Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-01 Thread Theo de Raadt
The FAQ speaks to this matter. Noone else has anything more to say. Please stop begging for personal handholding, everyone is getting embarrassed. Luke Small wrote: > I tried that by the way. I even mv’ed my pf.conf to nullify it and tried > and it couldn’t download from the gigenet mirror

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-01 Thread Theo de Raadt
Carson Chittom wrote: > On Sat, May 1, 2021, at 1:14 PM, Luke Small wrote: > > I google searched: “site:openbsd.org (snapshot OR current) (stable OR > > release) faq” > > > > and found no results which speaks of minor downgrades. > > > > Also, “sysupgrade -r” defaults to 7.0 when trying to

Re: AUTOCONF4 flag

2021-05-01 Thread Theo de Raadt
Peter Wens wrote: > Hi, > > In OpenSBD 6.9 the AUTOCONF4 flag is not set > with 'dhcp' set in hostname.if (from fresh install) You have described this incorrectly. In 6.8, choosing "dhcp" would run dhclient(8) in that interfaces, and dhclient would set the AUTOCONF4 flag. That was incorrect.

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-04-30 Thread Theo de Raadt
Luke Small wrote: > We’re there major irreversible changes made to the following snapshot: > > kern.version=OpenBSD 6.9-current (GENERIC.MP) #479: Mon Apr 26 02:26:53 MDT > 2021 > > which would render in incapable of a downgrade? The FAQ has a clear & simple answer to that question, and it is

OpenBSD 6.9 released May 1

2021-04-30 Thread Theo de Raadt
- OpenBSD 6.9 RELEASED - May 1, 2021. We are pleased to announce the official release of OpenBSD 6.9. This is our 50th release. We remain proud of OpenBSD's record of more

Re: Fwd: umm_map returns unaligned address?

2021-04-23 Thread Theo de Raadt
Alessandro Pistocchi wrote: > During the syscall I allocate some memory that I want to share between the > kernel and the calling process. When you get the mapping working, it will not work as well as you like. Compiler re-ordering of writes & reads, caches, write buffers, and other details

Re: Cultural underground legende Seymour Cray and his legacy

2021-04-22 Thread Theo de Raadt
Balder, Get your non-openbsd related crap off the openbsd lists. In other words: go away. Balder Oddson wrote: > On Thu, Apr 22, 2021 at 12:28:28AM +0200, Balder Oddson wrote: > > Whereof everyone is interested, > > > > > > > > A few things about his architecture is extraordinary special.

Re: Issue with Ubiquiti ERL upgrade from 6.7 to 6.8 via sysupgrade (octeon)

2021-03-31 Thread Theo de Raadt
your PROM is likely setup to boot a "bsd" kernel in the msdos partition, rather than the "boot" file. The "boot" file will load /bsd from the ffs partition. Amarendra Godbole wrote: > So I used sysupgrade to upgrade the ERL from 6.7 to 6.8. It went through > everything fine, downloaded the

Re: Adding accessibility for blind and low vision individuals to OpenBSD?

2021-03-25 Thread Theo de Raadt
> If the tmux server uses the TMux protocol as described in RFC 1692, it Uhm no, that is quite a big misunderstanding.

Re: /usr/bin/ld and /usr/bin/ld.lld

2021-03-23 Thread Theo de Raadt
KAWAMATA Yoshihiro wrote: > When I was looking at the snapshot package, I found that /usr/bin/ld > and /usr/bin/ld.lld have the same contents and properties, but they > are independent. > > Upon further investigation, it seems that this is due to the fact that > /usr/bin/ld is contained in

Re: /usr/bin/ld and /usr/bin/ld.lld

2021-03-23 Thread Theo de Raadt
KAWAMATA Yoshihiro wrote: > When I was looking at the snapshot package, I found that /usr/bin/ld > and /usr/bin/ld.lld have the same contents and properties, but they > are independent. > > Upon further investigation, it seems that this is due to the fact that > /usr/bin/ld is contained in

Re: Documentation on OpenBSD's 3-process privsep model?

