underlying mbrtowc() function does not form a valid (generalized) multibyte character, or if the code value passed to the underlying wcrtomb() does not correspond to a valid (generalized) multibyte character. The wide character input/output functions and the byte input/output functions store the value of the macro EILSEQ in errno if and only if an encoding error occurs. When our locale code support is better this will be possible on OpenBSD too... - todd
Re: Moving to a bigger HD, is dump still the best way - dump problem
In message [EMAIL PROTECTED] so spake Hannah Schroeter (hannah): dump/restore need some space in /tmp. Just mount a mfs to /tmp so that that doesn't fill up the initial ramdisk. Or just point the TMPDIR environment variable to a mounted partition with enough space. - todd
Re: Apple MacBook Pro support
In message [EMAIL PROTECTED] so spake Dries Schellekens (gwyllion): The final Intel Macs use EFI (Extensible Firmware Interface) instead of the old BIOS. So a new boot loader is required. Maybe code can be borrowed from FreeBSD ia64. EFI has a legacy mode that is supposedly BIOS-compatible. It's really pointless to speculate until someone actually tries booting OpenBSD on one of them. - todd
for those following -current
Due to some just-committed types changes you will have to build install gcc before a make build will succeed. New snapshots will be available in the next few days. - todd
Re: skeyinit and lock - login class data unavailable (side effect of login_ldap permissions for login.conf)
In message [EMAIL PROTECTED] so spake Rogier Krieger (rkrieger): Is there a way to open up login.conf without divulging the bindpw? Reading the login_ldap and login.conf man pages, I did not find any. So far, I see two possible remedies: [1] patching login_ldap to obtain sensitive data in a similar way as login_radius does from /etc/raddb or [2] make /etc/login.conf readable to the 'auth' group, as both lock and skeyinit have their SGID bits set. Since [2] is less intrusive, I am inclined to take that route. Are there any setbacks to expect? Other suggestions are more than welcome, of course. I would suggest you go with [2]. There shouldn't be any real downside. - todd
Re: Workaround/Solution for i386/5873: No sound on Eee PC 900 with OpenBSD 4.4-beta
In message [EMAIL PROTECTED] so spake Dawe (dawedawe): I had the same problem with my eee pc 900 as stated in i386/5873: azalia(4) seemed to work, but the speakers didn't produce any output. Running a snapshot from last week, I played again with some mixerctl settings and found the following setting to make the speakers work: mixerctl outputs.speaker.eapd=on I can't say, if this was always the case or the result of a recent commit. Several mp3, ogg and wave files I tested all sound like expected. However, I noticed one issue with the sound of flash applications in opera. It's full of hick ups and high pitched. Could that be a sample rate issue? I thought I let you know, so you could close the bug report... Would you mind sending dmesg output from your eee pc 900 with the working sound? - todd
Re: Question about sudo -v
Sounds like you have a line like this in sudoers: # Same thing without a password %wheelALL=(ALL) NOPASSWD: SETENV: ALL which would explain why you don't get prompted for a password. But since you didn't include the output of sudo -l I can't tell for sure. - todd
Re: Question about sudo -v
In message [EMAIL PROTECTED] so spake Andreas Kahari (andreas.kahari): Here you go: $ sudo -l Matching Defaults entries for ak on this host: env_keep+=DESTDIR FETCH_CMD FLAVOR FTPMODE GROUP MAKE MULTI_PACKAGES, env_keep+=OKAY_FILES OWNER PKG_DBDIR PKG_DESTDIR PKG_CACHE PKG_PATH, env_keep+=PKG_TMPDIR PORTSDIR RELEASEDIR SUBPACKAGE WRKOBJDIR, env_keep+=SSH_AUTH_SOCK EDITOR VISUAL SHARED_ONLY, passwd_timeout=0, !insults User ak may run the following commands on this host: (ALL) SETENV: ALL (ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper That looks like a bug. The verifypw setting is not being handled correctly. - todd
Re: Question about sudo -v
