pass pasword to ssh
I am writing script, that would ssh to switch and dump configuration in file. 1) Since it is switch, i have no way to make use of public key authentication, because I have no way to store pubkey on switch. 2) Since I'm using dedicated box for backups, I don't need to hide password from ps. What is the cleanest way to pass password to ssh?
Re: MacBook remote control
On 11/12/07, Steven Mestdagh [EMAIL PROTECTED] wrote: Richard Storm [2007-11-11, 00:03:37]: Hello! I have macbook: hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz hw.vendor=Apple Inc. hw.product=MacBook2,1 hw.version=1.0 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz. Here is patch that makes it compile/work under openbsd with my macbook and remote control. Ignore manpage, run like this: ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo forward -B echo backward -U echo volumeup -D echo volumedown works nicely on my macbook. maybe this can be added to the ports tree? Don't know if ports is good idea, because it is hacked up version which supports only macbook remotes (it seems), since macbook pro remotes needs pairing(!?) and can do key repeats (like in original aird.c). Don't have any macbook pro remote to test with. I assume this diff breaks macbook pro remotes... btw: look at my cool config :)) #!/bin/sh aird -vd -f /dev/uhid1 -M audacious --show-main-window -P audacious -t -F audacious -f -B audacious -r -U mixerctl outputs.master=+5,+5 -D mixerctl outputs.master=-5,-5
MacBook remote control
Hello! I have macbook: hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz hw.vendor=Apple Inc. hw.product=MacBook2,1 hw.version=1.0 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz. Here is patch that makes it compile/work under openbsd with my macbook and remote control. Ignore manpage, run like this: ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo forward -B echo backward -U echo volumeup -D echo volumedown --- aird.c.orig Tue Jul 31 21:26:36 2007 +++ aird.c Sat Nov 10 22:56:10 2007 @@ -50,7 +50,6 @@ */ #include sys/cdefs.h -__FBSDID($FreeBSD$); #include err.h #include errno.h @@ -69,24 +68,17 @@ #include sys/ioctl.h #include sys/stat.h -#include libutil.h #include dev/usb/usb.h #include dev/usb/usbhid.h -static struct pidfh *pfh; - static voidsighandler(int sig); static voidusage(void); static voidruncmd(const char *cmd, int fd); -static void -sighandler(__unused int sig) +static void sighandler(int sig) { - if (pfh) - pidfile_remove(pfh); - exit(EXIT_SUCCESS); } @@ -96,7 +88,7 @@ fprintf(stderr, usage: %s [-vd] [-p pidfile] -f device [-M menu command]\n\t[-P play command] [-F forward command] [-B backward command]\n\t[-U volume up command] - [-D volume down command]\n, getprogname()); + [-D volume down command]\n, aird); exit(1); } @@ -132,8 +124,6 @@ const char *deventry; unsigned char key; - pfh = NULL; - signal(SIGHUP, sighandler); signal(SIGINT, sighandler); signal(SIGCHLD, SIG_IGN); @@ -207,23 +197,9 @@ err(EXIT_FAILURE, open %s, deventry); if (!foreground) { - pfh = pidfile_open(pidfile, 0600, otherpid); - if (pfh == NULL) { - if (errno == EEXIST) { - errx(EXIT_FAILURE, - Daemon already running, pid: %jd., - (intmax_t)otherpid); - } - /* If we cannot create pidfile from other reasons, - only warn. */ - warn(Cannot open or create pidfile); - } - if (daemon(0, 0) 0) { - pidfile_remove(pfh); err(EXIT_FAILURE, daemon); } - pidfile_write(pfh); } memset(prevbuf, 0, sizeof(prevbuf)); @@ -243,9 +219,6 @@ exit(EXIT_SUCCESS); } - if (key buf[3] != key) - continue; - /* * Check for key repeats. */ @@ -273,7 +246,7 @@ repeating = 0; } - switch (buf[4]) { + switch (buf[3]) { /* Menu */ case 0x02: case 0x03: @@ -308,7 +281,6 @@ } } - pidfile_remove(pfh); close(fd); return (0);
Re: Thanks for the work on acpi!