2021-03-22 Thread Theo de Raadt
misopolemiac wrote: > I'd appreciate some pointers to documentation or minimal examples of > the 3-process privilege separation model for OpenBSD's daemons. > Internet searches pointed to skeleton examples at > github.com/krwesterback/newd and github.com/krwesterback/newdctl, but > those repos

Re: 6.8 Install Issue

2021-02-26 Thread Theo de Raadt
Kenneth Hendrickson wrote: > Thanks again Theo. > > > WARNING: / was not properly unmounted > > That is true for the disk in that system. You don't understand the OpenBSD installed. That / is the root filesystem of the install-tool fileysystem inside the bsd.rd It is corrupt. Someone wrote

Re: 6.8 Install Issue

2021-02-26 Thread Theo de Raadt
Kenneth Hendrickson wrote: > Thanks Theo. > > Here is what happened beforehand: > > Welcome to the OpenBSD/amd64 6.8 installation program. > WARNING: / was not properly unmounted I have no idea what is going on here, but this never happens with an OpenBSD install image. The mr.fs

Re: 6.8 Install Issue

2021-02-26 Thread Theo de Raadt
Kenneth Hendrickson wrote: ... > No label changes. > newfs: /dev/rsd0a is mounted on /mnt ^^^ Well you had that partition mounted, probably with a different disklabel and sizes, so it was not newfs'd. You did something manual earlier. You didn't show that which created the problem.

Re: tc= in remote(5) example

2021-02-18 Thread Theo de Raadt
Jan Stary wrote: > /etc/examples/remote contains the following stanzas: > > unixhost:\ > :br#9600: > > cua00|For i386,macppc:\ > :dv=/dev/cua00:tc=unixhost: > > cuaa|For sparc:\ > :dv=/dev/cuaa:tc=unixhost: > > > The remote(5)

Re: OpenBSD 6.7-stable macppc hacked?

2021-02-16 Thread Theo de Raadt
ANSI sequences appeared on ttyC0. init is running getty there, which exec'd login, which is running login_passwd to perform a login. Riccardo Giuntoli wrote: > Hi there I've got a strange process that spawn from init in the environment > above. No network traffic. Look ahead: > > |-+=

Re: sysupgrade failure logs

2021-02-15 Thread Theo de Raadt
Judah > I did not and do not expect anyone else to solve my problem for me. Your dishonesty is consistant. We supply it all as software. You can study it and find your problem. Blaming me solves nothing.

Re: sysupgrade failure logs

2021-02-14 Thread Theo de Raadt
You are outside the box, by changing tons of stuff. People who operate inside the box won't be able to help you. And it is even less likely when you are dishonest in the original email. You claimed your sysupgrade use was completely normal, but it isn't. It is far from normal. When we get

Re: sysupgrade failure logs

2021-02-14 Thread Theo de Raadt
You are using sysupgrade -n, and then modifying the payload? Let's be serious about this: I think everyone should stop helping you, you are on your own because what you are showing now is completely different from your original simple claim that "sysupgrade does not work". Or you should pay

Re: rdsetroot and gzip'd bsd.rd

2021-02-01 Thread Theo de Raadt
Should rdsetroot be able to edit gzip'd files? I am not sure about that. BTW, at least one arch bsd.rd's has been gzip'd over the decades, so this is simply an observation on a common architecture, it has been with us forever. Daniel Jakots wrote: > Hi, > > Running -current amd64, I fetched

Re: Go language and pledge exec promises

2021-01-21 Thread Theo de Raadt
Kevin Chadwick wrote: > On 1/21/21 2:58 PM, Kevin Chadwick wrote: > >>>840 beep CALL pledge(0xcf4000,0xcae384) > >>>840 beep STRU promise="stdio rpath wpath cpath dpath tmppath inet > >>> mcast fattr chown flock unix d\ > >>> ns getpw sendfd recvfd tape tty proc exec

Re: Go language and pledge exec promises

2021-01-21 Thread Theo de Raadt
Kevin Chadwick wrote: > On 1/21/21 2:54 PM, Theo de Raadt wrote: > >>> Run your code under ktrace and see what is actually passed to pledge(), > >>> that might give some clues. > >>> > >>> > >>840 beep CALL pledge(0xcf

Re: Go language and pledge exec promises

2021-01-21 Thread Theo de Raadt
Kevin Chadwick wrote: > On 1/21/21 2:18 PM, Stuart Henderson wrote: > > Run your code under ktrace and see what is actually passed to pledge(), > > that might give some clues. > > > > > >840 beep CALL pledge(0xcf4000,0xcae384) >840 beep STRU promise="stdio rpath

Re: 4G mini PCI-e modem support?

2021-01-19 Thread Theo de Raadt
Peter Kay wrote: > On Fri, 8 Jan 2021 at 16:47, Stefan Sperling wrote: > > > > On Fri, Jan 08, 2021 at 05:13:52PM +0100, Patrick Wildt wrote: > > > > There's umb(4). It supports USB's MBIM standard. There are some MBIM > > > compatible chips around, one for instance is this one: > [..] > > I

Re: -current amd64 packages not updated? Impatient or broken?