In message [EMAIL PROTECTED] so spake Andreas Kahari (andreas.kahari): Ah, I think I found it. It is this line in my sudoers file that does it: %users ALL=(ALL) NOPASSWD: /usr/local/libexec/xfsm-shutdown-helper What's wrong with it? I was intending to let any member of the 'users' group execute the xfsm-shutdown-helper program, but this line has the side effect of making sudo -v not work properly. The following patch should fix the behavior. I need to do some checking to make sure there are no other side effects but I believe it is correct. - todd Index: parse.c === RCS file: /home/cvs/openbsd/src/usr.bin/sudo/parse.c,v retrieving revision 1.20 diff -u -p -u -r1.20 parse.c --- parse.c 14 Nov 2008 11:58:08 - 1.20 +++ parse.c 8 Dec 2008 14:54:56 - @@ -192,12 +192,9 @@ sudo_file_lookup(nss, validated, pwflag) if ((pwcheck == any nopass != TRUE) || (pwcheck == all nopass != FALSE)) nopass = cs-tags.nopasswd; - if (match == ALLOW) - goto matched_pseudo; } } } - matched_pseudo: if (match == ALLOW || user_uid == 0) { /* User has an entry for this host. */ SET(validated, VALIDATE_OK);
Re: lpd printing problem
The (existing) abuse of toprec is a bit kludgy but this should fix the problem for now. - todd Index: lib/libc/gen/getcap.c === RCS file: /home/cvs/openbsd/src/lib/libc/gen/getcap.c,v retrieving revision 1.29 diff -u -r1.29 getcap.c --- lib/libc/gen/getcap.c 10 Jul 2011 13:31:02 - 1.29 +++ lib/libc/gen/getcap.c 14 Oct 2011 13:30:07 - @@ -658,11 +658,12 @@ int cgetnext(char **cap, char **db_array) { - size_t len; + size_t len, otopreclen = topreclen; int c, serrno, status = -1; char buf[BUFSIZ], nbuf[BSIZE]; char *b_end, *bp, *r_end, *rp; char *record = NULL; + char *otoprec = toprec; u_int dummy; off_t pos; @@ -677,6 +678,7 @@ */ if (toprec !gottoprec) { gottoprec = 1; + record = toprec; goto lookup; } @@ -770,7 +772,6 @@ fseeko(pfp, (off_t)(bp - b_end), SEEK_CUR); toprec = record; topreclen = rp - record; - gottoprec = 1; break; } } @@ -787,7 +788,11 @@ fseeko(pfp, pos, SEEK_SET); done: serrno = errno; - free(record); + if (toprec != otoprec) { + toprec = otoprec; + topreclen = otopreclen; + free(record); + } if (status = 0) (void)cgetclose(); errno = serrno;
Re: Bad MD5 of install42.iso
In message [EMAIL PROTECTED] so spake =?ISO-8859-2?B?UHJ6ZW15c7NhdyBQYXdls2N6eWs=?= (pp): 1) MD5s for downloaded files md5sum install42.iso 03dc43a1d18d3003843a1f13b3861917 install42.iso 03dc43a1d18d3003843a1f13b3861917 is correct. The MD5 file has been updated but will take some time to propagate to the mirrors. - todd
Re: can't change password with passwd comand
In message [EMAIL PROTECTED] so spake Jumping Mouse (kafriki): When I try to change a user password I get an error. I do this: # passwd username enter a new password and get: pwd_mkdb: corrupted entrypwd_mkdb: at line #24pwd_mkdb: /etc/ptmp: Innapropriate file type or formatpasswd: etc/master.passwd unchanged how can I fix this? This indicates that your /etc/master.passwd file has some errors unrelated to your attempt to change the password. You should run the vipw command as root to fix the problem on line 24. It sounds like that line is missing at least one field. - todd
Re: login_radius possible changes.
In message [EMAIL PROTECTED] so spake Brad Arrington (bradla): Would it be possible to change login_radius.c actually raddauth.c so that: 1. The admin can change what port login_radius uses, such as the old datametrics port. It is currently hard coded to radius(1812). I have no objection to this part, though it cam be done a bit more simply. 2. Make it so it does not try an empty password 2 times before it kicks back a prompt asking for a password. I'm not at all sure about this. I would have to test this using challenge/response. - todd
Re: Tentakel and exec sudo ...
In message c4bb3a29-8051-4d34-a691-53d4f035d...@smartterra.eu so spake Falk Brockerhoff - smartTERRA GmbH (nmc): is there any way to execute sudo (in combination with a password to provide) on remote servers using tentakel? Actualy tentakel hangs, when I'm executing sudo ls -l / on a bunch of servers. Without sudo anything works fine, as you can see from the example below. Do you know whether tentakel is running ssh with the -t flag or not? Sudo will want to disable echo when reading the password so ssh needs the -t flag so that it allocates a pty. - todd
Re: sudo 1.6.9p20 patch in OPENBSD_4_3 and OPENBSD_4_4
In message 1234278635.17569.9.ca...@soundwave.ws.pitbpa0.priv.collaborativefus ion.com so spake Brian A. Seklecki (lavalamp): Do we want to slip this into presently supported branches containing 1.6.9p17? It's a quick patch: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21r2=1.160.2. 22only_with_tag=SUDO_1_6_9 I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string. I think this is worth doing, though the bug won't affect most people's configuration. -current is unaffected as it contains sudo 1.7.0. - todd
Re: sudo won't work with login_fingerprint
login_fingerprint only supports login auth, not support challenge/response mode which is what sudo (and other things) uses. - todd
Re: Weird sudo behavior?
