Re: strict separation base system and third party software

On Fri, 28 Oct 2016 01:21:13 -0600 "Theo de Raadt" wrote: > > > > Different design, different philosophy, and different goals [1] but the > > > > same BSD heritage. > > > > > > There is no philosophy involved. > > > > > > England and the US and Canada are not differences in

Re: strict separation base system and third party software

On Thu, Oct 27, 2016 at 23:16:50 -0600, Theo de Raadt wrote: > > Different design, different philosophy, and different goals [1] but the > > same BSD heritage. > > There is no philosophy involved. > > England and the US and Canada are not differences in philosophy. > > They are just different.

Re: help with kshrc

On Mon, 18 Apr 2016 16:42:56 +0200 Marko =?ISO-8859-1?Q?Cupa=3F?= wrote: > Hi, > > in tcsh on FreeBSD, I use the following line in .tcshrc in order to > start xfce when looging on ttyv3: > > if ($tty == ttyv3) then > startxfce4 --with-ck-launch > logout > endif > >

Re: Post pkg_delete messages, change message format?

On Fri, 25 Mar 2016 12:47:01 -0500 Chris Bennett wrote: > After I delete packages, especially pkg_delete -X, I get a long list of > instructions like: > > > -2.1.3 --- > You should also run rm -rf /etc/cups/*.conf.O /var/log/cups > You

Re: how to mount encription volume

On Sat, 12 Mar 2016 12:19:59 + freeu...@ruggedinbox.com wrote: > hi, I use the bioctl encryption on boot volume. > > example A: > fdisk -iy sd0 > echo -n "a a\n64\n\nRAID\np\nw\nq\n\n" |disklabel -E sd0 > bioctl -c C -l /dev/sd0a softraid0 > > then, OpenBSD detect sd1 and I install the

Re: some problems with disks

On Tue, 8 Mar 2016 00:20:08 +0100 arrowscr...@mail.com wrote: > I'm having some problems with disks. Probably because I still don't > understand enough of how BSD manage them: > > 1. I was going to install -current on a USB flash drive. I did the > install media using install59.fs and booted. I

elite smtpd control

i caught this in a process listing, and did a double take. $ ps ax|grep control 31337 ?? I 0:00.09 smtpd: control (smtpd) $ ps auxw|grep control _smtpd 31337 0.0 0.0 1592 4 ?? I 21Jan160:00.09 smtpd: control (smtpd) i thought it was interesting enough to share given the

Re: piping stderr to tee log (so I can have my log and watch it, too)

On Mon, 18 Jan 2016 10:09:14 +0900 Joel Rees wrote: > Trying to put some scripts together so I can set an update going one > night, check it in the morning, reboot, and finish the update while > I'm at work. > > So I want to do something like > >cd /usr/src && cvs

Re: tsort: pledge: invalid agument (building -current)

i ran into this myself the other day. you already got good advice, so i will just make one comment. On Sat, 9 Jan 2016 18:54:22 +0900 Joel Rees wrote: > Do I need to backup my data, wipe the OS, and re-install from a snapshot > kernel? > it's unlikely you will ever have

Re: the location of openbsd.pbr

On Wed, 30 Dec 2015 22:50:08 -0700 "Jack J. Woehr" wrote: > Brian McCafferty wrote: > > Are you referring to the file you need to create for dual booting with the > > windows ntldr? Check the FAQ: > > http://www.openbsd.org/faq/obsd-faq.txt > > Just out of curiousity, I dd'ed

Re: owncloud and php5-libsmbclient / occ

On Tue, 29 Dec 2015 20:43:49 -0500 Johan Huldtgren wrote: > > Also, if one would like to use occ utility from CLI, considering that the > > whole owncloud runs chrooted under /var/www/ and that occ therefore looks > > for /owncloud/apps folder (which is

Re: TCL in a chroot

On Mon, 28 Dec 2015 19:53:47 -0500 Paul Pereira wrote: > Has anyone had luck running tcl within a chroot? I have the required > libraries reported by ldd in place, but the interpreter cannot find > them. > > # chroot /var/www /usr/local/bin/tclsh8.5 >

Re: DESTDIR chroot for Mailman from ports

On Sun, 27 Dec 2015 11:22:56 + (UTC) Juuso Lapinlampi wrote: > I'm having a bit of hard time installing Mailman from ports to an > alternative `DESTDIR` chroot on OpenBSD 5.8 -stable, GENERIC.MP amd64. I > have a working Mailman setup in a non-chroot environment and I'm