# sysctl -a | grep hw hw.machine=amd64 hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz hw.ncpu=2 hw.byteorder=1234 hw.physmem=2114535424 hw.usermem=2114523136 hw.pagesize=4096 hw.disknames=cd0,wd0,vnd0 hw.diskcount=3 hw.sensors.cpu0.temp0=54.00 degC hw.sensors.cpu1.temp0=54.00 degC hw.sensors.acpiac0.indicator0=On (power supply) hw.sensors.acpibat0.volt0=10.95 VDC (voltage) hw.sensors.acpibat0.volt1=12.44 VDC (current voltage) hw.sensors.acpibat0.watthour0=53.99 Wh (last full capacity) hw.sensors.acpibat0.watthour1=0.25 Wh (warning capacity) hw.sensors.acpibat0.watthour2=0.10 Wh (low capacity) hw.sensors.acpibat0.watthour3=50.76 Wh (remaining capacity), OK hw.sensors.acpibat0.raw0=2 (battery charging), OK hw.sensors.acpibat0.raw1=27 (rate) hw.cpuspeed=2161 hw.setperf=71 hw.vendor=Apple Inc. hw.product=MacBook2,1 hw.version=1.0 # dmesg | grep acpi acpi0 at mainbus0: rev 0 acpi0: tables DSDT HPET APIC MCFG ASF! SBST ECDT FACP SSDT SSDT SSDT acpi0: wakeup devices ADP1(S3) LID0(S3) PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) EC__(S3) acpitimer at acpi0 not configured acpimadt0 at acpi0 addr 0xfee0: PC-AT compat acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpiec0 at acpi0: EC__ acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpiac0 at acpi0: AC unit offline acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpibat0 at acpi0: BAT0 model ASMB013 serial type LION013 oem DPON013 power off button works too. Thank you, everyone, who made it to work!
Re: MAXDSIZ 1GB memory limit for process
On 10/22/07, Ted Unangst [EMAIL PROTECTED] wrote: On 10/21/07, Richard Storm [EMAIL PROTECTED] wrote: Is it possible to bypass this limit somehow? depends, but if it's easy to bypass a limit, it's not much of a limit. Is there possible workarounds for my program to allocate more memory than 1GB? Do you plan to increase this limit? i don't think so. Don't you think, that now when we have 64bit platform and RAM gets very cheap, it would be really needed to increase this limit?
Re: MAXDSIZ 1GB memory limit for process
On 10/22/07, Ted Unangst [EMAIL PROTECTED] wrote: On 10/22/07, Richard Storm [EMAIL PROTECTED] wrote: Is there possible workarounds for my program to allocate more memory than 1GB? you can mmap a large file with PROT_SHARED. this doesn't count as data, since you are in essence providing your own swap file for it. Does implementing PROT_SHARED workaround will work just like RAM or the disk will be hit even if swaping will not happen? Don't you think, that now when we have 64bit platform and RAM gets very cheap, it would be really needed to increase this limit? i think the problem is more about what MAXDSIZ is used for than its value. it's not as simple as just bumping a number. and changing the meaning of a number is no easy change either. for the most part, the limit doesn't affect many people. Thank you for explanation, however it is hard to understand is it possible to increase it or not use for memory allocation, or is it hardware limit(!?)
MAXDSIZ 1GB memory limit for process
Is it possible to bypass this limit somehow? Do you plan to increase this limit?
Re: TPMs in Macbooks on OpenBSD
As I understand, macbooks doesn't have TPM, macbooks PRO has. Thanks to deanna (yeah!) sound works in 4.2, and I read cvs that newer -current has feature when plugging headphones in event gets noticed and built in speakers gets vol down... nice, havent tried jet. However, sound recording doesn't work jet... What I really miss is: powermanagement support, bluetooth support, supported touchpad features, like scrooling down wouldn't be bad atheros wifi too, isight camera just for fun :) Few tips and tricks for macbook: /usr/X11R6/bin/xset dpms force off /usr/X11R6/bin/xlock -- before closing and putting in bag. xset dpms turns of display till next mouse/keyboard event. Right mouse click I simulate using xkbset (from ports) and using right button after right apple key (numkey button), and make use of left apple key (Super_L) as modifier, so I could stick interesting stuff in e16keyedit. Grave needs to be remaped to tilde too... I miss pageup/pagedown too: $ cat .xsession xset r rate 400 40-- faster cursor xmodmap ~/.xmodmaprc load .xmodmaprc keyboard mappings xkbset m - make xkbset load mousekeys xset m 1 1 slow down radio mouse cursor a little bit exec /usr/local/bin/enlightenment --- start enlightenment $ cat .xmodmaprc !map tilde and grave keycode 94 = grave asciitilde !add mod3 modifier as Super_L add mod3 = Super_L !control+up[pageup], control+down[pagedown] !keycode 98 = Prior !keycode 104 = Next !map num enter to mouse button 2 keycode 108 = Pointer_Button3
systrace/sysjail wrappers security
In the First USENIX Workshop on Offensive Technologies (WOOT07) there was presentation by Robert N. M. Watson: Exploiting Concurrency Vulnerabilities in System Call Wrappers with exploit code included how to bypass restrictions: http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf It seems that syscall wrappers are vulnerable on SMP systems and conclusion states: Don't use system call wrappers... ...unless willing to rewrite OS system call handler Do use a security framework integrated with the kernel's copying and synchronization I am using sysjail, so I am very interested how to mitigate attacks or is there anything OpenBSD could change to mitigate these issues?