This is normal behavior for the version of sudo that ships with OpenBSD. You can enable per-tty timestamps by enabling the tty_tickets option. E.g., in sudoers add a line like: Defaults tty_tickets - todd
Re: problem compiling userland in -current
On Sun, 24 Feb 2013 21:10:30 GMT, Stuart Henderson wrote: On 2013-02-24, Chris Smith obsd_m...@chrissmith.org wrote: cc -I. -I/usr/src/usr.sbin/nsd -O2 -pipe -c /usr/src/usr.sbin/nsd/nsd-xfe r.c /usr/src/usr.sbin/nsd/nsd-xfer.c:175: error: static declaration of 'tsig_get_algorithm_by_id' follows non-static declaration /usr/src/usr.sbin/nsd/tsig.h:161: error: previous declaration of 'tsig_get_algorithm_by_id' was here It seems your tree is not clean, the tsig_get_algorithm_by_id prototype which it's complaining about was removed in tsig.h r1.1.1.3. This looks like a bug in opencvs, which anoncvs3.usa.openbsd.org was using for non-pserver connections. I've now changed it to use GNU cvs over ssh. - todd
Re: sudo configuration !ttytickets?
On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote: I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. It's quite simple really, the version of sudo in OpenBSD (a patched version of 1.7.2p8) predates the change use tty_tickets by default. I've always felt that tty_tickets gives a false sense of security, though it is somewhat improved in more recent sudo versions where the tty is determined via sysctl() rather than by ttyname(). - todd
Re: sudo configuration !ttytickets?
On Fri, 13 Sep 2013 12:44:45 +0200, Donovan Watteau wrote: Am I right thinking that sudo in base is still vulnerable to CVE-2013-1776 for those who enable tty_tickets? Yes, but the situation is no worse than with tty_tickets disabled. If you are really worried about this you can simply disable the time stamp files by setting timestamp_timeout to 0. This makes sudo a lot less convenient to use though. - todd
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
The only change I see to sudo between 5.3 and 5.4 that might be related is this one. You could try backing it out via patch -R and see if the old behavior is restored. - todd Index: sudo.c === RCS file: /home/cvs/openbsd/src/usr.bin/sudo/sudo.c,v retrieving revision 1.43 diff -u -r1.43 sudo.c --- sudo.c 8 Jul 2010 21:11:31 - 1.43 +++ sudo.c 6 Nov 2013 20:14:47 - @@ -305,7 +305,7 @@ log_error(NO_STDERR|NO_EXIT, problem with defaults entries); /* Set login class if applicable. */ -set_loginclass(sudo_user.pw); +set_loginclass(runas_pw ? runas_pw : sudo_user.pw); /* Update initial shell now that runas is set. */ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On Wed, 06 Nov 2013 13:01:38 -0800, Andrew Klettke wrote: Which is odd, and definitely incorrect, as it works with the old binary, and radius is set up correctly in login.conf (IP censored): radius:\ :auth=radius:\ :radius-server=***.***.***.***:\ :ignorenologin:\ :requirehome@:\ :radius-challenge-styles=login: This is almost certainly caused by revision 1.45 of sudo.c. If you back that out (see my previous messages) and rebuild sudo that should fix it. Basically, sudo is using the authentication style of the destination user (in this case root) instead of the invoking user. A workaround may be to configure root to use radius authentication. - todd
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On Thu, 07 Nov 2013 00:08:00 -0500, Ted Unangst wrote: Is this the correct behavior? As I understand it, when I run sudo, it asks for my password because it wants me to prove I'm me. I don't have to authenticate as the destination user, so why is the destination user's auth style being used? No, which is why I suggested he backout the change in question. OpenBSD-current has the missing parts of the change from sudo 1.7.9. - todd
Re: sudo bad practice or inconsistency?
On Tue, 14 Oct 2014 20:58:56 +0200, Alessandro DE LAURENZIS wrote: Now, launching sudo that way returns an error: just22@poseidon:[xfe] sudo su -c ls su: no such login class: ls so basically sudo is parsing the -c option instead of passing it to su. Probably this is just a bad practice in sudo usage, nevertheless I never encountered such a problem in the Linux world... No, su is parsing the -c option instead of passing it to the shell. It should be running: su root -c ls or: su -- -c ls This really has nothing to do with sudo. - todd
Re: sudo nohup tcpdump at startup
On Wed, 04 Feb 2015 15:06:41 +0100, Hrvoje Popovski wrote: is there any problem to just put this in crontab? @reboot /usr/sbin/tcpdump -lnqttti pflog0 2 error.log | /usr/bin/logger -t pf -p local2.info You should not try to run the command in the background since cron runs commands asyncronously. Otherwise that looks OK. - todd
Re: I found a sort bug! - How to sort big files?