Re: if I were to make a pkg-add diff

On Fri, 25 Dec 2015 16:09:27 -0600 Luke Small wrote: > I suppose folks could opt for the more stable yet higher latency > official mirrors even if they aren't local to canada and they would > never be surprised. It may not be too much trouble for me to implement > a mere

Re: utilities in bsd.rd

On Mon, 21 Dec 2015 20:45:15 + "AHLSENGIRARD, EDWARD F CTR USAF AFMC AFNWC/NDBD" wrote: > By any chance is there a handy list of the utilities compiled into bsd.rd > (release or recent snap)? > > > -- > Edward Ahlsen-Girard > it may not be exhaustive

Re: Is it possible to use pledge(2) to make something similar to firejail?

On Mon, 30 Nov 2015 23:30:49 +0100 Lampshade <lampsh...@poczta.fm> wrote: > Thanks for answers. > @dan mclaughlin. But how to prevent attacker going out of chroot? as far as i am aware only root can break out of a chroot. as long as nothing runs as root, and there are no suid root th

Re: Is it possible to use pledge(2) to make something similar to firejail?

On Sun, 29 Nov 2015 07:08:57 -0700 "Anthony J. Bentley" wrote: > Lampshade writes: > > Is it possible, in theory, to use pledge(2) to make something similar to > > fire > > jail? > > https://packages.debian.org/sid/main/firejail > > Firejail is a Gnu/Linux's program which

Re: Mount ISO as read write

On Wed, 28 Oct 2015 07:45:05 + (UTC) Mik J wrote: > Hello everyone, > I asked this question on another list a long time ago. > * I would like to mount an iso in order to add some files# ls -l /mnt > drwxr-xr-x 2 root wheel 512 May 3 15:31 iso# vnconfig svnd0

Re: doas and home directory of target user

On Fri, 25 Sep 2015 02:09:40 +0900 Joel Rees wrote: > At any rate, I have convinced myself that doas follows the manual page > in preserving the calling user's key environment variables, including > HOME and USER. > > I had not grasped that this was considered desired

Re: doas and home directory of target user

On Tue, 22 Sep 2015 17:41:57 +0900 Joel Rees wrote: > I have this rule in doas.conf: > > permit nopass user1 as user2 > > As user1, I try this at the command line: > > doas -u user2 whoami > > and it tells me I am user2, as I expect. And > >doas -u user2 ls >

Re: securing web browser

On Fri, 14 Aug 2015 16:45:52 + Frank White mediome...@gmail.com wrote: Hi, anyone has some advices to make more secure a browser like firefox ? chroot + systrace ? Thank you. apparently it's been done. David Coppa reported that he succeeded chrooting firefox here:

Re: Any way to tell what the last cvs module checked before a broken pipe was?

On Mon, 3 Aug 2015 21:17:12 +0900 Joel Rees joel.r...@gmail.com wrote: I try a cvs update on xenocara and it just sits there for over an hour and then tells me I have a broken pipe. cvs log seems to yield the same behavior, which I might interpret as re-assuring, or I might wonder whether

Re: Rescue /var from a dying 1TB softraid FDE disk

On Wed, 15 Jul 2015 22:23:43 +0200 Erling Westenvik erling.westen...@gmail.com wrote: Hi, I've tried to do my homework (man ddrescue, info ddrescue, google) but think I might need some OpenBSD spesific advice before embarking on my first attempt ever to salvage data from a dying disk.

Re: cvs files from attic show up in update

On Fri, 3 Jul 2015 13:37:45 +0200 (CEST) n.reu...@hxgn.net wrote: dan mclaughlin thev...@openmailbox.org hat am 3. Juli 2015 um 13:18 geschrieben: On Fri, 3 Jul 2015 12:34:17 +0200 (CEST) n.reu...@hxgn.net wrote: Nigel J Taylor ni...@openbsd.org hat am 3. Juli 2015 um 11:39

Re: cvs files from attic show up in update

On Fri, 3 Jul 2015 12:34:17 +0200 (CEST) n.reu...@hxgn.net wrote: Nigel J Taylor ni...@openbsd.org hat am 3. Juli 2015 um 11:39 geschrieben: On 07/03/15 09:33, n.reu...@hxgn.net wrote: Dear misc, i have a script running every night on my openbsd 5.7 -stable box to fetch

Re: jail_bin_add: script to add binary and libs to chroot

On Mon, 8 Jun 2015 10:28:53 -0400 Jiri B ji...@devio.us wrote: On Mon, Jun 08, 2015 at 01:46:17AM -0400, dan mclaughlin wrote: i figure this should be useful to some. ... it seems somebody doesn't know jailkit which is in ports :) i try to use base whenever possible. there might still

Re: How does it work, shell_exec and exec of php-fpm in OpenBSD 5.6?