Re: Macbook on Openbsd
* Built in keyboard/trackpad gets recognized only in amd64 acpi enabled bsd.mp, openbsd can be installed using external usb keyboard plugged in first USB port. So after installation it works. amd64 or i386 doesn't make any difference... On 7/25/07, Karl Sjvdahl - dunceor [EMAIL PROTECTED] wrote: On 7/15/07, Richard Storm [EMAIL PROTECTED] wrote: The final: MacBook 13 Core2Duo * OpenBSD 4.1-release partly works. * Integrated 82945GM works fine with the 1280x800 wide screen, after enabling the resolution using the x11/915resolution package by invoking it in /etc/securelevel like: /usr/local/sbin/915resolution 4d 1280 800 /dev/null * Sound (azalia) works only in -current kernel, but no recording anyway * Built in keyboard/trackpad gets recognized only in amd64 acpi enabled bsd.mp, openbsd can be installed using external usb keyboard plugged in first USB port * no APM support (no batery status, halt -p, no suspend). * The onboard GigaBit NIC (msk) works fine. * Wireless doesn't work (vendor Atheros, unknown product 0x0024). * Enhanced SpeedStep works in -current (sysctl hw.setperf). * hw.sensors.cpu0.temp0 works in -current. * Infrared/bluetooth doesn't work. http://stormrichard.bravehost.com/macbook/dmesg_amd64_aci_mp.txt http://stormrichard.bravehost.com/macbook/xorg.conf I'm going to buy a macbook today so I checked out what people say. There are two post, one says to use adm64 and ones says to use i386 (or at least they have used that them self). Does the keyboard/trackpad work in i386 or is it no working in both i386/amd64. Why would any one use amd64 since it's not even a amd? Is it because it's a 64bit? Do both amd64 and i386/64bit share so much? I'm being hold a bit back when it says I can't even use the keyboard on it on OpenBSD, that really sucks. Anybody that got some new information, maybe tried -current? Thanks BR dunceor
bind 9 cache poisoning
Quick question. Is openbsd bind vulnerable to attacks on binds PRNG described here: http://www.securiteam.com/securitynews/5VP0L0UM0A.html ???
Re: Disk encryption
This is crappy howto. *encryption* there are as much as creating unsecure (without -K) single storage volume... We are talking about full disk encryption here, like mounting encrypted root partition :) Problems: * vnconfig -K makes use of file images. would be much simplier if it could use raw disks. * kernel can't pick up and ask for passphrase for encrypted root file system partition. * salt + passhrase are used directly to encrypt data, so no easy change of passphrase without reformating image... don't know if thats a big problem * no possibilities to change algorithms/chipers. guess this isn't big problem either, since blowfish is kinda strong :) Perhaps if making vnconfig to work with raw devices and putting in kernel crypto stuff which could ask for root-fs passphrase, then we could have full disk encrypton, except for kernel rc and MBR which should reside on unencrypted bootable medium like CD,usb, hdd... Thats how I understand it On 7/16/07, Adriaan [EMAIL PROTECTED] wrote: On 7/15/07, Richard Storm [EMAIL PROTECTED] wrote: I am very interested in full disk encryption too. I guess it comes slowly, since there now is mount_vnd in -current, maybe could make use of it. If you find out something, give me know :) http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto =Adriaan=
Re: Disk encryption
I am very interested in full disk encryption too. I guess it comes slowly, since there now is mount_vnd in -current, maybe could make use of it. If you find out something, give me know :)
Re: Macbook on Openbsd
The final: MacBook 13 Core2Duo * OpenBSD 4.1-release partly works. * Integrated 82945GM works fine with the 1280x800 wide screen, after enabling the resolution using the x11/915resolution package by invoking it in /etc/securelevel like: /usr/local/sbin/915resolution 4d 1280 800 /dev/null * Sound (azalia) works only in -current kernel, but no recording anyway * Built in keyboard/trackpad gets recognized only in amd64 acpi enabled bsd.mp, openbsd can be installed using external usb keyboard plugged in first USB port * no APM support (no batery status, halt -p, no suspend). * The onboard GigaBit NIC (msk) works fine. * Wireless doesn't work (vendor Atheros, unknown product 0x0024). * Enhanced SpeedStep works in -current (sysctl hw.setperf). * hw.sensors.cpu0.temp0 works in -current. * Infrared/bluetooth doesn't work. http://stormrichard.bravehost.com/macbook/dmesg_amd64_aci_mp.txt http://stormrichard.bravehost.com/macbook/xorg.conf