On Sat, 14 Mar 2015 12:29:21 -, Stuart Henderson wrote: I think the consensus was to try and replace it with another version but not sure what happened. I have a port of the FreeBSD sort but it is slower than our current sort (and slower than GNU sort). - todd
Re: Diffs for OpenBSD /src
On Fri, 13 Mar 2015 10:42:21 -0500, Matthew Markfort wrote: What is an appropriate channel for relaying diffs for review? The t...@openbsd.org list is usually the right place for diffs to be reviewed. - todd
Re: modify /etc/ksh.kshrc
On Fri, 20 Feb 2015 12:06:48 -0500, Ted Unangst wrote: butresin wrote: I surprised on this. Why discouraged to modify /etc/ksh.kshrc? Because you have to be root to do it? Why wouldn't it be better for users to edit their own .kshrc? There's nothing wrong with wanting to have site-specific settings, though it would make upgrades simpler to have those in a separate file. - todd
Re: What happens to OpenBSD when Secure Boot becomes manditory?
On Thu, 02 Apr 2015 16:38:29 -0400, Steve Litt wrote: What happens to OpenBSD when Secure Boot becomes manditory? Please read those articles again, Secure Boot is *not* mandatory for Windows 10. The major change is that for Windows 8 Microsoft *required* hardware vendors to provide a setting to disable Secure Boot. To be certified for Windows 10, the hardware is no longer required to have this setting. So no one is being forced to make Secure Boot mandatory. If some hardware vendors choose not to include a way to turn it off they'll simply lose some business. At worst this creates new opportunities for vendors interested in PC sales for Linux, BSD, etc... The sky is not falling. - todd
Re: What bad things could happen if we don't use sudoedit?
On Tue, 28 Apr 2015 07:19:34 +0200, someone wrote: You are perfectly correct, it was ed, not vi and sudoedit could be the solution, thanks. I will try to search the internet how to do the LD_PRELOAD trick with ed. You cannot as LD_PRELOAD only works with dynamic executables and ed is static. The best you could hope to do is monitor it via ptrace(2). It's really a moot point since if you can write to files as root you can trivially get a root shell other ways, such as editing /etc/sudoers. The reason we have sudoedit is that there is no safe way to constrain what an editor run as root can do. - todd
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com adam.w...@koparo.com adam.w...@tintagel.pl from spamd db (Error 22) Does anyone know how serious that error is (should I be worried) and what might have caused it? Error 22 is EINVAL. I'm not sure how that can happen in this case though. Have you tried restating spamd? You might also try running: $ spamdb | fgrep 66.111.4.25 to see if that entry is really in the database and if so see if spamdb -d can remove it. - todd
Re: man -m broken without man.conf ?
On Wed, 06 May 2015 19:47:23 +0200, Ingo Schwarze wrote: Are you OK with the following patch? It uses the default path if and only if /etc/man.conf (or the -C argument) does not exist or does not contain any manpath or _whatdb directive. That looks reasonable. Having the logic in manconf_file() seems less fragile. - todd
Re: man -m broken without man.conf ?
On Wed, 06 May 2015 17:23:20 +0200, Jan Stary wrote: This is the latest amd64 snapshot. Is seems that there is a subtle bug in man(1). If I augment my man path with -m ~/man, as I do with alias man='man -m ~/man', man(1) does not find the system manpages, saying man: No entry for ls in the manual. but it does find and display those in ~/man correctly. This happens if /etc/man.conf does not exist. It also works if the MANPATH environment variable is set. The problem appears to be this: if (conf-manpath.sz == 0) manpath_parseline(conf-manpath, manpath_default, 0); If -m is specified, conf-manpath.sz will be 1, not 0. An ugly way to fix this is: if (conf-manpath.sz == !!auxp) manpath_parseline(conf-manpath, manpath_default, 0); - todd
Re: post mortem analysis
On Thu, 02 Apr 2015 23:57:21 +0200, Riccardo Mottola wrote: I checked messages and I see the dmesg from one boot then directly the other boot, no messages in between. Where else could I check? Since you don't have a console you might want to add the following to /etc/sysctl.conf if you don't already have them: ddb.panic=0 # 0=Do not drop into ddb on a kernel panic ddb.log=1 # 1=Log ddb output in kernel message buffer With that you may be able to see the panic message in dmesg if there is one. - todd
Re: sudoers documentation bug?