On Mon, 1 Jun 2015 06:05:28 -0400 Josh Grosse j...@jggimi.homeip.net wrote: On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote: On Sun, 31 May 2015 22:20:17 -0500 Okupandolared kan...@darkmail.mx wrote: does not exist, so I can copy /usr/bin/whoami to /var/www/usr/bin

Re: How does it work, shell_exec and exec of php-fpm in OpenBSD 5.6?

On Sun, 31 May 2015 22:20:17 -0500 Okupandolared kan...@darkmail.mx wrote: does not exist, so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami? that try ls and /bin/ls and /var/www/bin/ls and it does not work, /bin/ls exist /var/www/bin/ls exist thanks On 05/31/15 19:43, Zé

Re: console prompt disappeared after login

On Mon, 18 May 2015 11:24:13 +0100 Pedro Tender pedro.ten...@fabamaq.com wrote: I've updated another machine today to latest snapshot and it is fixed. Have you tried the 18th May (ftp3.eu) snapshot ? On Sun, May 17, 2015 at 10:51 PM, dan mclaughlin thev...@openmailbox.org wrote

Re: console prompt disappeared after login

On Mon, 18 May 2015 14:21:39 +0100 Pedro Tender pedro.ten...@fabamaq.com wrote: I'm not having problems with ksh nor zsh, going in and out of X (xfce). ​TTY's working fine.​ On Mon, May 18, 2015 at 12:56 PM, dan mclaughlin thev...@openmailbox.org wrote: On Mon, 18 May 2015 11:24

Re: console prompt disappeared after login

On Sun, 17 May 2015 14:29:07 - Maurits Fennis m...@nulldev.net wrote: just not the TTY's same here. -- Maurits Fennis () ascii ribbon campaign /\ www.asciiribbon.org here too. i just submitted a bug report problems with console output.

Re: swap on encrypted softraid, performance penalty?

On Sun, 17 May 2015 00:20:52 +0200 Fredrik Alm f...@fredrikalm.com wrote: I’ve seen a few “whole disk encryption” tutorials which puts the swap outside of the partition used for the softraid encryption, since openbsd already encrypts the swap partition anyway. I assume that by putting

Re: swap on encrypted softraid, performance penalty?

On Sun, 17 May 2015 04:32:38 +0200 Fredrik Alm f...@fredrikalm.com wrote: On 17 May 2015, at 02:19, dan mclaughlin thev...@openmailbox.org wrote: On Sun, 17 May 2015 00:20:52 +0200 Fredrik Alm f...@fredrikalm.com wrote: I’ve seen a few “whole disk encryption” tutorials which puts

Re: offtopic: political correctness

On Fri, 08 May 2015 16:26:09 -0300 Giancarlo Razzolini grazzol...@gmail.com wrote: On 08-05-2015 11:38, Nick Holland wrote: In that case, you may wish to avoid reading the FAQ, the man pages, certainly not the commit message log. Come on. Those are hilarious! You probably don't want

Re: report:intranet PXE network install (by nginx...)

On Thu, 07 May 2015 08:13:55 -0400 Nick Holland n...@holland-consulting.net wrote: On 05/07/15 07:51, Paolo Aglialoro wrote: If it's correct and not against man pages it can be helpful for beginners to have a ready recipe, just like FAQs. IF it is correct, maybe. But OpenBSD's philosophy

Re: OpenBSD Foundation and OpenBSD Project

On Tue, 5 May 2015 09:49:13 +0530 Hrishikesh Muruk hris...@gmail.com wrote: Hi I dont want to purchase 5.7 CDs and pay international shipping (also done have a CD drive). I would like to donate that amount instead. From the OpenBSD Project donations page (

Re: pf.conf something is VERY wrong here, need advice.