2021-01-07 Thread Theo de Raadt
Chris Cappuccio wrote: > Mihai Popescu [mih...@gmail.com] wrote: > > I was in the same situation, impatient to have a 2021 snapshot. > > > > Warning: I am not sure you will not finish with a Frankenstein system. I am > > not so good with compiler-linker stuff. > > For those trying to use the

Re: msdos partition is too small in arm64/miniroot68.img

2021-01-07 Thread Theo de Raadt
tech-lists wrote: > On Thu, Jan 07, 2021 at 09:55:28AM -0700, Theo de Raadt wrote: > >tech-lists wrote: > > > >> On Wed, Jan 06, 2021 at 09:25:01AM -0700, Theo de Raadt wrote: > >> >The miniroot is 33MB because it contains many install firmwares, and > >

Re: msdos partition is too small in arm64/miniroot68.img

2021-01-07 Thread Theo de Raadt
tech-lists wrote: > On Wed, Jan 06, 2021 at 09:25:01AM -0700, Theo de Raadt wrote: > >The miniroot is 33MB because it contains many install firmwares, and > >it is 97% full. > > > >I suggest you find another way of installing. > > > > Is there a technic

Re: msdos partition is too small in arm64/miniroot68.img

2021-01-07 Thread Theo de Raadt
Christer Solskogen wrote: > On Wed, Jan 6, 2021 at 5:39 PM Theo de Raadt wrote: > > The miniroot is 33MB because it contains many install firmwares, and > it is 97% full. > > True, but the miniroot has space available to expand the msdos partition. The miniroot h

Re: msdos partition is too small in arm64/miniroot68.img

2021-01-06 Thread Theo de Raadt
The miniroot is 33MB because it contains many install firmwares, and it is 97% full. I suggest you find another way of installing. > I'm trying to install openbsd 6.8 on a raspberry pi 4/8GB. The files I > need to add to the msdos partition are, in total, too > large to fit (the partition is

Re: xterm dies

2020-12-27 Thread Theo de Raadt
Probably fixed by: CVSROOT:/cvs Module name:src Changes by: v...@cvs.openbsd.org2020/12/23 06:53:45 Modified files: sys/kern : kern_event.c Log message: Clear error before each iteration in kqueue_scan() This fixes a

Re: Enhancing Privacy in 2020 attached screenshot

2020-12-16 Thread Theo de Raadt
pipus wrote: > Stuart, one more thing, many of us have a question for you. > Why does Theo, someone we have a huge amount of respect for, give you such > leeway in the forum? Because he makes the world better. On the other -- whoever you are -- you just smear shit over everything.

Re: www.openbsd.org unreachable for a few days

2020-12-15 Thread Theo de Raadt
I've been told something was just fixed. Now is a good time to retry. Reply just to me, please. ONLY people who observed the problems. Ottavio Caruso wrote: > Hi, > > I asked on Freenode#OpenBSD and apparently it's only me, but I haven't > been able to access www.openbsd.org for a few

Re: www.openbsd.org unreachable for a few days

2020-12-15 Thread Theo de Raadt
Janne Johansson wrote: > Den tis 15 dec. 2020 kl 13:00 skrev Ottavio Caruso < > ottavio2006-usenet2...@yahoo.com>: > > > Hi, > > I asked on Freenode#OpenBSD and apparently it's only me, but I haven't > > been able to access www.openbsd.org for a few days. > > > > $ traceroute 129.128.5.194 > >

Re: pflogd write /var/run/mypflogdinstance.pid?

2020-12-13 Thread Theo de Raadt
Harald Dunkel wrote: > On 12/13/20 7:10 PM, Theo de Raadt wrote: > > > > And I'm suggesting the arguments should look like this: > > > > pflogd: [priv] -s 160 -i pflog0 -f /var/log/pflog (pflogd) > > pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog

Re: pflogd write /var/run/mypflogdinstance.pid?

2020-12-13 Thread Theo de Raadt
Harald Dunkel wrote: > On 12/7/20 7:19 PM, Theo de Raadt wrote: > > Yep. > > > > It is possible we need a better strategy --- like placing *all* original > > argv in the [priv] title. > > > > If you change the pflogd command line in the process list, what

Re: Predict which changes will be in snapshot pulled by sysupgrade?

2020-12-09 Thread Theo de Raadt
James Cook wrote: > My question: > > If I see a recent change in CVS, is there any way to know whether it > will be included if I run sysupgrade right now? No.