It is far too late in the game to change this behavior as you will break people's working sudoers files. - todd
Re: comsat-biff issue
Is your mail being delivered to /var/mail/yourname or do you have a .forward file? The comsat daemon is notified by mail.local which delivers mail to the local mail spool. If you have a .forward file, mail.local is not used and you won't get a biff notification. - todd
Re: comsat-biff issue
On Mon, 06 Jul 2015 16:53:27 +0200, Walter Alejandro Iglesias wrote: Till you mentioned about it I've ignored the existence of /usr/libexec/mail.local. :-) I'm a new to OpenBSD. Is it some kind of procmail's alike functionality? It's what delivers messages to /var/mail/username when invoked by the MTA. I tried modifying the comsat line in inetd.conf, using just udp4, removing the ip limit prefix, etc. I've tried installing procmail (telling smtpd to use it). I did some tests stopping /etc/rc.d/inetd and running inetd -d form the command line. It turns out mail.local only supported udp4 anyway (though I've just committed a fix for that). With the default inetd.conf, after sending a mail to myself: # inetd -d ADD: 127.0.0.1:comsat proto=udp, wait.max=1.256 user:group=root:wheel builtin =0 server=/usr/libexec/comsat ADD: ::1:comsat proto=udp6, wait.max=1.256 user:group=root:wheel builtin=0 se rver=/usr/libexec/comsat ADD: daytime proto=tcp, wait.max=0.256 user:group=root:wheel builtin=1959e0e0 8630 server=internal ADD: daytime proto=tcp6, wait.max=0.256 user:group=root:wheel builtin=1959e0e 08630 server=internal someone wants comsat 14937 execv /usr/libexec/comsat The last two lines appeared right after sending the email. I understand (in my ignorance) that means inetd *receives* the notification (from mail.local?). And the following is what netstat shows: Correct, mail.local sends a message to the comsat port which inetd listens on. Then inetd will exec comsat with the socket hooked up to standard input and output. I know biff isn't a big concern but I insisted because I thought it could be a symptom of some other more important issue. The root cause was that mail.local sends a newline character after the spool file offset which comsat was not expecting. This used to work but got broken by the conversion to strtonum(). I've committed a fix for comsat similar to the diff I send earlier. - todd
Re: Resolve names from chroot'ed OpenBSD httpd
On Fri, 22 May 2015 11:54:10 -0300, Daniel Bolgheroni wrote: On Fri, May 22, 2015 at 06:39:53AM -0400, Dain Bentley wrote: I had this issue a while back. Have you tried restarting the server? Sure, but didn't solve the problem. http://marc.info/?l=openbsd-miscm=135603654831609w=2 You should ktrace the process and see what files it is unable to open. That should tell you what is missing from the chroot. - todd
Re: comsat-biff issue
It looks like this is fallout from the strtonum() conversion in comsat. The issue is that mail.local writes a trailing newline after the offset that we need to trim. This fixes it. - todd Index: libexec/comsat/comsat.c === RCS file: /cvs/src/libexec/comsat/comsat.c,v retrieving revision 1.39 diff -u -p -u -r1.39 comsat.c --- libexec/comsat/comsat.c 18 Apr 2015 18:28:37 - 1.39 +++ libexec/comsat/comsat.c 6 Jul 2015 14:56:23 - @@ -191,6 +191,7 @@ doreadutmp(void) } (void)lseek(uf, 0, SEEK_SET); nutmp = read(uf, utmp, statbf.st_size)/sizeof(struct utmp); + dsyslog(LOG_DEBUG, read %d utmp entries, nutmp); } (void)alarm(15); } @@ -204,15 +205,22 @@ mailfor(char *name) char *cp; off_t offset; + dsyslog(LOG_DEBUG, mail for '%s', name); + cp = name + strlen(name) - 1; + while (cp name isspace((unsigned char)*cp)) + *cp-- = '\0'; if (!(cp = strchr(name, '@'))) return; *cp = '\0'; offset = strtonum(cp + 1, 0, LLONG_MAX, errstr); - if (errstr) + if (errstr) { + syslog(LOG_ERR, '%s' is %s, cp + 1, errstr); return; + } while (--utp = utmp) { memcpy(utname, utp-ut_name, UT_NAMESIZE); utname[UT_NAMESIZE] = '\0'; + dsyslog(LOG_DEBUG, check %s against %s, name, utname); if (!strncmp(utname, name, UT_NAMESIZE)) notify(utp, offset); }
Re: no more sudo on openbsd 5.8
On Fri, 07 Aug 2015 17:06:03 +0200, John Naggets wrote: I just installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? Yes, sudo has moved to ports. The new doas(1) acts like a simplified sudo. I have setup the autoinstall for no root password and only one user account so I was wondering how do I run something as root now? Do I really need to setup a root account from autoinstall? You can either use doas(1) or install the sudo port. - todd
Re: passwd without argument in sudo