On Sun, 19 Apr 2015 21:07:31 -0400 System Administrator ad...@bitwise.net wrote: On 20 Apr 2015 at 0:11, Ton Muller wrote: i have last week setup my old asus laptop, model A6000 ,1GB ram, 80GB HDD. SK0 is the internal interface. RE0 is the WAN interface i kept my pf.conf as

Re: ssh help with X11Forwarding

On Wed, 15 Apr 2015 11:35:21 +0300 Ville Valkonen weezeld...@gmail.com wrote: Hello, On 13 April 2015 at 15:10, dan mclaughlin thev...@openmailbox.org wrote: On Mon, 13 Apr 2015 16:49:02 +0530 Hrishikesh Murukkathampoondi hris...@gmail.com wrote: Hello I am running OpenSD 5.6

Re: ssh help with X11Forwarding

On Mon, 13 Apr 2015 16:49:02 +0530 Hrishikesh Murukkathampoondi hris...@gmail.com wrote: Hello I am running OpenSD 5.6 on a x86 netbook. I am trying to setup X11 forwarding in ssh. In sshd_config I have added X11Forwarding yes In ssh_config I have added ForwardAgent yes ForwardX11

Re: Following -stable, sources downloaded from mirror

On Sat, 11 Apr 2015 10:27:19 +0200 Johan Mellberg johan.mellb...@gmail.com wrote: Hi, I want to start following -stable so I have read http://www.openbsd.org/anoncvs.html and http://www.openbsd.org/faq/faq5.html#BldGetSrc as well as looking through the mailing list archives ​ for cvs

Re: Following -stable, sources downloaded from mirror

On Sat, 11 Apr 2015 11:59:14 +0200 Johan Mellberg johan.mellb...@gmail.com wrote: dan mclaughlin skrev den 2015-04-11 10:55: On Sat, 11 Apr 2015 10:27:19 +0200 Johan Mellberg johan.mellb...@gmail.com wrote: Hi, I want to start following -stable so I have read http://www.openbsd.org

Re: Screwed up copying partition to another disk

On Fri, 10 Apr 2015 12:00:06 -0500 Chris Bennett chrisbenn...@bennettconstruction.us wrote: I have been copying home folders from several disks that should be near failing due to age to an external USB disk. I have been using: cd /SRC; tar cf - . | (cd /DST; tar xpf - ) Works fine,

Re: .kshrc Definitions under X

On Fri, 10 Apr 2015 18:49:02 -0300 Henrique Lengler henriquel...@opmbx.org wrote: On Fri, Apr 10, 2015 at 12:22:45AM -0400, dan mclaughlin wrote: On Thu, 9 Apr 2015 16:58:29 -0300 Henrique Lengler henriquel...@opmbx.org wrote: On Sun, Apr 05, 2015 at 09:22:03PM -0700, Philip Guenther

Re: .kshrc Definitions under X

sorry to Henrique for the duplicate. On Fri, 10 Apr 2015 21:03:26 -0300 Henrique Lengler henriquel...@opmbx.org wrote: On Fri, Apr 10, 2015 at 07:51:01PM -0400, dan mclaughlin wrote: On Fri, 10 Apr 2015 18:49:02 -0300 Henrique Lengler henriquel...@opmbx.org wrote: On Fri, Apr 10, 2015

Re: .kshrc Definitions under X

On Fri, 10 Apr 2015 20:48:39 -0400 John Merriam j...@johnmerriam.net wrote: On 4/10/2015 8:03 PM, Henrique Lengler wrote: On Fri, Apr 10, 2015 at 07:51:01PM -0400, dan mclaughlin wrote: you should see an '-ls' option at the end as above. if not, that is your problem (it's not invoking

Re: Can't install latest snapshot over http

On Sat, 4 Apr 2015 09:08:35 +0900 Joel Rees joel.r...@gmail.com wrote: On Apr 4, 2015 8:33 AM, Oriol Demaria sysad...@the-grid.xyz wrote: My problem got worse. So I tried finally to install the 2nd of April snapshot usb image install57.iso. It actually has upgraded my kernel, and now it

Re: Can't install latest snapshot over http

this may not help you right now, but it is recommended that you save the last working kernel as /obsd so that you can boot from it if the new one doesn't work. i also keep the last release/snapshot in the root directory so that if something goes wrong i can restore it. On Sat, 04 Apr 2015