Re: RISC-V and OpenBSD

2020-12-09 Thread Theo de Raadt
Mihai Popescu wrote: > On Wed, Dec 9, 2020 at 7:57 PM Claudio Jeker > wrote: > > > On Wed, Dec 09, 2020 at 05:30:48PM +0200, Mihai Popescu wrote: > > > Would it be interesting from the OpenBSD point of view [1] ? > > > > > > [1] http://www.micromagic.com/news/RISCv-Fastest_PR.pdf > > > > No,

Re: pflogd write /var/run/mypflogdinstance.pid?

2020-12-07 Thread Theo de Raadt
Yep. It is possible we need a better strategy --- like placing *all* original argv in the [priv] title. trondd wrote: > Stuart Henderson wrote: > > > On 2020-12-07, Harald Dunkel wrote: > > > About the PIDs: Maybe a systctl like > > > > > > kernel.pid_max = 4194303 > > > > > > known from

Re: pflogd write /var/run/mypflogdinstance.pid?

2020-12-07 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020-12-07, Harald Dunkel wrote: > > About the PIDs: Maybe a systctl like > > > > kernel.pid_max = 4194303 > > > > known from other OSes could help to reduce the risk for PID conflicts. > > This doesn't help if you actually want reliability, rather than just >

Re: pflogd write /var/run/mypflogdinstance.pid?

2020-12-06 Thread Theo de Raadt
Harald Dunkel wrote: > Hi folks, > > I have to run several pflogd in parallel. To make pkill (i.e. > newsyslog) work it seems to be necessary to create hard links > pflogd1, pflogd2 etc., pointing to /sbin/pflogd. Soft links > don't work, because they don't show up in the process table. > This

Re: clock not set on boot

2020-12-05 Thread Theo de Raadt
Andy Goblins wrote: > Does ntpd need DNS to set the time? Because my reslov.conf points to > 127.0.0.1 and unbound needs the time before it will work properly. A problem of your own creation.

Re: clock not set on boot

2020-12-05 Thread Theo de Raadt
You have filtered ntpd so much that it can't do the job it wants to do. Andy Goblins wrote: > > From: "Theo de Raadt" > > > > ntpd is run by default, and magically will correct the time almost > > immediately. > > > > Some significant effort w

Re: clock not set on boot

2020-12-05 Thread Theo de Raadt
andygoblins wrote: > Ever since updating to 6.8, I've had trouble with the system clock not > getting set on boot. > > I know the easy answer is to script a call to rdate, but that feels like a > bandaid solution. > > I'm running from an EdgeRouter Lite (octeon) that afaik does not have a >

Re: Installer suggestion

2020-12-01 Thread Theo de Raadt
Christer Solskogen wrote: > On Tue, Dec 1, 2020 at 4:43 PM Christopher Turkel < > turkel.christop...@gmail.com> wrote: > > > Why would you want that? I’m curious. > > > Just to place it together with the rest of the questions. Bulk them > together so to speak. > Now the installation waits

Re: Installer suggestion

2020-12-01 Thread Theo de Raadt
Christer Solskogen wrote: > Would it make sense to move the timezone question to before the fetching > and extraction of the install sets starts? No, because the timezone files are in the sets, because they don't fit on all the media.

Re: Supported PCI USB 3 cards

2020-11-27 Thread Theo de Raadt
Nils Blomqvist wrote: > I need a PCI card with USB 3 ports. Something like this is what I > had in mind: https://amzn.to/2V8NgtT (SEDNA - PCI Express USB 3.1). > > Can anyone point me in the right direction for finding out if a > particular card is supported, or a list of supported ones? All

Re: httpd on 6.8

2020-11-27 Thread Theo de Raadt
There is nothing in the manual page which suggests you can put newlines in those positions. Duncan Patton a Campbell wrote: > > > If I have a config file that looks like this > > chroot "/var/www" > > # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ > > server "default" > {

Re: Failed sysupgrade from 6.6 to 6.7 amd64

2020-11-15 Thread Theo de Raadt
Maxim Khitrov wrote: > After all these years of trouble-free upgrades, I ran into my first > problem. I used sysupgrade to go from 6.6/amd64 to 6.7. The upgrade > process was successful, but after bsd.upgrade did its thing and > rebooted the system, the new kernel would not boot. > > It got to