On Wed, 15 Jul 2015 14:51:00 +0200, Alex Greif wrote: when I 'sudo su - ' into a root shell and issue a 'passwd' without a username argument, then it does not try to change the passwd for the current user (in this case root) but for the user from which I issued the 'sudo'. This is because passwd changes the password for the logged in user by default, as returned by the logname system call. You can run the logname command to see that this is not changed when you run su. It's probably worth mentioning this in the passwd manual as it does seem to cause some confusion. - todd
Re: ksh not loading .profile
On Wed, 15 Jul 2015 17:05:51 +0100, Laurence Rochfort wrote: I've followed the faq at http://www.openbsd.org/faq/faq8.html#ksh and it still does not work. The problem is that your .xsession file merges ~/.Xresources but your actual XTerm*loginShell setting is in ~/.Xdefaults. Copy that line into ~/.Xresources and it should work. If you were using startx instead of xdm, the ~/.Xdefaults file would have been used. - todd
Re: cron log in /var/log
On Wed, 11 Nov 2015 12:29:30 -0500, Jiri B wrote: > As cron got a quite interested recently, isn't > right time to move its log to /var/log? > Or does having /var/cron/log have any specific reason? Since it is just another syslog file /var/log makes sense. I worry a bit about people's log watching scripts, though. - todd
Re: cron log in /var/log
On Wed, 11 Nov 2015 12:52:51 -0500, Jiri B wrote: > Other thing, when I was playing with most filesystems r/o I also > found having '.sock' in /var/cron/tabs little annoying, > as we usually use /var/run and I was already having /var/run > as mfs. Since like piece of cake to move it to /var/run. Funny you should mention that. I was considering moving that to /var/run/cron.sock. The only reason for it to be in the cron dir is for older systems that don't respect the file modes on Unix domain sockets. That's not an issue for us... - todd
Re: cron daily insecurity output
On Wed, 11 Nov 2015 20:31:03 +0100, Adam Wolk wrote: > cron started to be recently reported in my insecurity output after > upgrading to snapshot from Nov 6: > > Checking special files and directories. > Output format is: > filename: > criteria (shouldbe, reallyis) > var/cron/atjobs: > permissions (01770, 0770) > var/cron/tabs: > permissions (01730, 0730) > mtree special: exit code 2 This is a side effect of pledge(2) restrictions in cron coupled with a minor bug in the code that caused it to change the mode when it doesn't actually need to. I committed a fix for the bug earlier today so the next snapshot containing that fix will not strip the sticky bit from those directories. However, you'll need to fix up the directory permissions manuall. E.g. # chmod chmod a+t /var/cron/atjobs /var/cron/tabs - todd
Re: missing mailing list message(s)?
The mailing list server has been hitting a kernel bug that may have caused some outgoing messages to be lost. - todd
Re: OpenBSD parts in Toyota Highlander
On Sat, 26 Sep 2015 12:51:27 -0600, Diana Eichert wrote: > Todd's is most likely sudo That's probably strlcpy/strlcat. - todd
Re: dig and DNSSEC
On Sat, 26 Sep 2015 22:03:50 +0200, Denis Fondras wrote: > As Unbound/nsd are in base now, perhaps it could be easier to get > drill in and drop dig ? That's a great idea. We'd need to add nslookup(1) and host(1) wrappers though. - todd
Re: Inconsistency in utimes(2) manpage
On Tue, 05 Jan 2016 16:38:46 +0100, Carsten Kunze wrote: > the DESCRIPTION section of utimes(2) refers to "path" while > the SYNOPSIS section uses the term "file". Maybe the term > "path" should be used instead of "file" in SYNOPSIS. Fixed, thanks. - todd
Re: smtpd and syslog
The trace messages are logged at the debug level. You'll need to edit /etc/syslog.conf and change: mail.info /var/log/maillog to: mail.debug /var/log/maillog Then you should see the trace information. - todd
Re: FW: smtpd and syslog
On Fri, 10 Jun 2016 19:20:23 -, Peter Fraser wrote: > But what bothered me was the thousands of lines in /var/log/messages > saying > > sendsyslog: dropped 2 messages, error 55 > > when I first noticed I had forgot that I had modified smtd_flags > and had no idea why my log files were filling up. > I had no success trying to find what error 55 was. Look in /usr/include/sys/errno.h #define ENOBUFS 55 /* No buffer space available */ > There was no hint as to what the source of the problem was. > I did not know of any approach to find the cause, other than > guessing that it was smtpd. It used to be that syslog messages were silently dropped when syslogd was out of buffers. These days the kernel at least logs this condition. It would be hard for the kernel to provide more information without trying to parse the log messages that were dropped. - todd
Re: sshfs key exchange fails