Re: Secure PDF viewer

On Thu, 2 Apr 2015 11:47:04 -0400 Jiri B ji...@devio.us wrote: On Thu, Apr 02, 2015 at 12:33:25AM -0400, Eric Furman wrote: I sometimes have to deal with PDF files (ugh) and all I need is the ability to view and print them, nothing fancy. With security in mind I would like to get opinions

Re: differences between pk_add -u and building from source at stable

On Thu, 2 Apr 2015 11:50:12 +0200 Marc Espie es...@nerim.net wrote: On Wed, Apr 01, 2015 at 11:48:16PM -0400, dan mclaughlin wrote: if you want the version that the port build will produce do: $ (cd /usr/ports/lang/gcc/4.8/ make _print-packagename) gcc-4.8.4p2 there are alot

Re: Secure PDF viewer

On Thu, 02 Apr 2015 23:11:57 -0400 Eric Furman ericfur...@fastmail.net wrote: Thanks for the info and I expected someone to suggest this, but I didn't really want to go all crazy. :) I wanted to know if there was a secure one so I wouldn't have to jump through all these kind of hoops. Thanks

Re: differences between pk_add -u and building from source at stable

On Thu, 2 Apr 2015 05:16:25 +0900 Joel Rees joel.r...@gmail.com wrote: Should there be a difference if I haven't botched the source tree for /usr/ports at some point? firefox --version tells me Mozilla Firefox 31.0 (It also gives a warning about size mismatch in a couple of

Re: how much disk space does it take to build gcc 4.8?

On Mon, 23 Mar 2015 19:53:45 +0900 Joel Rees joel.r...@gmail.com wrote: But this probably is not my real question. but to answer it still, A LOT. (i vaguely remember it being over a gig). I saw the notice about libssl and decided it was time to update things. Updated kernel and system

Re: running multiple simultaneous X sessions as different users

On Sat, 21 Mar 2015 14:14:22 -0700 luke...@onemodel.org wrote: On 03/16/15 19:38, Jean-Philippe Ouellet wrote: On Sun, Mar 15, 2015 at 07:12:23PM -0400, Ted Unangst wrote: luke...@onemodel.org wrote: The goal: I'd like to run multiple simultaneous X sessions and switch among them with

Re: isolating untrusted programs in ssh chroot jails

here are the scripts i wrote to make this easier. these really were made for my own use, but i hope others may find them useful. i would be interested to know if anyone else actually does find them useful. would also be glad to know of any errors/problems/things that can go wrong i didn't think

isolating untrusted programs in ssh chroot jails

there seems to be some interest in this, so i thought i would post my notes, made more presentable. here i detail ways to use ssh to restrict access to the filesystem as well as X, mitigating the 'security nightmare' that is X11, not to mention preventing possible leaking of local data. this uses

Re: isolating untrusted programs in ssh chroot jails

On Thu, 19 Mar 2015 08:52:09 -0600 Jorge Gabriel Lopez Paramount jorge.lopez.paramo...@googlemail.com wrote: Quoting dan mclaughlin thev...@openmailbox.org: there seems to be some interest in this, so i thought i would post my notes, made more presentable. here i detail ways to use ssh

Re: isolating untrusted programs in ssh chroot jails

On Thu, 19 Mar 2015 20:08:34 +0800 Jeff St. George f...@speednet.com wrote: You said at beginning of your comments now i don't use firefox (or any 'modern browser) may I ask which browser you like to use? And for what reasons? thanks in advance like in the examples, i use w3m. which is

Re: Autoinstall without PXE.

On Sat, 14 Mar 2015 02:27:56 + Raf Czlonka rczlo...@gmail.com wrote: On Fri, Mar 13, 2015 at 09:02:23PM GMT, Joshua Smith wrote: Hello misc@, Hi Joshua, Looking around the man pages for 5.6 and -current it doesn't seem like it, but is it possible to perform an

Re: GPU error: i915_hangcheck_hung on ThinkPad x201

i have the same error, except my system hangs. i just reported this to bugs@, you may want to keep an eye there: https://marc.info/?l=openbsd-bugsm=142590300129925w=2 On Fri, 6 Mar 2015 14:21:03 -0500 (EST) Charlie c...@devio.us wrote: Hi, I run OpenBSD 5.6-stable on a Lenovo x201 (patched