Re: System auditing and logging

2020-11-13 Thread Theo de Raadt
gt; ktrace could work but it's far too slow without limiting syscalls > recorded to a specific subset. > > Is there any interest in modifying ktrace to allow for specifying > individual names of syscalls to trace? > > e.g. ktrace -t c -u execve,sendmsg > > On Fri, Nov 13,

Re: System auditing and logging

2020-11-13 Thread Theo de Raadt
man accton James wrote: > Recently a machine running OpenBSD 6.8 had its configuration changed and I > believe it to have been subject to a malicious attack. > > This change is completely unexplainable, compromised security, and would > have required root access. > > The log files reveal

Re: question about hostname.carp

2020-11-04 Thread Theo de Raadt
hostname.if parsing does not translate 100% to an ifconfig command line. > short question about hostname.carp1: Is it > > inet 10.0.1.1 0xff00 NONE vhid 41 pass secret carpdev em1 advbase 1 > advskew 0 > or > inet 10.0.1.1 0xff00 vhid 41 pass secret carpdev em1 advbase 1 >

Re: Impact of 002_icmp6.patch

2020-10-29 Thread Theo de Raadt
js-openbsd-m...@webkeks.org wrote: > I just saw > https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/002_icmp6.patch.sig, > however, it's unclear from the description and the context around the > patch if this is a read after free or write after free (or both). I think it is fair you can

Re: wg(4) listen on a specific interface / address

2020-10-29 Thread Theo de Raadt
Pierre Emeriaud wrote: > Totally agreed. This is because of my stupid idea to share port 53 for > this use. Maybe my understanding of sockets was wrong, but I thought > that applications could use the bind port _if and only_ they weren't > trying to bind the same IP+port, hence my question about

Re: wg(4) listen on a specific interface / address

2020-10-29 Thread Theo de Raadt
Pierre Emeriaud wrote: > Le jeu. 29 oct. 2020 à 18:00, Brian Brombacher a écrit > : > > > > > > Then there’s a misconfiguration, wg driver bug, or the driver documentation > > is wrong in ifconfig about wgrtable. > > > > Routing domains are where you can specify multiple conflicting port

Re: wg(4) listen on a specific interface / address

2020-10-29 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020-10-29, Pierre Emeriaud wrote: > > Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit : > >> > >> I believe you are running into the restriction that we don't allow an > >> INADDR_ANY:port binding to be done after a ip

Re: disk setup question

2020-10-29 Thread Theo de Raadt
Aleksander De wrote: > Are there any downsides or potential issues which may happen when > extending boundaries for OpenBSD partition on >2TB disk while using > MBR for booting it at the same time? I need MBR otherwise the machine > will not boot. BIOS/RAID controller does not support UEFI. The

Re: suggestion for the installer

2020-10-29 Thread Theo de Raadt
Nick Holland wrote: > On 2020-10-29 08:00, Harald Dunkel wrote: > > Hi folks, > > > > do you think it would be possible for the installer to show > > an eye-catching warning, if "ifconfig" reports "no carrier" > > for the network port to configure? > > > > Just a suggestion, of course > >

Re: wg(4) listen on a specific interface / address

2020-10-29 Thread Theo de Raadt
Pierre Emeriaud wrote: > Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit : > > > > I believe you are running into the restriction that we don't allow an > > INADDR_ANY:port binding to be done after a ipaddr:port binding has been > > done. It must be done b

Re: wg(4) listen on a specific interface / address

2020-10-28 Thread Theo de Raadt
Pierre Emeriaud wrote: > Le mar. 27 oct. 2020 à 23:46, j...@snoopy.net.nz a écrit > : > > > > > > > > Hi Pierre, > > > > The error may indicate that port 53 on 127.0.0.1 is already used by another > > service. This appears to be confirmed by your netstat example. This is > > probably a dns

Re: Internal microphone not working

2020-10-28 Thread Theo de Raadt
Ashton Fagg wrote: > I've translated that since I'm not sure those among us speak rude, > codescending clown. And now far fewer people want to help you. Such a winner...