On Fri, 17 Jun 2016 19:49:44 +0200, "Dennis Matthiesen" wrote: > I'm not sure if this a configuration issue or could this be a general > problem with the 'Diffie-Hellman Group Exchange Request' not being > processed properly by OpenBSD. > > Problem: OpenBSD SSH server isn't responding to the 'Diffie-Hellman Group > Exchange Request' with 'Diffie-Hellman Group Exchange Group'. Server is > sending a FIN ACK instead. That sounds like a configuration issue. Newer versions of OpenSSH don't accept these weak key exchange algorithms by default: diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 You can add them back in /etc/ssh/sshd_config using the KexAlgorithms setting. See sshd_config(5) for details. Also see http://www.openssh.com/legacy.html - todd
Re: sudo and globbing
You are comparing two very different versions of sudo. The sudo that used to ship with OpenBSD is version 1.7.2p8 which is rather ancient. On Linux you probably have some variant of sudo 1.8.x. Newer versions of sudo escape spaces in the command run via "sudo -s" whereas the ancient 1.7.2p8 does not. That probably explains the difference. If you install sudo from ports you will get the same behavior you see on linux. - todd
Re: question about fprintf()
On Mon, 15 Feb 2016 19:22:59 +0300, Alexei Malinin wrote: > Please tell me can fprintf() set errno to EINTR? Yes, it is possible but see below. > I have not found assignments such as "errno=EINTR" in libc sources > (src/lib/libc/stdio, amd64 OpenBSD-5.6 ) but I'm not sure. > > fprintf()'s man page does not say anything about errno but POSIX.1 says, > "If an output error was encountered, these functions shall return a > negative value and set /errno/ to indicate the error." If a signal handler is installed without the SA_RESTART flag set, the write(2) system call may fail with errno set to EINTR. The fprintf(3) function uses write(2) (deep) under the covers to write to a file or terminal. The signal(3) function always sets the SA_RESTART flag unless siginterrupt(3) has been used to make system calls interruptible. If the sigaction(2) system call is used, SA_RESTART must be explicitly set in sa_flags. - todd
Re: question about fprintf()
On Mon, 15 Feb 2016 21:08:20 +0300, Alexei Malinin wrote: > But can fprintf() set errno to EINTR if a program has no signal handlers > (i. e. there are default handlers for all signals)? > For example what will happen with fprintf() in a program with default > signal dispositions if the program's window size changes (SIGWINCH)? In that case the write(2) system call will be restarted and fprintf(3) will continue without error. - todd
Re: doas(1) and $PATH
On Wed, 13 Jan 2016 11:17:55 -0500, Philippe Meunier wrote: > By the way, while playing with which(1) and doas(1) and $PATH, I > managed to get which(1) to core dump, twice, although I have not been > able to reproduce it reliably. The crash in which was fixed recently. - todd
Re: doas(1) and $PATH
On Fri, 19 Feb 2016 13:45:28 -0700, "Todd C. Miller" wrote: > On Wed, 13 Jan 2016 11:17:55 -0500, Philippe Meunier wrote: > > > By the way, while playing with which(1) and doas(1) and $PATH, I > > managed to get which(1) to core dump, twice, although I have not been > > able to reproduce it reliably. > > The crash in which was fixed recently. Whoops, looks like I was responding to an old message. - todd
Re: groupdel 'command' don't remove group id
A user's active groups are set at login time. Removing a group from the group file does not affect processes that are already running. If you logout and login again after removing the group you should no longer be a member of the group. - todd
Re: patch: fix usage of mkstemp() in rdistd
I think it's best to just check the parent directories first and then create the temp name. - todd Index: server.c === RCS file: /cvs/src/usr.bin/rdistd/server.c,v retrieving revision 1.40 diff -u -p -u -r1.40 server.c --- server.c22 Dec 2015 08:48:39 - 1.40 +++ server.c28 Mar 2016 02:01:32 - @@ -750,12 +750,9 @@ recvfile(char *new, opt_t opts, int mode /* * Create temporary file */ - if ((f = mkstemp(new)) < 0) { - if (errno != ENOENT || chkparent(new, opts) < 0 || - (f = mkstemp(new)) < 0) { - error("%s: create failed: %s", new, SYSERR); - return; - } + if (chkparent(new, opts) < 0 || (f = mkstemp(new)) < 0) { + error("%s: create failed: %s", new, SYSERR); + return; } /* @@ -1161,13 +1158,10 @@ recvlink(char *new, opt_t opts, int mode /* * Make new symlink using a temporary name */ - if (mktemp(new) == NULL || symlink(dbuf, new) < 0) { - if (errno != ENOENT || chkparent(new, opts) < 0 || - mktemp(new) == NULL || symlink(dbuf, new) < 0) { - error("%s -> %s: symlink failed: %s", new, dbuf, - SYSERR); - return; - } + if (chkparent(new, opts) < 0 || mktemp(new) == NULL || + symlink(dbuf, new) < 0) { + error("%s -> %s: symlink failed: %s", new, dbuf, SYSERR); + return; } /*