Re: Snapshot crash on boot, "entry point at: 0x1001000" (Intel Gemini Lake)

2020-10-28 Thread Theo de Raadt
This particular diff is in snapshots. That's a shortcut which will let more people try it quicker, and report back. > thanks to the fix from Mark, see > https://marc.info/?l=openbsd-tech=160383074317608=2 the problem is > solved for my machine. > > Best regards, > Sven > > On 10/10/20 11:56

Re: OpenBSD UEFI on QEMU emulator

2020-10-26 Thread Theo de Raadt
Kevin Shell wrote: > On Mon, Oct 26, 2020 at 08:46:55AM -0600, Theo de Raadt wrote: > > > > There are two versions of this code, for the small and large install media. > > > > /usr/src/distrib/amd64/ramdisk_cd > > > > /usr/src/distrib/amd64/iso &

Re: OpenBSD UEFI on QEMU emulator

2020-10-26 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020-10-24, Kevin Shell wrote: > > The OpenBSD .iso image file is not > > hybrid image(both BIOS/UEFI iso9660 and USB boot drive support), > > Linux, FreeBSD, NetBSD all produce hybrid iso images, > > OpenBSD produces a separate .img file, just choose the iso if

Re: man netstart(8) OpenBSD-6.8

2020-10-25 Thread Theo de Raadt
Jason McIntyre wrote: > On Sun, Oct 25, 2020 at 10:16:54AM -0600, Theo de Raadt wrote: > > Jason McIntyre wrote: > > > > > whereas /etc/netstart is actually doing: > > > > > > - configure non-physical: (1) > > &g

Re: man netstart(8) OpenBSD-6.8

2020-10-25 Thread Theo de Raadt
Jason McIntyre wrote: > whereas /etc/netstart is actually doing: > > - configure non-physical: (1) > aggr trunk svlan vlan carp pppoe > - routing (2) > - rest of non-physical: (3) > tun tap gif

Re: man netstart(8) OpenBSD-6.8

2020-10-24 Thread Theo de Raadt
Rachel Roch wrote: > Is it just me or is the man entry for netstart(8) missing a reference to > wg(4) ? ... and 300 other network interfaces. In otherwords, no, it should not be there.

Re: sysupgrade --download ?

2020-10-23 Thread Theo de Raadt
Harald Dunkel wrote: > I stumbled over a bad mirror for sysupgrade. > > Would it be possibe to add an option "-d" to sysupgrade, to just > download and verify the required files? sysupgrade -n > A subsequent call without > "-d" should verify the signatures in the download directory again >

Re: ssl/libssl certificate validation broken?

2020-10-22 Thread Theo de Raadt
Daniel Jakots wrote: > On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" > wrote: > > > >Hi Bob, it was in the middle of the night and I got quite kinda > > >stressed because all services depending on our ldap proxy stopped > > >working after the upgrade and it took me a while to figure

Re: Multiple USB NICs

2020-10-20 Thread Theo de Raadt
Stuart Longland wrote: > On 21/10/20 9:55 am, Lee Nelson wrote: > >> Alternatively use a single nic with vlans, and break out to separate > >> ports on a managed switch. > >> > > Yes, that could work too, but this is one side of a pfsync/carp > > redundant firewall setup, so I want to keep it as

Re: Multiple USB NICs

2020-10-19 Thread Theo de Raadt
Lee Nelson wrote: > If I have multiple USB Ethernet adapters of identical make and model, > how does OpenBSD distinguish them over time. In the order their drivers reach "interface attach" code. There are multiple reasons the drivers could reach this out of order. > In other words if >

OpenBSD 6.8 released, - Oct 18, 2020

2020-10-18 Thread Theo de Raadt
- OpenBSD 6.8 RELEASED - October 18, 2020. We are pleased to announce the official release of OpenBSD 6.8. This day marks the OpenBSD project's 25th anniversary. As we

Re: direct audio HW access

2020-10-17 Thread Theo de Raadt
Jan Stary wrote: > On Oct 17 11:29:58, dera...@openbsd.org wrote: > > Jan Stary wrote: > > > > > On Oct 17 11:02:19, dera...@openbsd.org wrote: > > > > Jan Stary wrote: > > > > > > > > > Currently, the decription of sndiod -a says > > > > > > > > > > If the flag is off, then it's

Re: direct audio HW access

2020-10-17 Thread Theo de Raadt
Jan Stary wrote: > On Oct 17 11:02:19, dera...@openbsd.org wrote: > > Jan Stary wrote: > > > > > Currently, the decription of sndiod -a says > > > > > > If the flag is off, then it's automatically closed, > > > allowing other programs to have direct access to the audio device, > > > or

Re: direct audio HW access

2020-10-17 Thread Theo de Raadt
Jan Stary wrote: > Currently, the decription of sndiod -a says > > If the flag is off, then it's automatically closed, > allowing other programs to have direct access to the audio device, > or the device to be disconnected. The default is off. > > That's not true anymore:

Re: sysupgrade doesn't like the path

2020-10-10 Thread Theo de Raadt
Ed Ahlsen-Girard wrote: > sysupgrade is looking for files in 6.9 (which isn't being found). Is > this due to a slow mirror upgrade or just "near release stuff"? fw_update, sysupgrade, pkg_add, syspatch, and some other things have heuristic issues near release, and it is difficult to fix because

Re: sysupgrade with latest snapshot: The directory '/home/_sysupgrade/' does not exist.

2020-09-28 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020-09-28, Greg Thomas wrote: > > "Have sysupgrade just do the right thing. For example, there could be > > a _sysupgrade user in the systems /etc/passwd, whose $HOME would > > indicate the preferred location for sets" > > > > Holy fucking overkill. > >

Re: Issues with TP-Link UE300

2020-09-27 Thread Theo de Raadt
In other words, you don't know but are very eager to use your mail client right now. Torsten wrote: > Sorry > > Still connected to USB, I looked it up before replying > > It looks more like a hardware design issue of the device it is connected to > plus many other issues related to the

Re: sysupgrade with latest snapshot: The directory '/home/_sysupgrade/' does not exist.

2020-09-27 Thread Theo de Raadt
Stuart Henderson wrote: > > 3. Have sysupgrade just do the right thing. For example, there could be > > a _sysupgrade user in the systems /etc/passwd, whose $HOME would > > indicate the preferred location for sets ... But best understand the > > problem before designing a solution

Re: sysupgrade with latest snapshot: The directory '/home/_sysupgrade/' does not exist.

2020-09-27 Thread Theo de Raadt
Theo de Raadt wrote: > sysupgrade cannot handle strange setups. By the time we started > building it, there weren't enough free bytes left in bsd.rd to > embed an AI to come with the crazy shit people do. to cope with, I mean. Q. "bsd.rd, can you come to my house and fix this?" A. "No."

Re: sysupgrade with latest snapshot: The directory '/home/_sysupgrade/' does not exist.

2020-09-27 Thread Theo de Raadt
Why 42? The lists account. wrote: > On Sun, Sep 27, 2020 at 04:25:58PM -0400, Ian Darwin wrote: > > > ... > > > after the download of the new sets and the reboot, I would have been > > > prompted as to what to do i.e. Install, Upgrade, or Shell. Then for a > > > keyboard layout (e.g. de) and

Re: Primepower 250 vs Sunfire v215

2020-09-24 Thread Theo de Raadt
Kihaguru Gathura wrote: > Do you have experience with the Oracle 3.2TB NVMe PCIE 3.0 Solid State > Drive with the V215? Wow, you have a thick wallet. Use a regular laptop NVME + adapter card for PCIE and find somewhere else to spend the money.

Re: iwm0: fatal firmware error on Dell Latitude E5570

2020-09-24 Thread Theo de Raadt
Uwe Werler wrote: > On 24 Sep 12:24, Jan Stary wrote: > > On Sep 24 11:36:24, h...@stare.cz wrote: > > > This is 6.8-beta/amd64 on a Dell Latitude E5570 (dmesg below). > > > iwm stopped working, saying > > > > > > iwm0: hw rev 0x200, fw ver 34.0.1, address e4:a4:71:40:21:08 > > > iwm0:

Re: [ANNOUNCE] pledge(1): an unprivileged sandboxing tool for OpenBSD

2020-09-22 Thread Theo de Raadt
>In my use-case, the program’s correct functionality is less >important than ensuring that the program cannot break out. Astounding. It's like you don't see correct execution environment for a program as THE foundational aspect of security; while at the same time this rests on the assuption

Re: [ANNOUNCE] pledge(1): an unprivileged sandboxing tool for OpenBSD

2020-09-22 Thread Theo de Raadt
>My primary use-case is that I would like to port a Linux web app >(the Rust Playground) to OpenBSD. The Rust Playground allows >users to supply arbitrary source code, which is then compiled >and executed. I have no control over the contents of said code, >so I have no way to ensure that these

Re: [ANNOUNCE] pledge(1): an unprivileged sandboxing tool for OpenBSD

2020-09-22 Thread Theo de Raadt
>I actually agree with this. Designing a program with pledge in >mind is always better. However, that requires that the program be >trusted, and there still may be some corner cases in which I can >tighten down the pledge more than the program itself can. I disagree. I don't believe you can

Re: OpenDNSSEC signer engine: Bus error: How to get debug information?