Re: patch: fix usage of mkstemp() in rdistd
On Mon, 28 Mar 2016 10:19:12 +0200, Paul Kelly wrote: > On 03/28/16 04:05, Todd C. Miller wrote: > > I think it's best to just check the parent directories first and > > then create the temp name. > > > > - todd > > This works for me and avoids my hacking around with new. I added a few > extra destination directories and it seems to hold up OK. Thanks! Another option is to just open the file directly after creating the intermediate directories. This is effectively what used to happen before mkstemp(3) was changed to return an error when no Xs are found in the format. That way you still save a stat call when there directories already exist (the common case). - todd Index: server.c === RCS file: /cvs/src/usr.bin/rdistd/server.c,v retrieving revision 1.40 diff -u -p -u -r1.40 server.c --- server.c22 Dec 2015 08:48:39 - 1.40 +++ server.c28 Mar 2016 12:35:53 - @@ -752,7 +752,7 @@ recvfile(char *new, opt_t opts, int mode */ if ((f = mkstemp(new)) < 0) { if (errno != ENOENT || chkparent(new, opts) < 0 || - (f = mkstemp(new)) < 0) { + (f = open(new, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR)) < 0) { error("%s: create failed: %s", new, SYSERR); return; } @@ -1163,7 +1163,7 @@ recvlink(char *new, opt_t opts, int mode */ if (mktemp(new) == NULL || symlink(dbuf, new) < 0) { if (errno != ENOENT || chkparent(new, opts) < 0 || - mktemp(new) == NULL || symlink(dbuf, new) < 0) { + symlink(dbuf, new) < 0) { error("%s -> %s: symlink failed: %s", new, dbuf, SYSERR); return;
Re: Using "> /tmp/debug.log 2>&" in a startup script
I suspect your are getting tripped up by the ">/dev/null 2>&1" in _rc_do(). Try setting _RC_DEBUG=1 in the rc.d file and see if that makes a difference. I suppose you could also provide your own implementation of _rc_do() in the rc.d file too. - todd
Re: reorder_libs() from /etc/rc when using NFS root FS
On Sat, 09 Jul 2016 18:25:08 +0200, Frank Scheiner wrote: > Running the command substitution alone after the machine has finished > booting - which takes a considerable extra amount of time as the > SPARCclassic is a slow machine and its root FS is mounted via NFS - > gives the following in my case: > > ``` > # stat -L -f '%Sd' /usr/lib > ?? > # echo $? > 0 > ``` That makes sense. What stat(1) actually does is call stat(2) on /usr/lib and look up the resulting device number using devname(3). Since it can't be found it returns "??" which is useful for ps but not much else. We can simplify the check and simply treat a value of "??" as non-local and skip the reorder. - todd Index: rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.485 diff -u -p -u -r1.485 rc --- rc 29 May 2016 15:36:06 - 1.485 +++ rc 10 Jul 2016 01:35:46 - @@ -164,8 +164,8 @@ reorder_libs() { local _dkdev=/dev/$(stat -L -f '%Sd' /usr/lib) local _mp=$(mount | grep "^$_dkdev") - # Skip if /usr/lib is on a nfs mounted filesystem. - [[ $_mp == *' type nfs '* ]] && return + # Skip if /usr/lib is not on a local filesystem. + [ $_dkdev == '??' ] && return echo -n 'reordering libraries:'
Re: Issue with numbers of pty
On Fri, 01 Jul 2016 10:50:24 -0400, "Ted Unangst" wrote: > Stuart Henderson wrote: > > On 2016-06-30, Oriol Demariawrote: > > > Trying tmuxinator here I have noticed that I ran out of pty, according > > > to man pty(4) there is a kernel parameter specifiying the max > > > number. I'm running a snapshot from last Friday, and I don't seem to > > > have kern.tty.maxptys. > > > > You probably just ran out of device nodes, the default (62) is a bit small > > for some uses (often exhibited as not being able to open new xterms), but y > ou > > can create more like this: > > > > cd /dev > > sh MAKEDEV pty1 > > This shouldn't be a problem for software using openpty(). I don't think that is correct. You still need to device nodes in /dev to exist. Otherwise, the PTMGET ioctl will fail. - todd
Re: rcs(1) and -I parameter
On Sun, 03 Jul 2016 13:22:48 +0200, =?utf-8?Q?Sol=C3=A8ne?= RAPENNE wrote: > I am not familiar with rcs(1), from the man page I found parameter "-I Intera > ctive mode." > and rcs usage displays "usage: rcs [-IiLqTUV] [...]" > > When I type "rcs -I" I get > > rcs: unknown option -I > > Does the parameter -I really exists ? It doesn't appear to actually be implemented in OpenRCS. In GNU rcs, the -I flag forces interactive mode even if the stdin is not a terminal. Implementing this is not hard, rcs_prompt() just needs to print the promts even when no tty is present if -I is specified. - todd