2020-09-22 Thread Theo de Raadt
> > #1 0x084fca6e4e55 in ixfr_del_rr (ixfr=0x852782d0d80, > > rr=0xdfdfdfdfdfdfdfdf) at signer/ixfr.c:134 > this is a use after free > damn right

Re: [ANNOUNCE] pledge(1): an unprivileged sandboxing tool for OpenBSD

2020-09-22 Thread Theo de Raadt
I gotta comment.. >> The tool makes essential use of the execpromises argument >> to pledge(2), so that it can sandbox the program it executes. > >This appears to conflict with the basic idea of pledge(2), which >is for the *programmer* to first do simple preparatory work that >requires full

Re: Must disable /usr/libexec/security on backup disks

2020-09-14 Thread Theo de Raadt
Ingo Schwarze wrote: > Hi Brian, > > Brian Brombacher wrote on Mon, Sep 14, 2020 at 07:55:11AM -0400: > > > Love the idea; however, the only drawback is if some Bad Person > > is twiddling around and leaves a suid or dev around on a file system > > that is nosuid or nodev, you lose visibility.

Re: Must disable /usr/libexec/security on backup disks

2020-09-14 Thread Theo de Raadt
Ingo Schwarze wrote: > are used for. Some such file systems may permit SUID and/or device > files, so not checking them may be a dubious idea. The script could identify mountpoints with safer mount options and reduce scanning on them. That will also encourage admins to use restrictive mount

Re: Must disable /usr/libexec/security on backup disks

2020-09-13 Thread Theo de Raadt
Rupert Gallagher wrote: > This is stupid. Your tone is the real stupid.

Re: pf.conf parser/lint

2020-09-04 Thread Theo de Raadt
Tommy Nevtelen wrote: > On 04/09/2020 18.07, Brian Brombacher wrote: > > Well, let’s say a Linter doesn’t exist and you can’t invest time to make > > one. Do you have a lower environment, mirror-exact ideally, to run tests > > on the pre-receive hook? > > > > It’s an interesting issue you’re

Re: pf.conf parser/lint

2020-09-04 Thread Theo de Raadt
Tommy Nevtelen wrote: > On 04/09/2020 17.24, Brian Brombacher wrote: > > > >> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: > >> > >> Hi there misc! > >> > >> Is there an external pfctl linter? we have bunch pf firwalls for which we > >> generate rules but also write some manual ones

Re: Routing and forwarding: directly connected computers

2020-09-03 Thread Theo de Raadt
Ernest Stewart wrote: > You guys are focusing on the netmasks. Let's consider my setup again > BUT with all netmasks at 0x, so all the forwarding and routing > need to be explicitly configured. Oh my. Have you considered hiring a consultant?

Re: fido library

2020-08-26 Thread Theo de Raadt
demonstrate you don't get it. Mihai Popescu wrote: > Obviously I am not complaining. Just asked. > Obviously I found you in the bad mood. > I'm in bad mood too, but not because bad sync of snapshots. Again, just > asking. > > Thank you > > On Wed, Aug 26, 2020, 19

Re: fido library

2020-08-26 Thread Theo de Raadt
You are obviously complaining about ABI mismatch between base and ports, when using in -current snapshots. Let me be honest. Complaining about that is immature. It is 100% FAQ and expected behaviour for following snapshots. People who use snapshots are expected to accept the behaviour, and

Re: i386, parallel port permission error?

2020-08-20 Thread Theo de Raadt
The idea is that when a machine is multiuser, the operating system is a layer on top of the machine. So a program should not be able to access hardware IO ports directly. Even as root. Because eventually you run a program as root, which gets holed, and now that program can access more than the

Re: i386, parallel port permission error?

2020-08-17 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020-08-17, Doug Moss wrote: > > > > Is it possible with OpenBSD i386 to use the parallel port for lcdproc? > > > > More specifically: > > Did something change at OpenBSD i386 between 5.9 and 6.0 > > related to parallel port / lpt hardware permissions? > > > > Up to

Re: i386, parallel port permission error?

2020-08-16 Thread Theo de Raadt
You'll need to chown/chmod it narrowly to the uid who wants to use it. You want to constrain use of the device driver as much as you can. >Is it possible with OpenBSD i386 to use the parallel port for lcdproc? > >More specifically: >Did something change at OpenBSD i386 between 5.9 and 6.0

Re: Installation Media Self Integrity Check

2020-08-14 Thread Theo de Raadt
Dan Peretz wrote: > Thank you for responding, Theo :) > > On Thu, Aug 13, 2020 at (...):59 AM Theo de Raadt wrote: > > > > the FAQ is wrong. > > > > Those images don't contain signatures because my build & sign > > procedure does not have a way to

  1   2   3   4   5   6   7   8   9   10   >